Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
ShadowFury.exe

Overview

General Information

Sample name:ShadowFury.exe
Analysis ID:1430162
MD5:ab51093cc7ee1f15124b3e33c5b29ff0
SHA1:3edb90f6654e68eed56acfb14e8af51cca9c293c
SHA256:c0010bd39bdd04aee00a67a73c839c05c8972e473075a2a22213351efa818ff5
Tags:exe
Infos:

Detection

Score:68
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for domain / URL
Snort IDS alert for network traffic
Loading BitLocker PowerShell Module
Opens the same file many times (likely Sandbox evasion)
Tries to steal communication platform credentials (via file / registry access)
Binary contains a suspicious time stamp
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a start menu entry (Start Menu\Programs\Startup)
Drops PE files
Drops files with a non-matching file extension (content does not match file extension)
Enables security privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
IP address seen in connection with other malware
Installs a raw input device (often for capturing keystrokes)
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
PE / OLE file has an invalid certificate
PE file contains sections with non-standard names
Queries keyboard layouts
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Change PowerShell Policies to an Insecure Level
Sigma detected: Console CodePage Lookup Via CHCP
Sigma detected: Startup Folder File Write
Stores files to the Windows start menu directory
Uses 32bit PE files
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Process Tree

  • System is w10x64
  • ShadowFury.exe (PID: 6728 cmdline: "C:\Users\user\Desktop\ShadowFury.exe" MD5: AB51093CC7EE1F15124B3E33C5B29FF0)
  • ShadowFury.exe (PID: 3632 cmdline: "C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exe" MD5: 40C4CD50211B681DD8FB792E61C1528A)
    • cmd.exe (PID: 6156 cmdline: C:\Windows\system32\cmd.exe /d /s /c "chcp" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 6556 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • chcp.com (PID: 6748 cmdline: chcp MD5: 20A59FB950D8A191F7D35C4CA7DA9CAF)
    • cmd.exe (PID: 1904 cmdline: C:\Windows\system32\cmd.exe /d /s /c "echo %COMPUTERNAME%.%USERDNSDOMAIN%" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 2000 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • powershell.exe (PID: 4904 cmdline: powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command - MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 6804 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • powershell.exe (PID: 5104 cmdline: powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command - MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 6560 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • powershell.exe (PID: 6752 cmdline: powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command - MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 1848 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • ShadowFury.exe (PID: 7220 cmdline: "C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\ShadowFury" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1972 --field-trial-handle=1976,i,5983286272222929098,2111862597278059386,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2 MD5: 40C4CD50211B681DD8FB792E61C1528A)
    • ShadowFury.exe (PID: 7572 cmdline: "C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\ShadowFury" --mojo-platform-channel-handle=2136 --field-trial-handle=1976,i,5983286272222929098,2111862597278059386,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8 MD5: 40C4CD50211B681DD8FB792E61C1528A)
    • cmd.exe (PID: 5652 cmdline: C:\Windows\system32\cmd.exe /d /s /c "findstr /C:"Detected boot environment" "%windir%\Panther\setupact.log"" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 2088 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • findstr.exe (PID: 7584 cmdline: findstr /C:"Detected boot environment" "C:\Windows\Panther\setupact.log" MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)
    • ShadowFury.exe (PID: 7868 cmdline: "C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\user\AppData\Roaming\ShadowFury" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1808 --field-trial-handle=1976,i,5983286272222929098,2111862597278059386,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2 MD5: 40C4CD50211B681DD8FB792E61C1528A)
  • ShadowFury.exe (PID: 7604 cmdline: "C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exe" MD5: 40C4CD50211B681DD8FB792E61C1528A)
    • cmd.exe (PID: 7732 cmdline: C:\Windows\system32\cmd.exe /d /s /c "chcp" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 7744 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • chcp.com (PID: 7776 cmdline: chcp MD5: 20A59FB950D8A191F7D35C4CA7DA9CAF)
    • cmd.exe (PID: 7792 cmdline: C:\Windows\system32\cmd.exe /d /s /c "echo %COMPUTERNAME%.%USERDNSDOMAIN%" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 7800 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • powershell.exe (PID: 7840 cmdline: powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command - MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 7856 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • powershell.exe (PID: 7848 cmdline: powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command - MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 7872 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • powershell.exe (PID: 7864 cmdline: powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command - MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 7908 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • ShadowFury.exe (PID: 8044 cmdline: "C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\ShadowFury" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1968 --field-trial-handle=1972,i,18180359127166526210,17872614602038801051,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2 MD5: 40C4CD50211B681DD8FB792E61C1528A)
    • ShadowFury.exe (PID: 4088 cmdline: "C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\ShadowFury" --mojo-platform-channel-handle=2164 --field-trial-handle=1972,i,18180359127166526210,17872614602038801051,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8 MD5: 40C4CD50211B681DD8FB792E61C1528A)
    • cmd.exe (PID: 7780 cmdline: C:\Windows\system32\cmd.exe /d /s /c "findstr /C:"Detected boot environment" "%windir%\Panther\setupact.log"" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 7784 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • findstr.exe (PID: 7764 cmdline: findstr /C:"Detected boot environment" "C:\Windows\Panther\setupact.log" MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)
    • ShadowFury.exe (PID: 7784 cmdline: "C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\user\AppData\Roaming\ShadowFury" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1444 --field-trial-handle=1972,i,18180359127166526210,17872614602038801051,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2 MD5: 40C4CD50211B681DD8FB792E61C1528A)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: Change PowerShell Policies to an Insecure Level
Source: Process startedAuthor: frack113: Data: Command: powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -, CommandLine: powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exe" , ParentImage: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exe, ParentProcessId: 3632, ParentProcessName: ShadowFury.exe, ProcessCommandLine: powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -, ProcessId: 4904, ProcessName: powershell.exe
Sigma detected: Console CodePage Lookup Via CHCP
Source: Process startedAuthor: _pete_0, TheDFIRReport: Data: Command: chcp, CommandLine: chcp, CommandLine|base64offset|contains: r), Image: C:\Windows\SysWOW64\chcp.com, NewProcessName: C:\Windows\SysWOW64\chcp.com, OriginalFileName: C:\Windows\SysWOW64\chcp.com, ParentCommandLine: C:\Windows\system32\cmd.exe /d /s /c "chcp", ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 6156, ParentProcessName: cmd.exe, ProcessCommandLine: chcp, ProcessId: 6748, ProcessName: chcp.com
Sigma detected: Startup Folder File Write
Source: File createdAuthor: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research): Data: EventID: 11, Image: C:\Users\user\Desktop\ShadowFury.exe, ProcessId: 6728, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ShadowFury.lnk
Sigma detected: Non Interactive PowerShell Process Spawned
Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -, CommandLine: powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exe" , ParentImage: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exe, ParentProcessId: 3632, ParentProcessName: ShadowFury.exe, ProcessCommandLine: powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -, ProcessId: 4904, ProcessName: powershell.exe

Snort Signatures

Timestamp:04/23/24-08:29:13.619521
SID:2018316
Source Port:53
Destination Port:52676
Protocol:UDP
Classtype:A Network Trojan was detected
Timestamp:04/23/24-08:31:15.600449
SID:2018316
Source Port:53
Destination Port:58047
Protocol:UDP
Classtype:A Network Trojan was detected

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for domain / URL
Source: illitluckygirl.comVirustotal: Detection: 9%Perma Link
Source: ShadowFury.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: C:\Users\user\Desktop\ShadowFury.exeRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\d8b49fe8-42ea-5121-a0ba-899ad0437a85Jump to behavior
Source: C:\Users\user\Desktop\ShadowFury.exeFile created: C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\LICENSE.electron.txtJump to behavior
Source: C:\Users\user\Desktop\ShadowFury.exeFile created: C:\Users\user\AppData\Local\Programs\ShadowFury\LICENSE.electron.txtJump to behavior
Source: ShadowFury.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: BCC = $(NCC) -nologo -W3 -Fd$*.pdb $(CCOPTS) $(BCCOPTS) source: ShadowFury.exe, 00000000.00000003.1884452784.0000000006C30000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: del /Q *.exp *.lo *.ilk *.lib *.obj *.ncb *.pdb *.sdf *.suo 2>NUL source: ShadowFury.exe, 00000000.00000003.1884452784.0000000006C30000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: -FdC:\Users\Administrator\Desktop\duvet\src\builds\LYifJXHx8\source\node_modules\sqlite3\build\Release\sqlite3.pdb source: ShadowFury.exe, 00000000.00000003.1884452784.0000000006C30000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: LTCOMPILE = $(TCC) -Fo$@ -Fd$*.pdb source: ShadowFury.exe, 00000000.00000003.1884452784.0000000006C30000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: /c /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\INCLUDE\NODE" /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\SRC" /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\DEPS\OPENSSL\CONFIG" /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\DEPS\OPENSSL\OPENSSL\INCLUDE" /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\DEPS\UV\INCLUDE" /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\DEPS\ZLIB" /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\DEPS\V8\INCLUDE" /I"C:\USERS\ADMINISTRATOR\DESKTOP\DUVET\SRC\BUILDS\LYIFJXHX8\SOURCE\NODE_MODULES\NODE-ADDON-API" /I"C:\USERS\ADMINISTRATOR\DESKTOP\DUVET\SRC\BUILDS\LYIFJXHX8\SOURCE\NODE_MODULES\SQLITE3\BUILD\RELEASE\OBJ\GLOBAL_INTERMEDIATE\SQLITE-AUTOCONF-3440200" /Z7 /nologo /W3 /WX- /diagnostics:column /Ox /Ob2 /Oi /Ot /Oy /GL /D NODE_GYP_MODULE_NAME=node_sqlite3 /D USING_UV_SHARED=1 /D USING_V8_SHARED=1 /D V8_DEPRECATION_WARNINGS=1 /D V8_DEPRECATION_WARNINGS /D V8_IMMINENT_DEPRECATION_WARNINGS /D _GLIBCXX_USE_CXX11_ABI=1 /D ELECTRON_ENSURE_CONFIG_GYPI /D WIN32 /D _CRT_SECURE_NO_DEPRECATE /D _CRT_NONSTDC_NO_DEPRECATE /D _HAS_EXCEPTIONS=0 /D OPENSSL_NO_PINSHARED /D OPENSSL_THREADS /D NAPI_VERSION=8 /D NAPI_DISABLE_CPP_EXCEPTIONS=1 /D SQLITE_THREADSAFE=1 /D HAVE_USLEEP=1 /D SQLITE_ENABLE_FTS3 /D SQLITE_ENABLE_FTS4 /D SQLITE_ENABLE_FTS5 /D SQLITE_ENABLE_RTREE /D SQLITE_ENABLE_DBSTAT_VTAB=1 /D SQLITE_ENABLE_MATH_FUNCTIONS /D BUILDING_NODE_EXTENSION /D "HOST_BINARY=\"node.exe\"" /D NDEBUG /D _WINDLL /GF /Gm- /EHsc /MT /GS /Gy /fp:precise /Zc:wchar_t /Zc:forScope /Zc:inline /GR- /Fo"RELEASE\OBJ\NODE_SQLITE3\\SRC\STATEMENT.OBJ" /Fd"RELEASE\OBJ\NODE_SQLITE3\VC143.PDB" /external:W3 /Gd /TP /wd4351 /wd4355 /wd4800 /wd4251 /wd4275 /wd4244 /wd4267 /analyze- /FC /Zc:__cplusplus -std:c++17 C:\USERS\ADMINISTRATOR\DESKTOP\DUVET\SRC\BUILDS\LYIFJXHX8\SOURCE\NODE_MODULES\SQLITE3\SRC\STATEMENT.CC source: ShadowFury.exe, 00000000.00000003.1884452784.0000000006C30000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\Users\Administrator\Desktop\duvet\src\builds\LYifJXHx8\source\node_modules\sqlite3\build\Release\sqlite3.pdb source: ShadowFury.exe, 00000000.00000003.1884452784.0000000006C30000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: CLEANFILES="$CLEANFILES *.lib *.dll *.pdb *.exp" source: ShadowFury.exe, 00000000.00000003.1884195439.0000000006830000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: -typedil-fC:\Users\Administrator\Desktop\duvet\src\builds\LYifJXHx8\source\node_modules\node-gyp\src\win_delay_load_hook.cc-Gs4096-dos-Zi-Z7-W3-pdbrpc-Og-Ob2-Ot-EHs-MT-GS-Gy-FitObjFunc-FitObjData-NoRTTI-FoC:\Users\Administrator\Desktop\duvet\src\builds\LYifJXHx8\source\node_modules\sqlite3\build\deps\Release\obj\sqlite3\win_delay_load_hook.obj-FdC:\Users\Administrator\Desktop\duvet\src\builds\LYifJXHx8\source\node_modules\sqlite3\build\Release\sqlite3.pdb-errorreport:queue source: ShadowFury.exe, 00000000.00000003.1884452784.0000000006C30000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\PROGRAM FILES\MICROSOFT VISUAL STUDIO\2022\COMMUNITY\VC\TOOLS\MSVC\14.39.33519\LIB\X86\LIBCMT.I386.PDB source: ShadowFury.exe, 00000000.00000003.1884452784.0000000006C30000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\projects\src\out\Default\ffmpeg.dll.pdb source: ShadowFury.exe, 00000000.00000003.1889380677.0000000005C20000.00000004.00001000.00020000.00000000.sdmp, ShadowFury.exe, 00000000.00000003.1987405093.0000000005025000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM ) ;; source: ShadowFury.exe, 00000000.00000003.1884195439.0000000006830000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: /c /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\INCLUDE\NODE" /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\SRC" /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\DEPS\OPENSSL\CONFIG" /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\DEPS\OPENSSL\OPENSSL\INCLUDE" /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\DEPS\UV\INCLUDE" /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\DEPS\ZLIB" /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\DEPS\V8\INCLUDE" /I"C:\USERS\ADMINISTRATOR\DESKTOP\DUVET\SRC\BUILDS\LYIFJXHX8\SOURCE\NODE_MODULES\NODE-ADDON-API" /I"C:\USERS\ADMINISTRATOR\DESKTOP\DUVET\SRC\BUILDS\LYIFJXHX8\SOURCE\NODE_MODULES\SQLITE3\BUILD\RELEASE\OBJ\GLOBAL_INTERMEDIATE\SQLITE-AUTOCONF-3440200" /Z7 /nologo /W3 /WX- /diagnostics:column /Ox /Ob2 /Oi /Ot /Oy /GL /D NODE_GYP_MODULE_NAME=node_sqlite3 /D USING_UV_SHARED=1 /D USING_V8_SHARED=1 /D V8_DEPRECATION_WARNINGS=1 /D V8_DEPRECATION_WARNINGS /D V8_IMMINENT_DEPRECATION_WARNINGS /D _GLIBCXX_USE_CXX11_ABI=1 /D ELECTRON_ENSURE_CONFIG_GYPI /D WIN32 /D _CRT_SECURE_NO_DEPRECATE /D _CRT_NONSTDC_NO_DEPRECATE /D _HAS_EXCEPTIONS=0 /D OPENSSL_NO_PINSHARED /D OPENSSL_THREADS /D NAPI_VERSION=8 /D NAPI_DISABLE_CPP_EXCEPTIONS=1 /D SQLITE_THREADSAFE=1 /D HAVE_USLEEP=1 /D SQLITE_ENABLE_FTS3 /D SQLITE_ENABLE_FTS4 /D SQLITE_ENABLE_FTS5 /D SQLITE_ENABLE_RTREE /D SQLITE_ENABLE_DBSTAT_VTAB=1 /D SQLITE_ENABLE_MATH_FUNCTIONS /D BUILDING_NODE_EXTENSION /D "HOST_BINARY=\"node.exe\"" /D NDEBUG /D _WINDLL /GF /Gm- /EHsc /MT /GS /Gy /fp:precise /Zc:wchar_t /Zc:forScope /Zc:inline /GR- /Fo"RELEASE\OBJ\NODE_SQLITE3\\SRC\NODE_SQLITE3.OBJ" /Fd"RELEASE\OBJ\NODE_SQLITE3\VC143.PDB" /external:W3 /Gd /TP /wd4351 /wd4355 /wd4800 /wd4251 /wd4275 /wd4244 /wd4267 /analyze- /FC /Zc:__cplusplus -std:c++17 C:\USERS\ADMINISTRATOR\DESKTOP\DUVET\SRC\BUILDS\LYIFJXHX8\SOURCE\NODE_MODULES\SQLITE3\SRC\NODE_SQLITE3.CC source: ShadowFury.exe, 00000000.00000003.1884452784.0000000006C30000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\PROGRAM FILES\MICROSOFT VISUAL STUDIO\2022\COMMUNITY\VC\TOOLS\MSVC\14.39.33519\LIB\X86\LIBCPMT.I386.PDB source: ShadowFury.exe, 00000000.00000003.1884452784.0000000006C30000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\projects\src\out\Default\libGLESv2.dll.pdb source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmp, ShadowFury.exe, 00000000.00000003.1991955259.0000000005029000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: /OUT:"C:\USERS\ADMINISTRATOR\DESKTOP\DUVET\SRC\BUILDS\LYIFJXHX8\SOURCE\NODE_MODULES\SQLITE3\BUILD\RELEASE\NODE_SQLITE3.NODE" /INCREMENTAL:NO /NOLOGO KERNEL32.LIB USER32.LIB GDI32.LIB WINSPOOL.LIB COMDLG32.LIB ADVAPI32.LIB SHELL32.LIB OLE32.LIB OLEAUT32.LIB UUID.LIB ODBC32.LIB DELAYIMP.LIB "C:\\USERS\\ADMINISTRATOR\\.ELECTRON-GYP\\24.1.1\\IA32\\NODE.LIB" DELAYIMP.LIB /DELAYLOAD:NODE.EXE /MANIFEST /MANIFESTUAC:"level='asInvoker' uiAccess='false'" /manifest:embed /DEBUG /PDB:"C:\USERS\ADMINISTRATOR\DESKTOP\DUVET\SRC\BUILDS\LYIFJXHX8\SOURCE\NODE_MODULES\SQLITE3\BUILD\RELEASE\NODE_SQLITE3.PDB" /OPT:REF /OPT:ICF /TLBID:1 /DYNAMICBASE /NXCOMPAT /MACHINE:X86 /SAFESEH /LTCG:INCREMENTAL /ignore:4199 /DLL RELEASE\OBJ\NODE_SQLITE3\WIN_DELAY_LOAD_HOOK.OBJ source: ShadowFury.exe, 00000000.00000003.1884452784.0000000006C30000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\projects\src\out\Default\libGLESv2.dll.pdb`)p) source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmp, ShadowFury.exe, 00000000.00000003.1991955259.0000000005029000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: SQLITE3EXEPDB = /pdb:sqlite3sh.pdb source: ShadowFury.exe, 00000000.00000003.1884452784.0000000006C30000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\PROGRAM FILES\MICROSOFT VISUAL STUDIO\2022\COMMUNITY\VC\TOOLS\MSVC\14.39.33519\LIB\X86\LIBVCRUNTIME.I386.PDB source: ShadowFury.exe, 00000000.00000003.1884452784.0000000006C30000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: ** rbu_file.pDb!=0, then it is assumed to already be present on the source: ShadowFury.exe, 00000000.00000003.1884195439.0000000006830000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\projects\src\out\Default\libEGL.dll.pdb source: ShadowFury.exe, 00000000.00000003.1889380677.0000000005C20000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: /c /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\INCLUDE\NODE" /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\SRC" /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\DEPS\OPENSSL\CONFIG" /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\DEPS\OPENSSL\OPENSSL\INCLUDE" /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\DEPS\UV\INCLUDE" /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\DEPS\ZLIB" /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\DEPS\V8\INCLUDE" /I"C:\USERS\ADMINISTRATOR\DESKTOP\DUVET\SRC\BUILDS\LYIFJXHX8\SOURCE\NODE_MODULES\NODE-ADDON-API" /I"C:\USERS\ADMINISTRATOR\DESKTOP\DUVET\SRC\BUILDS\LYIFJXHX8\SOURCE\NODE_MODULES\SQLITE3\BUILD\RELEASE\OBJ\GLOBAL_INTERMEDIATE\SQLITE-AUTOCONF-3440200" /Z7 /nologo /W3 /WX- /diagnostics:column /Ox /Ob2 /Oi /Ot /Oy /GL /D NODE_GYP_MODULE_NAME=node_sqlite3 /D USING_UV_SHARED=1 /D USING_V8_SHARED=1 /D V8_DEPRECATION_WARNINGS=1 /D V8_DEPRECATION_WARNINGS /D V8_IMMINENT_DEPRECATION_WARNINGS /D _GLIBCXX_USE_CXX11_ABI=1 /D ELECTRON_ENSURE_CONFIG_GYPI /D WIN32 /D _CRT_SECURE_NO_DEPRECATE /D _CRT_NONSTDC_NO_DEPRECATE /D _HAS_EXCEPTIONS=0 /D OPENSSL_NO_PINSHARED /D OPENSSL_THREADS /D NAPI_VERSION=8 /D NAPI_DISABLE_CPP_EXCEPTIONS=1 /D SQLITE_THREADSAFE=1 /D HAVE_USLEEP=1 /D SQLITE_ENABLE_FTS3 /D SQLITE_ENABLE_FTS4 /D SQLITE_ENABLE_FTS5 /D SQLITE_ENABLE_RTREE /D SQLITE_ENABLE_DBSTAT_VTAB=1 /D SQLITE_ENABLE_MATH_FUNCTIONS /D BUILDING_NODE_EXTENSION /D "HOST_BINARY=\"node.exe\"" /D NDEBUG /D _WINDLL /GF /Gm- /EHsc /MT /GS /Gy /fp:precise /Zc:wchar_t /Zc:forScope /Zc:inline /GR- /Fo"RELEASE\OBJ\NODE_SQLITE3\\SRC\DATABASE.OBJ" /Fd"RELEASE\OBJ\NODE_SQLITE3\VC143.PDB" /external:W3 /Gd /TP /wd4351 /wd4355 /wd4800 /wd4251 /wd4275 /wd4244 /wd4267 /analyze- /FC /Zc:__cplusplus -std:c++17 C:\USERS\ADMINISTRATOR\DESKTOP\DUVET\SRC\BUILDS\LYIFJXHX8\SOURCE\NODE_MODULES\SQLITE3\SRC\DATABASE.CC source: ShadowFury.exe, 00000000.00000003.1884452784.0000000006C30000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: BCC = $(NCC) -nologo -W4 -Fd$*.pdb $(CCOPTS) $(BCCOPTS) source: ShadowFury.exe, 00000000.00000003.1884452784.0000000006C30000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;; source: ShadowFury.exe, 00000000.00000003.1884195439.0000000006830000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) source: ShadowFury.exe, 00000000.00000003.1884195439.0000000006830000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\projects\src\out\Default\vk_swiftshader.dll.pdb source: ShadowFury.exe, 00000000.00000003.1982489931.0000000005C20000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\USERS\ADMINISTRATOR\DESKTOP\DUVET\SRC\BUILDS\LYIFJXHX8\SOURCE\NODE_MODULES\SQLITE3\BUILD\RELEASE\NODE_SQLITE3.PDB source: ShadowFury.exe, 00000000.00000003.1884452784.0000000006C30000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: /c /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\INCLUDE\NODE" /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\SRC" /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\DEPS\OPENSSL\CONFIG" /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\DEPS\OPENSSL\OPENSSL\INCLUDE" /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\DEPS\UV\INCLUDE" /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\DEPS\ZLIB" /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\DEPS\V8\INCLUDE" /I"C:\USERS\ADMINISTRATOR\DESKTOP\DUVET\SRC\BUILDS\LYIFJXHX8\SOURCE\NODE_MODULES\NODE-ADDON-API" /I"C:\USERS\ADMINISTRATOR\DESKTOP\DUVET\SRC\BUILDS\LYIFJXHX8\SOURCE\NODE_MODULES\SQLITE3\BUILD\RELEASE\OBJ\GLOBAL_INTERMEDIATE\SQLITE-AUTOCONF-3440200" /Z7 /nologo /W3 /WX- /diagnostics:column /Ox /Ob2 /Oi /Ot /Oy /GL /D NODE_GYP_MODULE_NAME=node_sqlite3 /D USING_UV_SHARED=1 /D USING_V8_SHARED=1 /D V8_DEPRECATION_WARNINGS=1 /D V8_DEPRECATION_WARNINGS /D V8_IMMINENT_DEPRECATION_WARNINGS /D _GLIBCXX_USE_CXX11_ABI=1 /D ELECTRON_ENSURE_CONFIG_GYPI /D WIN32 /D _CRT_SECURE_NO_DEPRECATE /D _CRT_NONSTDC_NO_DEPRECATE /D _HAS_EXCEPTIONS=0 /D OPENSSL_NO_PINSHARED /D OPENSSL_THREADS /D NAPI_VERSION=8 /D NAPI_DISABLE_CPP_EXCEPTIONS=1 /D SQLITE_THREADSAFE=1 /D HAVE_USLEEP=1 /D SQLITE_ENABLE_FTS3 /D SQLITE_ENABLE_FTS4 /D SQLITE_ENABLE_FTS5 /D SQLITE_ENABLE_RTREE /D SQLITE_ENABLE_DBSTAT_VTAB=1 /D SQLITE_ENABLE_MATH_FUNCTIONS /D BUILDING_NODE_EXTENSION /D "HOST_BINARY=\"node.exe\"" /D NDEBUG /D _WINDLL /GF /Gm- /EHsc /MT /GS /Gy /fp:precise /Zc:wchar_t /Zc:forScope /Zc:inline /GR- /Fo"RELEASE\OBJ\NODE_SQLITE3\\SRC\BACKUP.OBJ" /Fd"RELEASE\OBJ\NODE_SQLITE3\VC143.PDB" /external:W3 /Gd /TP /wd4351 /wd4355 /wd4800 /wd4251 /wd4275 /wd4244 /wd4267 /analyze- /FC /Zc:__cplusplus -std:c++17 C:\USERS\ADMINISTRATOR\DESKTOP\DUVET\SRC\BUILDS\LYIFJXHX8\SOURCE\NODE_MODULES\SQLITE3\SRC\BACKUP.CC source: ShadowFury.exe, 00000000.00000003.1884452784.0000000006C30000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: ** for all file descriptors with rbu_file.pDb!=0. If the argument has source: ShadowFury.exe, 00000000.00000003.1884195439.0000000006830000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: /c /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\INCLUDE\NODE" /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\SRC" /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\DEPS\OPENSSL\CONFIG" /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\DEPS\OPENSSL\OPENSSL\INCLUDE" /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\DEPS\UV\INCLUDE" /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\DEPS\ZLIB" /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\DEPS\V8\INCLUDE" /I"C:\USERS\ADMINISTRATOR\DESKTOP\DUVET\SRC\BUILDS\LYIFJXHX8\SOURCE\NODE_MODULES\NODE-ADDON-API" /I"C:\USERS\ADMINISTRATOR\DESKTOP\DUVET\SRC\BUILDS\LYIFJXHX8\SOURCE\NODE_MODULES\SQLITE3\BUILD\RELEASE\OBJ\GLOBAL_INTERMEDIATE\SQLITE-AUTOCONF-3440200" /Z7 /nologo /W3 /WX- /diagnostics:column /Ox /Ob2 /Oi /Ot /Oy /GL /D NODE_GYP_MODULE_NAME=node_sqlite3 /D USING_UV_SHARED=1 /D USING_V8_SHARED=1 /D V8_DEPRECATION_WARNINGS=1 /D V8_DEPRECATION_WARNINGS /D V8_IMMINENT_DEPRECATION_WARNINGS /D _GLIBCXX_USE_CXX11_ABI=1 /D ELECTRON_ENSURE_CONFIG_GYPI /D WIN32 /D _CRT_SECURE_NO_DEPRECATE /D _CRT_NONSTDC_NO_DEPRECATE /D _HAS_EXCEPTIONS=0 /D OPENSSL_NO_PINSHARED /D OPENSSL_THREADS /D NAPI_VERSION=8 /D NAPI_DISABLE_CPP_EXCEPTIONS=1 /D SQLITE_THREADSAFE=1 /D HAVE_USLEEP=1 /D SQLITE_ENABLE_FTS3 /D SQLITE_ENABLE_FTS4 /D SQLITE_ENABLE_FTS5 /D SQLITE_ENABLE_RTREE /D SQLITE_ENABLE_DBSTAT_VTAB=1 /D SQLITE_ENABLE_MATH_FUNCTIONS /D BUILDING_NODE_EXTENSION /D "HOST_BINARY=\"node.exe\"" /D NDEBUG /D _WINDLL /GF /Gm- /EHsc /MT /GS /Gy /fp:precise /Zc:wchar_t /Zc:forScope /Zc:inline /GR- /Fo"RELEASE\OBJ\NODE_SQLITE3\\" /Fd"RELEASE\OBJ\NODE_SQLITE3\VC143.PDB" /external:W3 /Gd /TP /wd4351 /wd4355 /wd4800 /wd4251 /wd4275 /wd4244 /wd4267 /analyze- /FC /Zc:__cplusplus -std:c++17 C:\USERS\ADMINISTRATOR\DESKTOP\DUVET\SRC\BUILDS\LYIFJXHX8\SOURCE\NODE_MODULES\NODE-GYP\SRC\WIN_DELAY_LOAD_HOOK.CC source: ShadowFury.exe, 00000000.00000003.1884452784.0000000006C30000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\projects\src\out\Default\libEGL.dll.pdb source: ShadowFury.exe, 00000000.00000003.1889380677.0000000005C20000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: ** rbu_file.pDb!=0. source: ShadowFury.exe, 00000000.00000003.1884195439.0000000006830000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\projects\src\out\Default\vulkan-1.dll.pdb source: ShadowFury.exe, 00000000.00000003.1979571648.0000000004D60000.00000004.00001000.00020000.00000000.sdmp, ShadowFury.exe, 00000000.00000003.1979752685.00000000054D0000.00000004.00001000.00020000.00000000.sdmp, ShadowFury.exe, 00000000.00000003.1982489931.0000000005C20000.00000004.00001000.00020000.00000000.sdmp
Source: C:\Users\user\Desktop\ShadowFury.exeFile opened: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeJump to behavior
Source: C:\Users\user\Desktop\ShadowFury.exeFile opened: C:\Users\userJump to behavior
Source: C:\Users\user\Desktop\ShadowFury.exeFile opened: C:\Users\user\AppData\Local\Programs\ShadowFuryJump to behavior
Source: C:\Users\user\Desktop\ShadowFury.exeFile opened: C:\Users\user\AppDataJump to behavior
Source: C:\Users\user\Desktop\ShadowFury.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
Source: C:\Users\user\Desktop\ShadowFury.exeFile opened: C:\Users\user\AppData\Local\ProgramsJump to behavior

Networking

barindex
Snort IDS alert for network traffic
Source: TrafficSnort IDS: 2018316 ET TROJAN Possible Zeus GameOver/FluBot Related DGA NXDOMAIN Responses 1.1.1.1:53 -> 192.168.2.6:52676
Source: TrafficSnort IDS: 2018316 ET TROJAN Possible Zeus GameOver/FluBot Related DGA NXDOMAIN Responses 1.1.1.1:53 -> 192.168.2.6:58047
Source: Joe Sandbox ViewIP Address: 34.117.186.192 34.117.186.192
Source: Joe Sandbox ViewIP Address: 34.117.186.192 34.117.186.192
Source: Joe Sandbox ViewIP Address: 162.159.61.3 162.159.61.3
Source: unknownDNS query: name: ipinfo.io
Source: unknownDNS query: name: ipinfo.io
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: ShadowFury.exe, 00000000.00000003.1982753666.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: V8.MemoryHeapUsedV8.MemoryHeapCommittedmail.google.com.gmaildrive.google.com.docsplus.google.com.plus.inbox.calendarwww.youtube.com.youtube.top10sina.com.cnfacebook.combaidu.comtwitter.comtaobao.comwikipedia equals www.youtube.com (Youtube)
Source: ShadowFury.exe, 00000000.00000003.1982753666.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: www.youtube.com equals www.youtube.com (Youtube)
Source: unknownDNS traffic detected: queries for: ipinfo.io
Source: unknownHTTP traffic detected: POST /dns-query HTTP/1.1Host: chrome.cloudflare-dns.comConnection: keep-aliveContent-Length: 128Accept: application/dns-messageAccept-Language: *User-Agent: ChromeAccept-Encoding: identityContent-Type: application/dns-message
Source: ShadowFury.exe, 00000000.00000003.1983268209.000000000768F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://.css
Source: ShadowFury.exe, 00000000.00000003.1983268209.000000000768F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://.jpg
Source: ShadowFury.exe, 00000000.00000003.1982753666.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/1085
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/1452
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/1452expandIntegerPowExpressionsThe
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/1512
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/1637
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/1936
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2046
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2152
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2152skipVSConstantRegisterZeroIn
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2162
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2273
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2517
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2894
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2970
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2978
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3027
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3045
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3078
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3205
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3206
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3246
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3246allowClearForRobustResourceInitSome
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3452
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3498
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3502
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3577
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3584
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3586
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3623
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3624
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3625
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3682
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3682allowES3OnFL100Allow
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3729
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3832
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3862
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3965
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3970
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3997
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4214
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4267
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4324
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4384
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4405
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4428
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4551
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4633
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4646
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4722
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/482
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4836
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4901
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4937
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5007
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5007disableDrawBuffersIndexedDisable
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5055
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5061
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5281
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5371
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5375
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5421
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5430
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5469
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5535
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5577
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5658
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5658forceGlErrorCheckingForce
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5750
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5750forceRobustResourceInitForce-enable
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5881
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5901
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5906
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6041
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6041forceInitShaderVariablesForce-enable
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6048
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6141
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6248
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6439
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6651
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6692
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6755
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6860
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6876
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6878
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6929
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6953
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7036
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7036dumpShaderSourceWrite
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7047
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7172
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7279
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7279cacheCompiledShaderEnable
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7370
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7406
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7488
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7527
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7553
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7556
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7724
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7724disableAnisotropicFilteringDisable
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7760
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7760enableShaderSubstitutionCheck
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7761
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7761Frontend
Source: ShadowFury.exe, 00000000.00000003.1884452784.0000000006C30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://blog.izs.me)
Source: ShadowFury.exe, 00000000.00000003.1884452784.0000000006C30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://blog.izs.me/)
Source: ShadowFury.exe, 00000000.00000003.1983268209.000000000768F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://certificates.godaddy.com/repository/gd_intermediate.crt0
Source: ShadowFury.exe, 00000000.00000003.1983268209.000000000768F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://certificates.godaddy.com/repository100.
Source: ShadowFury.exe, 00000000.00000003.1993745329.0000000005020000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cgit.freedesktop.org/xorg/xserver/tree/COPYING
Source: ShadowFury.exe, 00000000.00000003.1993745329.0000000005020000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cldr.unicode.org/index/downloads
Source: ShadowFury.exe, 00000000.00000003.1983268209.00000000073F0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://code.google.com/p/closure-compiler/wiki/SourceMaps
Source: ShadowFury.exe, 00000000.00000003.1993745329.0000000005020000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://code.google.com/p/smhasher/
Source: ShadowFury.exe, 00000000.00000003.1993745329.0000000005020000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://code.google.com/p/v8
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/1094869
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/110263
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/1144207
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/1165751
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/1165751disableProgramBinaryDisable
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/1171371
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/1181068
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/1181193
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/308366
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/403957
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/550292
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/565179
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/642227
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/642605
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/644669
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/650547
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/672380
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/709351
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/797243
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/809422
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/830046
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/849576
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/883276
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/927470
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/941620
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/941620allowTranslateUniformBlockToStructuredBufferThere
Source: ShadowFury.exe, 00000000.00000003.1983268209.00000000073F0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: ShadowFury.exe, 00000000.00000003.1983268209.00000000073F0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl0
Source: ShadowFury.exe, 00000000.00000003.1983268209.00000000073F0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: ShadowFury.exe, 00000000.00000003.1983268209.000000000768F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.godaddy.com/gds1-20
Source: ShadowFury.exe, 00000000.00000003.1993745329.0000000005020000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://devel.freebsoft.org/speechd
Source: ShadowFury.exe, 00000000.00000003.1993745329.0000000005020000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://developer.android.com/tools/extras/support-library.html
Source: ShadowFury.exe, 00000000.00000003.1983268209.000000000768F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/common
Source: ShadowFury.exe, 00000000.00000003.1983268209.000000000768F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/commonnode-set..
Source: ShadowFury.exe, 00000000.00000003.1993745329.0000000005020000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fedorahosted.org/lohit>
Source: ShadowFury.exe, 00000000.00000003.1884195439.0000000006830000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://fossil-scm.org).
Source: ShadowFury.exe, 00000000.00000003.1993745329.0000000005020000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://freedesktop.org
Source: ShadowFury.exe, 00000000.00000003.1993745329.0000000005020000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://git.linuxtv.org/v4l-utils.git
Source: ShadowFury.exe, 00000000.00000003.1993745329.0000000005020000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.github.io/snappy/
Source: ShadowFury.exe, 00000000.00000003.1983268209.000000000768F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://html4/loose.dtd
Source: ShadowFury.exe, 00000000.00000003.1983268209.000000000768F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://icl.com/saxon
Source: ShadowFury.exe, 00000000.00000003.1983268209.000000000768F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://icl.com/saxonorg.apache.xalan.xslt.extensions.RedirectxsltDocumentElem:
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://issuetracker.google.com/200067929
Source: ShadowFury.exe, 00000000.00000003.1884452784.0000000006C30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://istanbul-js.org/
Source: ShadowFury.exe, 00000000.00000003.1993745329.0000000005020000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://labs.creativecommons.org/licenses/zero-waive/1.0/us/legalcode>
Source: ShadowFury.exe, 00000000.00000003.1982753666.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://localhosthttp://127.0.0.1object-src
Source: ShadowFury.exe, 00000000.00000003.1993745329.0000000005020000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://mxr.mozilla.org/comm-central/source/mozilla/netwerk/base/src/nsURLParsers.cpp
Source: ShadowFury.exe, 00000000.00000003.1884452784.0000000006C30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://n8.io/)
Source: ShadowFury.exe, 00000000.00000003.1982753666.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://narwhaljs.org)
Source: ShadowFury.exe, 00000000.00000000.1801467075.000000000040A000.00000008.00000001.01000000.00000003.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: ShadowFury.exe, 00000000.00000003.1983268209.000000000768F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp.godaddy.com/0J
Source: ShadowFury.exe, 00000000.00000003.1884452784.0000000006C30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://re-becca.org)
Source: ShadowFury.exe, 00000000.00000003.1884452784.0000000006C30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://re-becca.org/)
Source: ShadowFury.exe, 00000000.00000003.1983268209.000000000768F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://s..
Source: ShadowFury.exe, 00000000.00000003.1993745329.0000000005020000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://scripts.sil.org/OFL
Source: ShadowFury.exe, 00000000.00000003.1993745329.0000000005020000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://source.android.com/
Source: ShadowFury.exe, 00000000.00000003.1993745329.0000000005020000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://source.android.com/compatibility)
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmp, ShadowFury.exe, 00000000.00000003.1983268209.00000000073F0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://src.chromium.org/viewvc/blink/trunk/Source/devtools/front_end/SourceMap.js
Source: ShadowFury.exe, 00000000.00000003.1993745329.0000000005020000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://src.chromium.org/viewvc/chrome/trunk/deps/third_party/xz/COPYING
Source: ShadowFury.exe, 00000000.00000003.1993745329.0000000005020000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tukaani.org/xz/
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://userguide.icu-project.org/strings/properties
Source: ShadowFury.exe, 00000000.00000003.1993745329.0000000005020000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://valgrind.org
Source: ShadowFury.exe, 00000000.00000003.1884195439.0000000006830000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://web.archive.org/
Source: ShadowFury.exe, 00000000.00000003.1993745329.0000000005020000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://webkit.org/
Source: ShadowFury.exe, 00000000.00000003.1983268209.000000000768F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://wpad/wpad.dat
Source: ShadowFury.exe, 00000000.00000003.1983268209.000000000768F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://wpad/wpad.dat..
Source: ShadowFury.exe, 00000000.00000003.1982753666.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.aiim.org/pdfa/ns/id/
Source: ShadowFury.exe, 00000000.00000003.1993745329.0000000005020000.00000004.00000020.00020000.00000000.sdmp, ShadowFury.exe, 00000000.00000003.1884452784.0000000006C30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmp, ShadowFury.exe, 00000000.00000003.1993745329.0000000005020000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: ShadowFury.exe, 00000000.00000003.1993745329.0000000005020000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.chromium.org
Source: ShadowFury.exe, 00000000.00000003.1884195439.0000000006830000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.fossil-scm.org/
Source: ShadowFury.exe, 00000000.00000003.1993745329.0000000005020000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.freedesktop.org/wiki/Software/xdg-user-dirs
Source: ShadowFury.exe, 00000000.00000003.1884452784.0000000006C30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.futurealoof.com)
Source: ShadowFury.exe, 00000000.00000003.1884452784.0000000006C30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.gnu.org/licenses/
Source: ShadowFury.exe, 00000000.00000003.1993745329.0000000005020000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.gutenberg.org/ebooks/53).
Source: ShadowFury.exe, 00000000.00000003.1983268209.000000000768F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd
Source: ShadowFury.exe, 00000000.00000003.1983268209.000000000768F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd-//W3C//DTD
Source: ShadowFury.exe, 00000000.00000003.1884195439.0000000006830000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.icu-project.org/userguide/posix.html#case_mappings
Source: ShadowFury.exe, 00000000.00000003.1983268209.000000000768F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.jclark.com/xt
Source: ShadowFury.exe, 00000000.00000003.1993745329.0000000005020000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.linux-usb.org/usb-ids.html
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.midnight-commander.org/browser/lib/tty/key.c
Source: ShadowFury.exe, 00000000.00000003.1993745329.0000000005020000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/MPL/
Source: ShadowFury.exe, 00000000.00000003.1993745329.0000000005020000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.nongnu.org/freebangfont/downloads.html#mukti
Source: ShadowFury.exe, 00000000.00000003.1993745329.0000000005020000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ploscompbiol.org/static/license
Source: ShadowFury.exe, 00000000.00000003.1884452784.0000000006C30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.software-architect.net/blog/article/date/2015/06/12/-826c6e5052.html
Source: ShadowFury.exe, 00000000.00000003.1884195439.0000000006830000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.sqlite.org/
Source: ShadowFury.exe, 00000000.00000003.1884452784.0000000006C30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.sqlite.org/compile.html).
Source: ShadowFury.exe, 00000000.00000003.1884195439.0000000006830000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.sqlite.org/copyright.html
Source: ShadowFury.exe, 00000000.00000003.1883935339.0000000005920000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.sqlite.org/src/info/6709574d2a
Source: ShadowFury.exe, 00000000.00000003.1883935339.0000000005920000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.sqlite.org/src/info/f2369304e4
Source: ShadowFury.exe, 00000000.00000003.1884195439.0000000006830000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.sqlite.org/tclsqlite.html
Source: ShadowFury.exe, 00000000.00000003.1982753666.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.squid-cache.org/Doc/config/half_closed_clients/
Source: ShadowFury.exe, 00000000.00000003.1993745329.0000000005020000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.strongtalk.org/
Source: ShadowFury.exe, 00000000.00000003.1993745329.0000000005020000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.suitable.com
Source: ShadowFury.exe, 00000000.00000003.1993745329.0000000005020000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.suitable.com/tools/smslib.html
Source: ShadowFury.exe, 00000000.00000003.1993745329.0000000005020000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.suitable.com/tools/smslib.html>
Source: ShadowFury.exe, 00000000.00000003.1884195439.0000000006830000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.unicode.org
Source: ShadowFury.exe, 00000000.00000003.1862439762.0000000005E20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.unicode.org/copyright.html
Source: ShadowFury.exe, 00000000.00000003.1993745329.0000000005020000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.webrtc.org
Source: ShadowFury.exe, 00000004.00000000.2064453399.0000000007462000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://www.xfa.com/schema/xfa-package/
Source: ShadowFury.exe, 00000004.00000000.2064453399.0000000007462000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://www.xfa.org/schema/xci/
Source: ShadowFury.exe, 00000004.00000000.2064453399.0000000007462000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://www.xfa.org/schema/xdc/
Source: ShadowFury.exe, 00000004.00000000.2064453399.0000000007462000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://www.xfa.org/schema/xfa-connection-set/
Source: ShadowFury.exe, 00000004.00000000.2064453399.0000000007462000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://www.xfa.org/schema/xfa-data/
Source: ShadowFury.exe, 00000004.00000000.2064453399.0000000007462000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://www.xfa.org/schema/xfa-data/1.0/
Source: ShadowFury.exe, 00000004.00000000.2064453399.0000000007462000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://www.xfa.org/schema/xfa-data/1.0/xmlns:xfa
Source: ShadowFury.exe, 00000004.00000000.2064453399.0000000007462000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://www.xfa.org/schema/xfa-form/
Source: ShadowFury.exe, 00000004.00000000.2064453399.0000000007462000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://www.xfa.org/schema/xfa-locale-set/
Source: ShadowFury.exe, 00000004.00000000.2064453399.0000000007462000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://www.xfa.org/schema/xfa-package/
Source: ShadowFury.exe, 00000004.00000000.2064453399.0000000007462000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://www.xfa.org/schema/xfa-source-set/
Source: ShadowFury.exe, 00000004.00000000.2064453399.0000000007462000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://www.xfa.org/schema/xfa-template/
Source: ShadowFury.exe, 00000000.00000003.1983268209.000000000768F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xmlsoft.org/XSLT/
Source: ShadowFury.exe, 00000000.00000003.1983268209.000000000768F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xmlsoft.org/XSLT/namespace
Source: ShadowFury.exe, 00000000.00000003.1983268209.000000000768F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xmlsoft.org/XSLT/namespacehttp://www.jclark.com/xtxsl:key
Source: ShadowFury.exe, 00000000.00000003.1983268209.000000000768F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xmlsoft.org/XSLT/xsltNewExtDef
Source: ShadowFury.exe, 00000000.00000003.1993745329.0000000005020000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://zlib.net/
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/4674
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/4830
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/4849
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/4966
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/5140
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/5536
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/5845
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/6574
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7161
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7162
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7246
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7246enableCaptureLimitsSet
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7308
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7319
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7320
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7369
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7382
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7405
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7489
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7604
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7714
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7847
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7899
Source: ShadowFury.exe, 00000000.00000003.1983268209.000000000768F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://beacons.gcp.gvt2.com/domainreliability/upload
Source: ShadowFury.exe, 00000000.00000003.1983268209.000000000768F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://beacons.gcp.gvt2.com/domainreliability/uploadhttps://beacons.gvt2.com/domainreliability/uplo
Source: ShadowFury.exe, 00000000.00000003.1983268209.000000000768F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://beacons.gvt2.com/domainreliability/upload
Source: ShadowFury.exe, 00000000.00000003.1983268209.000000000768F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://beacons2.gvt2.com/domainreliability/upload
Source: ShadowFury.exe, 00000000.00000003.1983268209.000000000768F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://beacons3.gvt2.com/domainreliability/upload
Source: ShadowFury.exe, 00000000.00000003.1983268209.000000000768F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://beacons4.gvt2.com/domainreliability/upload
Source: ShadowFury.exe, 00000000.00000003.1983268209.000000000768F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://beacons5.gvt2.com/domainreliability/upload
Source: ShadowFury.exe, 00000000.00000003.1983268209.000000000768F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://beacons5.gvt3.com/domainreliability/upload
Source: ShadowFury.exe, 00000000.00000003.1983268209.000000000768F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://bit.ly/3rpDuEX.
Source: ShadowFury.exe, 00000000.00000003.1983268209.000000000768F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://bit.ly/3rpDuEX.WebBundleURLLoaderFactory::OnResponseParsedInvalid
Source: ShadowFury.exe, 00000000.00000003.1983268209.0000000007537000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
Source: ShadowFury.exe, 00000000.00000003.1983268209.0000000007537000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.htmlMixed
Source: ShadowFury.exe, 00000000.00000003.1982753666.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://bugs.chromium.org/p/v8/issues/detail?id=10201
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://bugs.fuchsia.dev/p/fuchsia/issues/detail?id=107106
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=745678
Source: ShadowFury.exe, 00000000.00000003.1983268209.000000000768F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://c.android.clients.google.com/
Source: ShadowFury.exe, 00000000.00000003.1983268209.000000000768F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://c.bigcache.googleapis.com/
Source: ShadowFury.exe, 00000000.00000003.1983268209.000000000768F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://c.doc-0-0-sj.sj.googleusercontent.com/
Source: ShadowFury.exe, 00000000.00000003.1983268209.000000000768F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://c.docs.google.com/
Source: ShadowFury.exe, 00000000.00000003.1983268209.000000000768F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://c.drive.google.com/
Source: ShadowFury.exe, 00000000.00000003.1983268209.000000000768F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://c.googlesyndication.com/
Source: ShadowFury.exe, 00000000.00000003.1983268209.000000000768F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://c.pack.google.com/
Source: ShadowFury.exe, 00000000.00000003.1983268209.000000000768F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://c.play.google.com/
Source: ShadowFury.exe, 00000000.00000003.1983268209.000000000768F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://c.youtube.com/
Source: ShadowFury.exe, 00000000.00000003.1983268209.0000000007537000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chromestatus.com/feature/5105856067141632.
Source: ShadowFury.exe, 00000000.00000003.1982753666.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chromestatus.com/feature/5463833265045504.
Source: ShadowFury.exe, 00000000.00000003.1982753666.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chromestatus.com/feature/5463833265045504.Found
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chromium.googlesource.com/angle/angle/
Source: ShadowFury.exe, 00000000.00000003.1993745329.0000000005020000.00000004.00000020.00020000.00000000.sdmp, ShadowFury.exe, 00000000.00000003.1982753666.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chromium.googlesource.com/chromium/src/
Source: ShadowFury.exe, 00000000.00000003.1993745329.0000000005020000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chromium.googlesource.com/vulkan-deps/
Source: ShadowFury.exe, 00000000.00000003.1993745329.0000000005020000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chromium.googlesource.com/webm/libwebm
Source: ShadowFury.exe, 00000000.00000003.1993745329.0000000005020000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chromium.googlesource.com/webm/libwebp
Source: ShadowFury.exe, 00000000.00000003.1983268209.000000000768F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/
Source: ShadowFury.exe, 00000000.00000003.1983268209.000000000768F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/domainreliability/upload
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://code.google.com/p/chromium/issues/detail?id=25916
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://console.spec.whatwg.org/#clear
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://console.spec.whatwg.org/#console-namespace
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://console.spec.whatwg.org/#count
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://console.spec.whatwg.org/#count-map
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://console.spec.whatwg.org/#countreset
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://console.spec.whatwg.org/#table
Source: ShadowFury.exe, 00000000.00000003.1983268209.0000000007537000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/1038223.
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/1042393
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/1046462
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/1060012
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/1091824
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/1137851
Source: ShadowFury.exe, 00000000.00000003.1983268209.000000000768F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/1154140
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/1300575
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/1356053
Source: ShadowFury.exe, 00000000.00000003.1983268209.0000000007537000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/1412729
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/593024
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/593024selectViewInGeometryShaderThe
Source: ShadowFury.exe, 00000000.00000003.1983268209.0000000007537000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/619103.
Source: ShadowFury.exe, 00000000.00000003.1983268209.0000000007537000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/619103.Subsequence
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/650547
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/650547callClearTwiceUsing
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/655534
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/655534useSystemMemoryForConstantBuffersCopying
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/705865
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/710443
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/811661
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/848952
Source: ShadowFury.exe, 00000000.00000003.1983268209.000000000768F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/927119
Source: ShadowFury.exe, 00000000.00000003.1983268209.000000000768F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/927119..
Source: ShadowFury.exe, 00000000.00000003.1983268209.0000000007537000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/981419
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/v8/7848
Source: ShadowFury.exe, 00000000.00000003.1993745329.0000000005020000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://creativecommons.org/licenses/by/3.0/
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://cs.chromium.org/chromium/src/v8/tools/SourceMap.js?rcl=dd10454c1d
Source: ShadowFury.exe, 00000000.00000003.1983268209.000000000768F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://datatracker.ietf.org/doc/draft-ietf-rtcweb-ip-handling.
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://datatracker.ietf.org/doc/html/rfc7231#section-6.4
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://datatracker.ietf.org/doc/html/rfc7238
Source: ShadowFury.exe, 00000000.00000003.1993745329.0000000005020000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dejavu-fonts.github.io/Download.html
Source: ShadowFury.exe, 00000000.00000003.1983268209.0000000007537000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://developer.chrome.com/blog/enabling-shared-array-buffer/
Source: ShadowFury.exe, 00000000.00000003.1983268209.0000000007537000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://developer.chrome.com/blog/immutable-document-domain/
Source: ShadowFury.exe, 00000000.00000003.1983268209.0000000007537000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://developer.chrome.com/docs/extensions/mv3/cross-origin-isolation/.
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/SpiderMonkey/Parser_API
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/API/PerformanceResourceTiming
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Equality_comparisons_and_sameness#Loose_equa
Source: ShadowFury.exe, 00000000.00000003.1993745329.0000000005020000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://developers.google.com/android/guides/setup
Source: ShadowFury.exe, 00000000.00000003.1982753666.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://developers.google.com/web/updates/2016/08/removing-document-write
Source: ShadowFury.exe, 00000000.00000003.1983268209.000000000768F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/
Source: ShadowFury.exe, 00000000.00000003.1884452784.0000000006C30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://elinux.org/RPI_vcgencmd_usage
Source: ShadowFury.exe, 00000000.00000003.1884452784.0000000006C30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://elinux.org/RPi_HardwareHistory
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://encoding.spec.whatwg.org
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://encoding.spec.whatwg.org/#encode-and-enqueue-a-chunk
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://encoding.spec.whatwg.org/#encode-and-flush
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://encoding.spec.whatwg.org/#textdecoder
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://encoding.spec.whatwg.org/#textencoder
Source: ShadowFury.exe, 00000000.00000003.1982753666.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://esdiscuss.org/topic/isconstructor#content-11
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://fetch.spec.whatwg.org/
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://fetch.spec.whatwg.org/#fetch-timing-info
Source: ShadowFury.exe, 00000000.00000003.1983268209.000000000768F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gcp.gvt2.com/
Source: ShadowFury.exe, 00000000.00000003.1983268209.000000000768F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gcp.gvt6.com/
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gist.github.com/XVilka/8346728#gistcomment-2823421
Source: ShadowFury.exe, 00000000.00000003.1884452784.0000000006C30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/Buzut)
Source: ShadowFury.exe, 00000000.00000003.1993745329.0000000005020000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Cyan4973/xxHash
Source: ShadowFury.exe, 00000000.00000003.1993745329.0000000005020000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/GPUOpen-LibrariesAndSDKs/VulkanMemoryAllocator
Source: ShadowFury.exe, 00000000.00000003.1993745329.0000000005020000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/GoogleChromeLabs/text-fragments-polyfill
Source: ShadowFury.exe, 00000000.00000003.1993745329.0000000005020000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/KhronosGroup/SPIRV-Cross
Source: ShadowFury.exe, 00000000.00000003.1993745329.0000000005020000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/KhronosGroup/SPIRV-Headers.git
Source: ShadowFury.exe, 00000000.00000003.1993745329.0000000005020000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/KhronosGroup/SPIRV-Tools.git
Source: ShadowFury.exe, 00000000.00000003.1993745329.0000000005020000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/KhronosGroup/Vulkan-Headers
Source: ShadowFury.exe, 00000000.00000003.1993745329.0000000005020000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/KhronosGroup/Vulkan-Loader
Source: ShadowFury.exe, 00000000.00000003.1993745329.0000000005020000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Squirrel/Squirrel.Mac
Source: ShadowFury.exe, 00000000.00000003.1884452784.0000000006C30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/TooTallNate/util-deprecate
Source: ShadowFury.exe, 00000000.00000003.1983268209.0000000007537000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/WICG/construct-stylesheets/issues/119#issuecomment-588352418.
Source: ShadowFury.exe, 00000000.00000003.1983268209.0000000007537000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/WICG/construct-stylesheets/issues/119#issuecomment-588352418.border-boxcontent-bo
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/WICG/scheduling-apis
Source: ShadowFury.exe, 00000000.00000003.1983268209.0000000007537000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/WICG/shared-element-transitions/blob/main/debugging_overflow_on_images.md.
Source: ShadowFury.exe, 00000000.00000003.1983268209.0000000007537000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/WICG/view-transitions/blob/main/debugging_overflow_on_images.md
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/WebAssembly/esm-integration/issues/42
Source: ShadowFury.exe, 00000000.00000003.1993745329.0000000005020000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/aawc/unrar.git
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/acornjs/acorn/blob/master/acorn/src/identifier.js#L23
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/acornjs/acorn/issues/575
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/addaleax/eventemitter-asyncresource
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/chalk/ansi-regex/blob/HEAD/index.js
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/chalk/supports-color
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/chromium/chromium/blob/HEAD/third_party/blink/public/platform/web_crypto_algorith
Source: ShadowFury.exe, 00000000.00000003.1884452784.0000000006C30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/csy1983)
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/da-x/rxvt-unicode/tree/v9.22-with-24bit-color
Source: ShadowFury.exe, 00000000.00000003.1982753666.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/electron/electron/issues/18397.
Source: ShadowFury.exe, 00000000.00000003.1982753666.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/electron/electron/issues/18397.Module
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/estree/estree/blob/a27003adf4fd7bfad44de9cef372a2eacd527b1c/es5.md#regexpliteral
Source: ShadowFury.exe, 00000000.00000003.1884452784.0000000006C30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/glegrain)
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/caja/blob/HEAD/src/com/google/caja/ses/repairES5.js
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/caja/blob/HEAD/src/com/google/caja/ses/startSES.js
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/closure-compiler/wiki/Source-Maps
Source: ShadowFury.exe, 00000000.00000003.1993745329.0000000005020000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/diff-match-patch/tree/master/javascript
Source: ShadowFury.exe, 00000000.00000003.1993745329.0000000005020000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/distributed_point_functions
Source: ShadowFury.exe, 00000000.00000003.1993745329.0000000005020000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/google-api-cpp-client/
Source: ShadowFury.exe, 00000000.00000003.1993745329.0000000005020000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/ruy
Source: ShadowFury.exe, 00000000.00000003.1993745329.0000000005020000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/ukey2
Source: ShadowFury.exe, 00000000.00000003.1993745329.0000000005020000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/woff2
Source: ShadowFury.exe, 00000000.00000003.1993745329.0000000005020000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/wuffs-mirror-release-c
Source: ShadowFury.exe, 00000000.00000003.1993745329.0000000005020000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/xnnpack
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/heycam/webidl/pull/946.
Source: ShadowFury.exe, 00000000.00000003.1884452784.0000000006C30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/iarna/unique-filename
Source: ShadowFury.exe, 00000000.00000003.1884452784.0000000006C30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/iarna/unique-filename.git
Source: ShadowFury.exe, 00000000.00000003.1884452784.0000000006C30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/iarna/wide-align
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/isaacs/color-support.
Source: ShadowFury.exe, 00000000.00000003.1884452784.0000000006C30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/isaacs/minipass.git
Source: ShadowFury.exe, 00000000.00000003.1884452784.0000000006C30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/isaacs/node-tar.git
Source: ShadowFury.exe, 00000000.00000003.1884452784.0000000006C30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/isaacs/yallist.git
Source: ShadowFury.exe, 00000000.00000003.1884195439.0000000006830000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/joyent/node
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/joyent/node/issues/3295.
Source: ShadowFury.exe, 00000000.00000003.1884452784.0000000006C30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/lapsio)
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/libuv/libuv/pull/1501.
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mafintosh/end-of-stream
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mafintosh/pump
Source: ShadowFury.exe, 00000000.00000003.1884452784.0000000006C30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mafintosh/tar-fs
Source: ShadowFury.exe, 00000000.00000003.1884452784.0000000006C30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mafintosh/tar-fs.git
Source: ShadowFury.exe, 00000000.00000003.1884452784.0000000006C30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mafintosh/tar-stream
Source: ShadowFury.exe, 00000000.00000003.1884452784.0000000006C30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mafintosh/tar-stream.git
Source: ShadowFury.exe, 00000000.00000003.1884452784.0000000006C30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mikeal/tunnel-agent
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mysticatea/abort-controller
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node-v0.x-archive/issues/2876.
Source: ShadowFury.exe, 00000000.00000003.1982753666.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/commit/ec2822adaad76b126b5cccdeaa1addf2376c9aa6
Source: ShadowFury.exe, 00000000.00000003.1982753666.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/commit/f7620fb96d339f704932f9bb9a0dceb9952df2d4
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/10673
Source: ShadowFury.exe, 00000000.00000003.1982753666.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/13435
Source: ShadowFury.exe, 00000000.00000003.1884452784.0000000006C30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/13581
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/19009
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/2006
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/2119
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/3392
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/34532
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/35452
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/35475
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/35862
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/35981
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/39707
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/39758
Source: ShadowFury.exe, 00000000.00000003.1982753666.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/45699
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/12342
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/12607
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/13870#discussion_r124515293
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/1771#issuecomment-119351671
Source: ShadowFury.exe, 00000000.00000003.1982753666.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/21313
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/26334.
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/30380#issuecomment-552948364
Source: ShadowFury.exe, 00000000.00000003.1982753666.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/30958
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/32887
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/33515.
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/33661
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/3394
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/34010
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/34103#issuecomment-652002364
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/34375
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/34385
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/35941
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/35949#issuecomment-722496598
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/36061#discussion_r533718029
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/38248
Source: ShadowFury.exe, 00000000.00000003.1982753666.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/38433#issuecomment-828426932
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/38614)
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/43714
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/44952
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/46161
Source: ShadowFury.exe, 00000000.00000003.1884195439.0000000006830000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/string_decoder
Source: ShadowFury.exe, 00000000.00000003.1884452784.0000000006C30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/npm/node-semver.git
Source: ShadowFury.exe, 00000000.00000003.1884452784.0000000006C30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/npm/node-tar/blob/51b6627a1f357d2eb433e7378e5f05e83b7aa6cd/lib/header.js#L349
Source: ShadowFury.exe, 00000000.00000003.1884452784.0000000006C30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/npm/node-tar/issues/183
Source: ShadowFury.exe, 00000000.00000003.1884452784.0000000006C30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/npm/node-tar/pull/187
Source: ShadowFury.exe, 00000000.00000003.1884195439.0000000006830000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/npm/ssri
Source: ShadowFury.exe, 00000000.00000003.1884452784.0000000006C30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/npm/wrappy
Source: ShadowFury.exe, 00000000.00000003.1884452784.0000000006C30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/richy24)
Source: ShadowFury.exe, 00000000.00000003.1884195439.0000000006830000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/sebhildebrandt/systeminformation.git
Source: ShadowFury.exe, 00000000.00000003.1884452784.0000000006C30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/sponsors/sindresorhus
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/standard-things/esm/issues/821.
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/tc39/ecma262/blob/HEAD/LICENSE.md
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/tc39/ecma262/issues/1209
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/tc39/proposal-iterator-helpers/issues/169
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/tc39/proposal-ses/blob/e5271cc42a257a05dcae2fd94713ed2f46c08620/shim/src/freeze.j
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/tc39/proposal-weakrefs
Source: ShadowFury.exe, 00000000.00000003.1993745329.0000000005020000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/tensorflow/models
Source: ShadowFury.exe, 00000000.00000003.1993745329.0000000005020000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/tensorflow/tensorflow
Source: ShadowFury.exe, 00000000.00000003.1993745329.0000000005020000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/tensorflow/text.git
Source: ShadowFury.exe, 00000000.00000003.1993745329.0000000005020000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/tensorflow/tflite-support
Source: ShadowFury.exe, 00000000.00000003.1983268209.0000000007537000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/w3c/ServiceWorker/issues/1356.
Source: ShadowFury.exe, 00000000.00000003.1983268209.0000000007537000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/w3c/ServiceWorker/issues/1356.v8.produceCachev8.produceModuleCacheV8.ProduceCodeC
Source: ShadowFury.exe, 00000000.00000003.1983268209.000000000768F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/w3c/gamepad/pull/120
Source: ShadowFury.exe, 00000000.00000003.1983268209.000000000768F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/w3c/gamepad/pull/120Access
Source: ShadowFury.exe, 00000000.00000003.1983268209.000000000768F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/w3c/webappsec-permissions-policy/blob/master/features.md#sensor-features
Source: ShadowFury.exe, 00000000.00000003.1983268209.000000000768F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/w3c/webappsec-permissions-policy/blob/master/features.md#sensor-featuresDeviceOri
Source: ShadowFury.exe, 00000000.00000003.1982753666.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/w3c/webappsec-trusted-types/wiki/Trusted-Types-for-function-constructor
Source: ShadowFury.exe, 00000000.00000003.1993745329.0000000005020000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/wasdk/wasmparser
Source: ShadowFury.exe, 00000000.00000003.1993745329.0000000005020000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/web-animations/web-animations-js
Source: ShadowFury.exe, 00000000.00000003.1993745329.0000000005020000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitlab.freedesktop.org/wayland/weston
Source: ShadowFury.exe, 00000000.00000003.1993745329.0000000005020000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitlab.freedesktop.org/xdg/xdgmime
Source: ShadowFury.exe, 00000000.00000003.1993745329.0000000005020000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitlab.freedesktop.org/xorg/proto/xproto/
Source: ShadowFury.exe, 00000000.00000003.1983268209.0000000007537000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://goo.gl/LdLk22
Source: ShadowFury.exe, 00000000.00000003.1983268209.0000000007537000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://goo.gl/LdLk22MEDIA_ELEMENT_ERROR:
Source: ShadowFury.exe, 00000000.00000003.1983268209.0000000007537000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://goo.gl/LdLk22Media
Source: ShadowFury.exe, 00000000.00000003.1983268209.000000000768F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://goo.gl/rStTGz
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://goo.gl/t5IS6M).
Source: ShadowFury.exe, 00000000.00000003.1983268209.000000000768F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://goo.gl/xX8pDD
Source: ShadowFury.exe, 00000000.00000003.1983268209.000000000768F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://goo.gl/xX8pDDplay()
Source: ShadowFury.exe, 00000000.00000003.1983268209.000000000768F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://goo.gl/ximf56
Source: ShadowFury.exe, 00000000.00000003.1983268209.000000000768F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://goo.gl/ximf56Iframe
Source: ShadowFury.exe, 00000000.00000003.1983268209.0000000007537000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://goo.gle/chrome-insecure-origins
Source: ShadowFury.exe, 00000000.00000003.1983268209.000000000768F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://google-analytics.com/
Source: ShadowFury.exe, 00000000.00000003.1983268209.000000000768F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://googlevideo.com/
Source: ShadowFury.exe, 00000000.00000003.1983268209.000000000768F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gvt1.com/
Source: ShadowFury.exe, 00000000.00000003.1983268209.000000000768F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gvt2.com/
Source: ShadowFury.exe, 00000000.00000003.1983268209.000000000768F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gvt6.com/
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://heycam.github.io/webidl/#Replaceable
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://heycam.github.io/webidl/#define-the-operations
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://heycam.github.io/webidl/#dfn-class-string
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://heycam.github.io/webidl/#dfn-default-iterator-object
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://heycam.github.io/webidl/#dfn-iterator-prototype-object
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://heycam.github.io/webidl/#es-interfaces
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://heycam.github.io/webidl/#es-iterable
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://heycam.github.io/webidl/#es-iterable-entries
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://heycam.github.io/webidl/#es-iterators
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://heycam.github.io/webidl/#es-namespaces
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://heycam.github.io/webidl/#es-operations
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://heycam.github.io/webidl/#es-stringifier
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/browsers.html#ascii-serialisation-of-an-origin
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/browsers.html#concept-origin-opaque
Source: ShadowFury.exe, 00000000.00000003.1983268209.000000000768F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/canvas.html#concept-canvas-will-read-frequently
Source: ShadowFury.exe, 00000000.00000003.1983268209.000000000768F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/canvas.html#concept-canvas-will-read-frequentlyOut
Source: ShadowFury.exe, 00000000.00000003.1982753666.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/dom.html#custom-data-attribute.
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/timers-and-user-prompts.html#dom-setinterval
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/webappapis.html#windoworworkerglobalscope
Source: ShadowFury.exe, 00000000.00000003.1982753666.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://infra.spec.whatwg.org/#ascii-whitespace
Source: ShadowFury.exe, 00000000.00000003.1982753666.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://infra.spec.whatwg.org/#forgiving-base64
Source: ShadowFury.exe, 00000000.00000003.1982753666.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://infra.spec.whatwg.org/#forgiving-base64-decode
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://invisible-island.net/ncurses/terminfo.ti.html#toc-_Specials
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/161903006
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/166809097
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/184850002
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/187425444
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/220069903
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/220069903emulatePixelLocalStorageEmulate
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/229267970
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/250706693
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/253522366
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/issues/166475273
Source: ShadowFury.exe, 00000000.00000003.1983268209.00000000073F0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://jimmy.warting.se/opensource
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://linux.die.net/man/1/dircolors).
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mathiasbynens.be/notes/javascript-encoding
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://no-color.org/
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/api/cli.html#cli_unhandled_rejections_mode).
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/api/fs.html
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/api/fs.html#fs_stat_time_values)
Source: ShadowFury.exe, 00000000.00000003.1884452784.0000000006C30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/api/http.html#http_class_http_incomingmessage
Source: ShadowFury.exe, 00000000.00000003.1982753666.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/download/release/v18.14.0/node-v18.14.0-headers.tar.gz
Source: ShadowFury.exe, 00000000.00000003.1982753666.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/download/release/v18.14.0/node-v18.14.0.tar.gz
Source: ShadowFury.exe, 00000000.00000003.1982753666.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/download/release/v18.14.0/node-v18.14.0.tar.gzhttps://nodejs.org/download/release
Source: ShadowFury.exe, 00000000.00000003.1982753666.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/download/release/v18.14.0/win-x86/node.lib
Source: ShadowFury.exe, 00000000.00000003.1983268209.0000000007537000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/en/docs/inspector
Source: ShadowFury.exe, 00000000.00000003.1983268209.0000000007537000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/en/docs/inspectorFor
Source: ShadowFury.exe, 00000000.00000003.1983268209.0000000007537000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/static/images/favicons/favicon.ico
Source: ShadowFury.exe, 00000000.00000003.1983268209.0000000007537000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/static/images/favicons/favicon.icofaviconUrldevtoolsFrontendUrldevtoolsFrontendUr
Source: ShadowFury.exe, 00000000.00000003.1993745329.0000000005020000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pagure.io/lohit
Source: ShadowFury.exe, 00000000.00000003.1884195439.0000000006830000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://plus-innovations.com)
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap12.html
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap12.html).
Source: ShadowFury.exe, 00000004.00000000.2064453399.0000000007462000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: https://redirector.gvt1.com/edgedl/chrome/dict/
Source: ShadowFury.exe, 00000000.00000003.1884452784.0000000006C30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://semver.org/
Source: ShadowFury.exe, 00000000.00000003.1884452784.0000000006C30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sindresorhus.com
Source: ShadowFury.exe, 00000000.00000003.1884452784.0000000006C30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sindresorhus.com)
Source: ShadowFury.exe, 00000000.00000003.1993745329.0000000005020000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sites.google.com/site/gaviotachessengine/Home/endgame-tablebases-1
Source: ShadowFury.exe, 00000000.00000003.1982753666.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://source.chromium.org/chromium/chromium/src/
Source: ShadowFury.exe, 00000000.00000003.1993745329.0000000005020000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sourceforge.net/projects/wtl/files/WTL%2010/
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sourcemaps.info/spec.html
Source: ShadowFury.exe, 00000000.00000003.1993745329.0000000005020000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sqlite.org/
Source: ShadowFury.exe, 00000000.00000003.1883935339.0000000005920000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sqlite.org/forum/forumpost/08a0d6d9bf
Source: ShadowFury.exe, 00000000.00000003.1883935339.0000000005920000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sqlite.org/forum/forumpost/157dc791df
Source: ShadowFury.exe, 00000000.00000003.1883935339.0000000005920000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sqlite.org/forum/forumpost/206d99a16dd9212f
Source: ShadowFury.exe, 00000000.00000003.1883935339.0000000005920000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sqlite.org/forum/forumpost/24083b579d.
Source: ShadowFury.exe, 00000000.00000003.1883935339.0000000005920000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sqlite.org/forum/forumpost/2d76f2bcf65d256a
Source: ShadowFury.exe, 00000000.00000003.1883935339.0000000005920000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sqlite.org/forum/forumpost/36937b197273d403
Source: ShadowFury.exe, 00000000.00000003.1883935339.0000000005920000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sqlite.org/forum/forumpost/51e6959f61
Source: ShadowFury.exe, 00000000.00000003.1883935339.0000000005920000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sqlite.org/forum/forumpost/68d284c86b082c3e
Source: ShadowFury.exe, 00000000.00000003.1884195439.0000000006830000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sqlite.org/forum/forumpost/726219164b
Source: ShadowFury.exe, 00000000.00000003.1883935339.0000000005920000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sqlite.org/forum/forumpost/83cb4a95a0
Source: ShadowFury.exe, 00000000.00000003.1883935339.0000000005920000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sqlite.org/forum/forumpost/b40696f50145d21c
Source: ShadowFury.exe, 00000000.00000003.1883935339.0000000005920000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sqlite.org/forum/forumpost/eb8613976a
Source: ShadowFury.exe, 00000000.00000003.1883935339.0000000005920000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sqlite.org/src/info/0f0428096f17252a
Source: ShadowFury.exe, 00000000.00000003.1883935339.0000000005920000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sqlite.org/src/info/b043a54c3de54b28
Source: ShadowFury.exe, 00000000.00000003.1883935339.0000000005920000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sqlite.org/src/info/c94369cae9b561b1
Source: ShadowFury.exe, 00000000.00000003.1883935339.0000000005920000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sqlite.org/src/info/ce8717f0885af975
Source: ShadowFury.exe, 00000000.00000003.1883935339.0000000005920000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sqlite.org/src/info/fd76310a5e843e07
Source: ShadowFury.exe, 00000000.00000003.1983268209.000000000768F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://ssl.gstatic.com/
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/a/5501711/3561
Source: ShadowFury.exe, 00000000.00000003.1993745329.0000000005020000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://swiftshader.googlesource.com/SwiftShader
Source: ShadowFury.exe, 00000000.00000003.1884195439.0000000006830000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://systeminformation.io
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tc39.es/ecma262/#sec-%typedarray%-intrinsic-object
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tc39.es/ecma262/#sec-IsHTMLDDA-internal-slot
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tc39.es/ecma262/#sec-timeclip
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tc39.es/ecma262/#table-typeof-operator-results
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tc39.github.io/ecma262/#sec-%iteratorprototype%-object
Source: ShadowFury.exe, 00000000.00000003.1982753666.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tc39.github.io/ecma262/#sec-%typedarray%.of
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tc39.github.io/ecma262/#sec-object.prototype.tostring
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://testanything.org/tap-version-14-specification.html
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://testanything.org/tap-version-14-specification.html#subtests
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc2397#section-2
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc3492#section-3.4
Source: ShadowFury.exe, 00000000.00000003.1982753666.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc3986#section-3.2.2
Source: ShadowFury.exe, 00000000.00000003.1884195439.0000000006830000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc5234#appendix-B.1
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc6455#section-1.3
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc7230#section-3.2.2
Source: ShadowFury.exe, 00000000.00000003.1982753666.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc7230#section-3.2.6
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc7540#section-8.1.2.5
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://url.spec.whatwg.org/#cannot-have-a-username-password-port
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://url.spec.whatwg.org/#concept-url
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://url.spec.whatwg.org/#concept-url-origin
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://url.spec.whatwg.org/#concept-urlencoded-byte-serializer
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://url.spec.whatwg.org/#concept-urlencoded-parser
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://url.spec.whatwg.org/#concept-urlencoded-serializer
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://url.spec.whatwg.org/#forbidden-host-code-point
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://url.spec.whatwg.org/#special-scheme
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://url.spec.whatwg.org/#url
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://url.spec.whatwg.org/#url-serializing
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://url.spec.whatwg.org/#urlsearchparams
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://url.spec.whatwg.org/#urlsearchparams-stringification-behavior
Source: ShadowFury.exe, 00000000.00000003.1982753666.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://v8.dev/blog/v8-release-89
Source: ShadowFury.exe, 00000000.00000003.1983268209.000000000768F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://w3c.github.io/manifest/#installability-signals
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://w3c.github.io/resource-timing/#dfn-mark-resource-timing
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://w3c.github.io/resource-timing/#dfn-setup-the-resource-timing-entry
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://w3c.github.io/resource-timing/#dom-performance-setresourcetimingbuffersize
Source: ShadowFury.exe, 00000000.00000003.1884195439.0000000006830000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://w3c.github.io/webappsec-subresource-integrity/#grammardef-option-expression
Source: ShadowFury.exe, 00000000.00000003.1884195439.0000000006830000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://w3c.github.io/webappsec-subresource-integrity/#integrity-metadata-description
Source: ShadowFury.exe, 00000000.00000003.1884195439.0000000006830000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://w3c.github.io/webappsec-subresource-integrity/#parse-metadata
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://w3c.github.io/webappsec-subresource-integrity/#the-integrity-attribute
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://webassembly.github.io/spec/web-api
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://webidl.spec.whatwg.org/#es-dictionary
Source: ShadowFury.exe, 00000000.00000003.1982753666.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://wiki.squid-cache.org/SquidFaq/InnerWorkings#What_is_a_half-closed_filedescriptor.3F
Source: ShadowFury.exe, 00000000.00000003.1884195439.0000000006830000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://wiki.ubuntuusers.de/lsblk/
Source: ShadowFury.exe, 00000000.00000003.1884195439.0000000006830000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.buymeacoffee.com/systeminfo
Source: ShadowFury.exe, 00000000.00000003.1983268209.000000000768F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.chromestatus.com/feature/4664843055398912
Source: ShadowFury.exe, 00000000.00000003.1982753666.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.chromestatus.com/feature/5082396709879808
Source: ShadowFury.exe, 00000000.00000003.1983268209.000000000768F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.chromestatus.com/feature/5093566007214080
Source: ShadowFury.exe, 00000000.00000003.1983268209.000000000768F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.chromestatus.com/feature/5636954674692096
Source: ShadowFury.exe, 00000000.00000003.1983268209.000000000768F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.chromestatus.com/feature/5718547946799104
Source: ShadowFury.exe, 00000000.00000003.1983268209.0000000007537000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.chromestatus.com/feature/5738264052891648
Source: ShadowFury.exe, 00000000.00000003.1982753666.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.chromestatus.com/feature/5745543795965952
Source: ShadowFury.exe, 00000000.00000003.1982753666.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.chromestatus.com/feature/5745543795965952unload/beforeunload
Source: ShadowFury.exe, 00000000.00000003.1982753666.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.chromestatus.com/feature/5851021045661696.
Source: ShadowFury.exe, 00000000.00000003.1982753666.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.chromestatus.com/feature/5851021045661696.The
Source: ShadowFury.exe, 00000000.00000003.1983268209.000000000768F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.chromestatus.com/feature/6662647093133312
Source: ShadowFury.exe, 00000000.00000003.1983268209.000000000768F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.chromestatus.com/feature/6662647093133312InputDeviceCapabilities
Source: ShadowFury.exe, 00000000.00000003.1982753666.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.chromium.org/blink/origin-trials/portals.
Source: ShadowFury.exe, 00000000.00000003.1982753666.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.chromium.org/blink/origin-trials/portals.The
Source: ShadowFury.exe, 00000000.00000003.1884452784.0000000006C30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dmtf.org/sites/default/files/standards/documents/DSP0134_3.4.0a.pdf
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/#sec-line-terminators
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/#sec-promise.all
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/5.1/#sec-15.1.3.4
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-Alternative
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-Atom
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-CharacterClass
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-CharacterClassEscape
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-ClassAtom
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-ClassAtomNoDash
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-ClassRanges
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-ControlEscape
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-ControlLetter
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-DecimalDigits
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-DecimalEscape
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-Disjunction
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-Hex4Digits
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-HexDigit
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-HexDigits
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-HexEscapeSequence
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-NonemptyClassRanges
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-NonemptyClassRangesNoDash
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-OctalDigit
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-Pattern
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-PatternCharacter
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-Quantifier
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-QuantifierPrefix
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-RegExpUnicodeEscapeSequence
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-SyntaxCharacter
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-Assertion
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-AtomEscape
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-CharacterEscape
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-ClassControlLetter
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-ClassEscape
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-ExtendedAtom
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-ExtendedPatternCharacter
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-IdentityEscape
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-InvalidBracedQuantifier
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-LegacyOctalEscapeSequence
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-Term
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#sec-atomescape
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#sec-term
Source: ShadowFury.exe, 00000000.00000003.1983268209.000000000768F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/
Source: ShadowFury.exe, 00000004.00000000.2064453399.0000000007462000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: https://www.googleapis.com/spelling/v%d/spelling/check?key=%s
Source: ShadowFury.exe, 00000004.00000000.2064453399.0000000007462000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: https://www.googleapis.com/spelling/v%d/spelling/check?key=%serrorspellingCheckResponse.misspellings
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.iana.org/assignments/tls-extensiontype-values
Source: ShadowFury.exe, 00000000.00000003.1884452784.0000000006C30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.inetdaemon.com/tutorials/internet/ip/routing/default_route.shtml
Source: ShadowFury.exe, 00000000.00000003.1884452784.0000000006C30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.raspberrypi.org/documentation/hardware/raspberrypi/revision-codes/README.md
Source: ShadowFury.exe, 00000000.00000003.1982753666.0000000006970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.rfc-editor.org/rfc/rfc9110#section-5.2
Source: ShadowFury.exe, 00000000.00000003.1883935339.0000000005920000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.sqlite.org/src/info/083f9e6270).
Source: ShadowFury.exe, 00000000.00000003.1883935339.0000000005920000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.sqlite.org/src/info/908f001483982c43
Source: ShadowFury.exe, 00000000.00000003.1883935339.0000000005920000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.sqlite.org/src/info/bba7b69f9849b5bf
Source: ShadowFury.exe, 00000000.00000003.1993745329.0000000005020000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.swift.org/download/
Source: ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.unicode.org/Public/UNIDATA/EastAsianWidth.txt
Source: ShadowFury.exe, 00000000.00000003.1993745329.0000000005020000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.unicode.org/copyright.html.
Source: ShadowFury.exe, 00000000.00000003.1983268209.0000000007537000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://xhr.spec.whatwg.org/.
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
Source: ShadowFury.exe, 00000000.00000003.1983268209.0000000007537000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: RegisterRawInputDevices() failed for RIDEV_REMOVE memstr_52dc8a5c-3
Source: C:\Users\user\Desktop\ShadowFury.exeProcess token adjusted: SecurityJump to behavior
Source: ShadowFury.exeStatic PE information: invalid certificate
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelibGLESv2.dllb! vs ShadowFury.exe
Source: ShadowFury.exe, 00000000.00000003.1991955259.0000000005029000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelibGLESv2.dllb! vs ShadowFury.exe
Source: ShadowFury.exe, 00000000.00000003.1889380677.0000000005C20000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelibEGL.dllb! vs ShadowFury.exe
Source: ShadowFury.exe, 00000000.00000003.1889380677.0000000005C20000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamed3dcompiler_47.dllj% vs ShadowFury.exe
Source: ShadowFury.exe, 00000000.00000003.1985878929.0000000005026000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamed3dcompiler_47.dllj% vs ShadowFury.exe
Source: ShadowFury.exe, 00000000.00000003.1982489931.0000000005C20000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevk_swiftshader.dll, vs ShadowFury.exe
Source: ShadowFury.exe, 00000004.00000000.2064453399.0000000007462000.00000002.00000001.01000000.0000000C.sdmpBinary or memory string: ..\..\base\file_version_info_win.ccCreateFileVersionInfoWinCompanyNameCompanyShortNameInternalNameProductNameProductShortNameProductVersionFileDescriptionFileVersionOriginalFilenameSpecialBuild\StringFileInfo\%04x%04x\%ls\VarFileInfo\Translation\..\..\base\files\file_enumerator_win.cc..\..\base\files\file_path_watcher_win.ccUpdateWatchDestroyWatchSetupWatchHandleOnObjectSignaled( vs ShadowFury.exe
Source: ShadowFury.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: classification engineClassification label: mal68.spyw.evad.winEXE@59/132@35/2
Source: C:\Users\user\Desktop\ShadowFury.exeFile created: C:\Users\user\AppData\Local\ProgramsJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
Source: C:\Users\user\Desktop\ShadowFury.exeMutant created: \Sessions\1\BaseNamedObjects\d8b49fe8-42ea-5121-a0ba-899ad0437a85
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1848:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2088:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7744:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2000:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6560:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7800:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7908:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7784:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7856:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6556:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7872:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6804:120:WilError_03
Source: C:\Users\user\Desktop\ShadowFury.exeFile created: C:\Users\user\AppData\Local\Temp\nsqEB24.tmpJump to behavior
Source: ShadowFury.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\ShadowFury.exeFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\ShadowFury.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: ShadowFury.exe, 00000000.00000003.1982753666.0000000006970000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: ShadowFury.exe, 00000000.00000003.1982753666.0000000006970000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: ShadowFury.exe, 00000000.00000003.1982753666.0000000006970000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: ShadowFury.exe, 00000000.00000003.1982753666.0000000006970000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: ShadowFury.exe, 00000000.00000003.1983268209.000000000768F000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: Selector or media text is not valid.Source range didn't match existing source rangeSource range didn't match existing style source rangeKeyframe key text is not valid.Style text is not valid.Selector or container query text is not valid.CQ Source range didn't match existing style source rangeSelector or supports rule text is not valid.Supports source range didn't match existing source rangeSelector or scope rule text is not valid.Scope source range didn't match existing source range' could not be added in style sheet.The rule '' could not be added in media rule.Cannot insert rule inside rule selector.Cannot insert rule in non-media rule.Source range must be collapsed.Rule text is not valid.Style is read-only.No style rule could be found in given range.No parent stylesheet could be found.Cannot remove rule from non-media rule./\*[^]*?\*/: none; }-webkit-boguz-propertee { -webkit-boguz-propertee : none; } }@keyframes boguzAnim { div {: none; } } { div { @media @container @scope -moz--o--ms-"' %
Source: ShadowFury.exe, 00000000.00000003.1982753666.0000000006970000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: ShadowFury.exe, 00000000.00000003.1982753666.0000000006970000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: C:\Users\user\Desktop\ShadowFury.exeFile read: C:\Users\user\Desktop\ShadowFury.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\ShadowFury.exe "C:\Users\user\Desktop\ShadowFury.exe"
Source: unknownProcess created: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exe "C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exe"
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "chcp"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\chcp.com chcp
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "echo %COMPUTERNAME%.%USERDNSDOMAIN%"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeProcess created: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exe "C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\ShadowFury" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1972 --field-trial-handle=1976,i,5983286272222929098,2111862597278059386,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeProcess created: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exe "C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\ShadowFury" --mojo-platform-channel-handle=2136 --field-trial-handle=1976,i,5983286272222929098,2111862597278059386,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
Source: unknownProcess created: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exe "C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exe"
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "chcp"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\chcp.com chcp
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "echo %COMPUTERNAME%.%USERDNSDOMAIN%"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeProcess created: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exe "C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\ShadowFury" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1968 --field-trial-handle=1972,i,18180359127166526210,17872614602038801051,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeProcess created: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exe "C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\ShadowFury" --mojo-platform-channel-handle=2164 --field-trial-handle=1972,i,18180359127166526210,17872614602038801051,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "findstr /C:"Detected boot environment" "%windir%\Panther\setupact.log""
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /C:"Detected boot environment" "C:\Windows\Panther\setupact.log"
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "findstr /C:"Detected boot environment" "%windir%\Panther\setupact.log""
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /C:"Detected boot environment" "C:\Windows\Panther\setupact.log"
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeProcess created: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exe "C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\user\AppData\Roaming\ShadowFury" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1808 --field-trial-handle=1976,i,5983286272222929098,2111862597278059386,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeProcess created: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exe "C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\user\AppData\Roaming\ShadowFury" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1444 --field-trial-handle=1972,i,18180359127166526210,17872614602038801051,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "chcp"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "echo %COMPUTERNAME%.%USERDNSDOMAIN%"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeProcess created: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exe "C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\ShadowFury" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1972 --field-trial-handle=1976,i,5983286272222929098,2111862597278059386,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeProcess created: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exe "C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\ShadowFury" --mojo-platform-channel-handle=2136 --field-trial-handle=1976,i,5983286272222929098,2111862597278059386,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "findstr /C:"Detected boot environment" "%windir%\Panther\setupact.log""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeProcess created: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exe "C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\user\AppData\Roaming\ShadowFury" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1808 --field-trial-handle=1976,i,5983286272222929098,2111862597278059386,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\chcp.com chcpJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "chcp"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "echo %COMPUTERNAME%.%USERDNSDOMAIN%"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeProcess created: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exe "C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\ShadowFury" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1968 --field-trial-handle=1972,i,18180359127166526210,17872614602038801051,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeProcess created: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exe "C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\ShadowFury" --mojo-platform-channel-handle=2164 --field-trial-handle=1972,i,18180359127166526210,17872614602038801051,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "findstr /C:"Detected boot environment" "%windir%\Panther\setupact.log""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\chcp.com chcp
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /C:"Detected boot environment" "C:\Windows\Panther\setupact.log"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /C:"Detected boot environment" "C:\Windows\Panther\setupact.log"
Source: C:\Users\user\Desktop\ShadowFury.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\ShadowFury.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\ShadowFury.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\ShadowFury.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\ShadowFury.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\Desktop\ShadowFury.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\ShadowFury.exeSection loaded: oleacc.dllJump to behavior
Source: C:\Users\user\Desktop\ShadowFury.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\ShadowFury.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\ShadowFury.exeSection loaded: shfolder.dllJump to behavior
Source: C:\Users\user\Desktop\ShadowFury.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\ShadowFury.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\ShadowFury.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\ShadowFury.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\ShadowFury.exeSection loaded: riched20.dllJump to behavior
Source: C:\Users\user\Desktop\ShadowFury.exeSection loaded: usp10.dllJump to behavior
Source: C:\Users\user\Desktop\ShadowFury.exeSection loaded: msls31.dllJump to behavior
Source: C:\Users\user\Desktop\ShadowFury.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\Desktop\ShadowFury.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\Desktop\ShadowFury.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\Desktop\ShadowFury.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\ShadowFury.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\ShadowFury.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\ShadowFury.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\ShadowFury.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\ShadowFury.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Users\user\Desktop\ShadowFury.exeSection loaded: windows.fileexplorer.common.dllJump to behavior
Source: C:\Users\user\Desktop\ShadowFury.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\ShadowFury.exeSection loaded: ntshrui.dllJump to behavior
Source: C:\Users\user\Desktop\ShadowFury.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\ShadowFury.exeSection loaded: linkinfo.dllJump to behavior
Source: C:\Users\user\Desktop\ShadowFury.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\ShadowFury.exeSection loaded: cscapi.dllJump to behavior
Source: C:\Users\user\Desktop\ShadowFury.exeSection loaded: sxs.dllJump to behavior
Source: C:\Users\user\Desktop\ShadowFury.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Users\user\Desktop\ShadowFury.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Users\user\Desktop\ShadowFury.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\Desktop\ShadowFury.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: ffmpeg.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: uiautomationcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: dwrite.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: kbdus.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: napinsp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: pnrpnsp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: wshbth.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: winrnr.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: windows.ui.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: windowmanagementapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: inputhost.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: winsta.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: mscms.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: coloradapterclient.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: mmdevapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: devobj.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Windows\SysWOW64\chcp.comSection loaded: ulib.dllJump to behavior
Source: C:\Windows\SysWOW64\chcp.comSection loaded: fsutilext.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: ffmpeg.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: uiautomationcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: dwrite.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: dxgi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: resourcepolicyclient.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: mf.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: mfplat.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: rtworkq.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: msmpeg2vdec.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: mfperfhelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: dxva2.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: msvproc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: ffmpeg.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: uiautomationcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: dwrite.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: kbdus.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: ffmpeg.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: uiautomationcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: dwrite.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: kbdus.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: napinsp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: pnrpnsp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: wshbth.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: winrnr.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: windows.ui.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: windowmanagementapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: inputhost.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: mscms.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: coloradapterclient.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: winsta.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: mmdevapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: devobj.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Windows\SysWOW64\chcp.comSection loaded: ulib.dll
Source: C:\Windows\SysWOW64\chcp.comSection loaded: fsutilext.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: ffmpeg.dll
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: uiautomationcore.dll
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: powrprof.dll
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: umpdc.dll
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: dxgi.dll
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: resourcepolicyclient.dll
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: mf.dll
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: mfplat.dll
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: rtworkq.dll
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: msmpeg2vdec.dll
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: mfperfhelper.dll
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: dxva2.dll
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: msvproc.dll
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: dwmapi.dll
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: ffmpeg.dll
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: uiautomationcore.dll
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: powrprof.dll
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: umpdc.dll
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: kbdus.dll
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: dhcpcsvc6.dll
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: ffmpeg.dll
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: uiautomationcore.dll
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: powrprof.dll
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: umpdc.dll
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: kbdus.dll
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: dxgi.dll
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: resourcepolicyclient.dll
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: d3d11.dll
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: d3d11.dll
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: dxcore.dll
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: mf.dll
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: mfplat.dll
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: rtworkq.dll
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: msmpeg2vdec.dll
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: mfperfhelper.dll
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: dxva2.dll
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: msvproc.dll
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: d3d12.dll
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: d3d12.dll
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: d3d12core.dll
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: d3d10warp.dll
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: dxilconv.dll
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: d3dscache.dll
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: twinapi.appcore.dll
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: ffmpeg.dll
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeSection loaded: uiautomationcore.dll
Source: C:\Users\user\Desktop\ShadowFury.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
Source: C:\Users\user\Desktop\ShadowFury.exeRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\d8b49fe8-42ea-5121-a0ba-899ad0437a85Jump to behavior
Source: ShadowFury.exeStatic file information: File size 78038194 > 1048576
Source: ShadowFury.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: BCC = $(NCC) -nologo -W3 -Fd$*.pdb $(CCOPTS) $(BCCOPTS) source: ShadowFury.exe, 00000000.00000003.1884452784.0000000006C30000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: del /Q *.exp *.lo *.ilk *.lib *.obj *.ncb *.pdb *.sdf *.suo 2>NUL source: ShadowFury.exe, 00000000.00000003.1884452784.0000000006C30000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: -FdC:\Users\Administrator\Desktop\duvet\src\builds\LYifJXHx8\source\node_modules\sqlite3\build\Release\sqlite3.pdb source: ShadowFury.exe, 00000000.00000003.1884452784.0000000006C30000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: LTCOMPILE = $(TCC) -Fo$@ -Fd$*.pdb source: ShadowFury.exe, 00000000.00000003.1884452784.0000000006C30000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: /c /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\INCLUDE\NODE" /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\SRC" /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\DEPS\OPENSSL\CONFIG" /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\DEPS\OPENSSL\OPENSSL\INCLUDE" /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\DEPS\UV\INCLUDE" /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\DEPS\ZLIB" /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\DEPS\V8\INCLUDE" /I"C:\USERS\ADMINISTRATOR\DESKTOP\DUVET\SRC\BUILDS\LYIFJXHX8\SOURCE\NODE_MODULES\NODE-ADDON-API" /I"C:\USERS\ADMINISTRATOR\DESKTOP\DUVET\SRC\BUILDS\LYIFJXHX8\SOURCE\NODE_MODULES\SQLITE3\BUILD\RELEASE\OBJ\GLOBAL_INTERMEDIATE\SQLITE-AUTOCONF-3440200" /Z7 /nologo /W3 /WX- /diagnostics:column /Ox /Ob2 /Oi /Ot /Oy /GL /D NODE_GYP_MODULE_NAME=node_sqlite3 /D USING_UV_SHARED=1 /D USING_V8_SHARED=1 /D V8_DEPRECATION_WARNINGS=1 /D V8_DEPRECATION_WARNINGS /D V8_IMMINENT_DEPRECATION_WARNINGS /D _GLIBCXX_USE_CXX11_ABI=1 /D ELECTRON_ENSURE_CONFIG_GYPI /D WIN32 /D _CRT_SECURE_NO_DEPRECATE /D _CRT_NONSTDC_NO_DEPRECATE /D _HAS_EXCEPTIONS=0 /D OPENSSL_NO_PINSHARED /D OPENSSL_THREADS /D NAPI_VERSION=8 /D NAPI_DISABLE_CPP_EXCEPTIONS=1 /D SQLITE_THREADSAFE=1 /D HAVE_USLEEP=1 /D SQLITE_ENABLE_FTS3 /D SQLITE_ENABLE_FTS4 /D SQLITE_ENABLE_FTS5 /D SQLITE_ENABLE_RTREE /D SQLITE_ENABLE_DBSTAT_VTAB=1 /D SQLITE_ENABLE_MATH_FUNCTIONS /D BUILDING_NODE_EXTENSION /D "HOST_BINARY=\"node.exe\"" /D NDEBUG /D _WINDLL /GF /Gm- /EHsc /MT /GS /Gy /fp:precise /Zc:wchar_t /Zc:forScope /Zc:inline /GR- /Fo"RELEASE\OBJ\NODE_SQLITE3\\SRC\STATEMENT.OBJ" /Fd"RELEASE\OBJ\NODE_SQLITE3\VC143.PDB" /external:W3 /Gd /TP /wd4351 /wd4355 /wd4800 /wd4251 /wd4275 /wd4244 /wd4267 /analyze- /FC /Zc:__cplusplus -std:c++17 C:\USERS\ADMINISTRATOR\DESKTOP\DUVET\SRC\BUILDS\LYIFJXHX8\SOURCE\NODE_MODULES\SQLITE3\SRC\STATEMENT.CC source: ShadowFury.exe, 00000000.00000003.1884452784.0000000006C30000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\Users\Administrator\Desktop\duvet\src\builds\LYifJXHx8\source\node_modules\sqlite3\build\Release\sqlite3.pdb source: ShadowFury.exe, 00000000.00000003.1884452784.0000000006C30000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: CLEANFILES="$CLEANFILES *.lib *.dll *.pdb *.exp" source: ShadowFury.exe, 00000000.00000003.1884195439.0000000006830000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: -typedil-fC:\Users\Administrator\Desktop\duvet\src\builds\LYifJXHx8\source\node_modules\node-gyp\src\win_delay_load_hook.cc-Gs4096-dos-Zi-Z7-W3-pdbrpc-Og-Ob2-Ot-EHs-MT-GS-Gy-FitObjFunc-FitObjData-NoRTTI-FoC:\Users\Administrator\Desktop\duvet\src\builds\LYifJXHx8\source\node_modules\sqlite3\build\deps\Release\obj\sqlite3\win_delay_load_hook.obj-FdC:\Users\Administrator\Desktop\duvet\src\builds\LYifJXHx8\source\node_modules\sqlite3\build\Release\sqlite3.pdb-errorreport:queue source: ShadowFury.exe, 00000000.00000003.1884452784.0000000006C30000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\PROGRAM FILES\MICROSOFT VISUAL STUDIO\2022\COMMUNITY\VC\TOOLS\MSVC\14.39.33519\LIB\X86\LIBCMT.I386.PDB source: ShadowFury.exe, 00000000.00000003.1884452784.0000000006C30000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\projects\src\out\Default\ffmpeg.dll.pdb source: ShadowFury.exe, 00000000.00000003.1889380677.0000000005C20000.00000004.00001000.00020000.00000000.sdmp, ShadowFury.exe, 00000000.00000003.1987405093.0000000005025000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM ) ;; source: ShadowFury.exe, 00000000.00000003.1884195439.0000000006830000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: /c /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\INCLUDE\NODE" /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\SRC" /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\DEPS\OPENSSL\CONFIG" /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\DEPS\OPENSSL\OPENSSL\INCLUDE" /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\DEPS\UV\INCLUDE" /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\DEPS\ZLIB" /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\DEPS\V8\INCLUDE" /I"C:\USERS\ADMINISTRATOR\DESKTOP\DUVET\SRC\BUILDS\LYIFJXHX8\SOURCE\NODE_MODULES\NODE-ADDON-API" /I"C:\USERS\ADMINISTRATOR\DESKTOP\DUVET\SRC\BUILDS\LYIFJXHX8\SOURCE\NODE_MODULES\SQLITE3\BUILD\RELEASE\OBJ\GLOBAL_INTERMEDIATE\SQLITE-AUTOCONF-3440200" /Z7 /nologo /W3 /WX- /diagnostics:column /Ox /Ob2 /Oi /Ot /Oy /GL /D NODE_GYP_MODULE_NAME=node_sqlite3 /D USING_UV_SHARED=1 /D USING_V8_SHARED=1 /D V8_DEPRECATION_WARNINGS=1 /D V8_DEPRECATION_WARNINGS /D V8_IMMINENT_DEPRECATION_WARNINGS /D _GLIBCXX_USE_CXX11_ABI=1 /D ELECTRON_ENSURE_CONFIG_GYPI /D WIN32 /D _CRT_SECURE_NO_DEPRECATE /D _CRT_NONSTDC_NO_DEPRECATE /D _HAS_EXCEPTIONS=0 /D OPENSSL_NO_PINSHARED /D OPENSSL_THREADS /D NAPI_VERSION=8 /D NAPI_DISABLE_CPP_EXCEPTIONS=1 /D SQLITE_THREADSAFE=1 /D HAVE_USLEEP=1 /D SQLITE_ENABLE_FTS3 /D SQLITE_ENABLE_FTS4 /D SQLITE_ENABLE_FTS5 /D SQLITE_ENABLE_RTREE /D SQLITE_ENABLE_DBSTAT_VTAB=1 /D SQLITE_ENABLE_MATH_FUNCTIONS /D BUILDING_NODE_EXTENSION /D "HOST_BINARY=\"node.exe\"" /D NDEBUG /D _WINDLL /GF /Gm- /EHsc /MT /GS /Gy /fp:precise /Zc:wchar_t /Zc:forScope /Zc:inline /GR- /Fo"RELEASE\OBJ\NODE_SQLITE3\\SRC\NODE_SQLITE3.OBJ" /Fd"RELEASE\OBJ\NODE_SQLITE3\VC143.PDB" /external:W3 /Gd /TP /wd4351 /wd4355 /wd4800 /wd4251 /wd4275 /wd4244 /wd4267 /analyze- /FC /Zc:__cplusplus -std:c++17 C:\USERS\ADMINISTRATOR\DESKTOP\DUVET\SRC\BUILDS\LYIFJXHX8\SOURCE\NODE_MODULES\SQLITE3\SRC\NODE_SQLITE3.CC source: ShadowFury.exe, 00000000.00000003.1884452784.0000000006C30000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\PROGRAM FILES\MICROSOFT VISUAL STUDIO\2022\COMMUNITY\VC\TOOLS\MSVC\14.39.33519\LIB\X86\LIBCPMT.I386.PDB source: ShadowFury.exe, 00000000.00000003.1884452784.0000000006C30000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\projects\src\out\Default\libGLESv2.dll.pdb source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmp, ShadowFury.exe, 00000000.00000003.1991955259.0000000005029000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: /OUT:"C:\USERS\ADMINISTRATOR\DESKTOP\DUVET\SRC\BUILDS\LYIFJXHX8\SOURCE\NODE_MODULES\SQLITE3\BUILD\RELEASE\NODE_SQLITE3.NODE" /INCREMENTAL:NO /NOLOGO KERNEL32.LIB USER32.LIB GDI32.LIB WINSPOOL.LIB COMDLG32.LIB ADVAPI32.LIB SHELL32.LIB OLE32.LIB OLEAUT32.LIB UUID.LIB ODBC32.LIB DELAYIMP.LIB "C:\\USERS\\ADMINISTRATOR\\.ELECTRON-GYP\\24.1.1\\IA32\\NODE.LIB" DELAYIMP.LIB /DELAYLOAD:NODE.EXE /MANIFEST /MANIFESTUAC:"level='asInvoker' uiAccess='false'" /manifest:embed /DEBUG /PDB:"C:\USERS\ADMINISTRATOR\DESKTOP\DUVET\SRC\BUILDS\LYIFJXHX8\SOURCE\NODE_MODULES\SQLITE3\BUILD\RELEASE\NODE_SQLITE3.PDB" /OPT:REF /OPT:ICF /TLBID:1 /DYNAMICBASE /NXCOMPAT /MACHINE:X86 /SAFESEH /LTCG:INCREMENTAL /ignore:4199 /DLL RELEASE\OBJ\NODE_SQLITE3\WIN_DELAY_LOAD_HOOK.OBJ source: ShadowFury.exe, 00000000.00000003.1884452784.0000000006C30000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\projects\src\out\Default\libGLESv2.dll.pdb`)p) source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmp, ShadowFury.exe, 00000000.00000003.1991955259.0000000005029000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: SQLITE3EXEPDB = /pdb:sqlite3sh.pdb source: ShadowFury.exe, 00000000.00000003.1884452784.0000000006C30000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\PROGRAM FILES\MICROSOFT VISUAL STUDIO\2022\COMMUNITY\VC\TOOLS\MSVC\14.39.33519\LIB\X86\LIBVCRUNTIME.I386.PDB source: ShadowFury.exe, 00000000.00000003.1884452784.0000000006C30000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: ** rbu_file.pDb!=0, then it is assumed to already be present on the source: ShadowFury.exe, 00000000.00000003.1884195439.0000000006830000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\projects\src\out\Default\libEGL.dll.pdb source: ShadowFury.exe, 00000000.00000003.1889380677.0000000005C20000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: /c /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\INCLUDE\NODE" /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\SRC" /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\DEPS\OPENSSL\CONFIG" /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\DEPS\OPENSSL\OPENSSL\INCLUDE" /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\DEPS\UV\INCLUDE" /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\DEPS\ZLIB" /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\DEPS\V8\INCLUDE" /I"C:\USERS\ADMINISTRATOR\DESKTOP\DUVET\SRC\BUILDS\LYIFJXHX8\SOURCE\NODE_MODULES\NODE-ADDON-API" /I"C:\USERS\ADMINISTRATOR\DESKTOP\DUVET\SRC\BUILDS\LYIFJXHX8\SOURCE\NODE_MODULES\SQLITE3\BUILD\RELEASE\OBJ\GLOBAL_INTERMEDIATE\SQLITE-AUTOCONF-3440200" /Z7 /nologo /W3 /WX- /diagnostics:column /Ox /Ob2 /Oi /Ot /Oy /GL /D NODE_GYP_MODULE_NAME=node_sqlite3 /D USING_UV_SHARED=1 /D USING_V8_SHARED=1 /D V8_DEPRECATION_WARNINGS=1 /D V8_DEPRECATION_WARNINGS /D V8_IMMINENT_DEPRECATION_WARNINGS /D _GLIBCXX_USE_CXX11_ABI=1 /D ELECTRON_ENSURE_CONFIG_GYPI /D WIN32 /D _CRT_SECURE_NO_DEPRECATE /D _CRT_NONSTDC_NO_DEPRECATE /D _HAS_EXCEPTIONS=0 /D OPENSSL_NO_PINSHARED /D OPENSSL_THREADS /D NAPI_VERSION=8 /D NAPI_DISABLE_CPP_EXCEPTIONS=1 /D SQLITE_THREADSAFE=1 /D HAVE_USLEEP=1 /D SQLITE_ENABLE_FTS3 /D SQLITE_ENABLE_FTS4 /D SQLITE_ENABLE_FTS5 /D SQLITE_ENABLE_RTREE /D SQLITE_ENABLE_DBSTAT_VTAB=1 /D SQLITE_ENABLE_MATH_FUNCTIONS /D BUILDING_NODE_EXTENSION /D "HOST_BINARY=\"node.exe\"" /D NDEBUG /D _WINDLL /GF /Gm- /EHsc /MT /GS /Gy /fp:precise /Zc:wchar_t /Zc:forScope /Zc:inline /GR- /Fo"RELEASE\OBJ\NODE_SQLITE3\\SRC\DATABASE.OBJ" /Fd"RELEASE\OBJ\NODE_SQLITE3\VC143.PDB" /external:W3 /Gd /TP /wd4351 /wd4355 /wd4800 /wd4251 /wd4275 /wd4244 /wd4267 /analyze- /FC /Zc:__cplusplus -std:c++17 C:\USERS\ADMINISTRATOR\DESKTOP\DUVET\SRC\BUILDS\LYIFJXHX8\SOURCE\NODE_MODULES\SQLITE3\SRC\DATABASE.CC source: ShadowFury.exe, 00000000.00000003.1884452784.0000000006C30000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: BCC = $(NCC) -nologo -W4 -Fd$*.pdb $(CCOPTS) $(BCCOPTS) source: ShadowFury.exe, 00000000.00000003.1884452784.0000000006C30000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;; source: ShadowFury.exe, 00000000.00000003.1884195439.0000000006830000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) source: ShadowFury.exe, 00000000.00000003.1884195439.0000000006830000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\projects\src\out\Default\vk_swiftshader.dll.pdb source: ShadowFury.exe, 00000000.00000003.1982489931.0000000005C20000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\USERS\ADMINISTRATOR\DESKTOP\DUVET\SRC\BUILDS\LYIFJXHX8\SOURCE\NODE_MODULES\SQLITE3\BUILD\RELEASE\NODE_SQLITE3.PDB source: ShadowFury.exe, 00000000.00000003.1884452784.0000000006C30000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: /c /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\INCLUDE\NODE" /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\SRC" /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\DEPS\OPENSSL\CONFIG" /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\DEPS\OPENSSL\OPENSSL\INCLUDE" /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\DEPS\UV\INCLUDE" /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\DEPS\ZLIB" /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\DEPS\V8\INCLUDE" /I"C:\USERS\ADMINISTRATOR\DESKTOP\DUVET\SRC\BUILDS\LYIFJXHX8\SOURCE\NODE_MODULES\NODE-ADDON-API" /I"C:\USERS\ADMINISTRATOR\DESKTOP\DUVET\SRC\BUILDS\LYIFJXHX8\SOURCE\NODE_MODULES\SQLITE3\BUILD\RELEASE\OBJ\GLOBAL_INTERMEDIATE\SQLITE-AUTOCONF-3440200" /Z7 /nologo /W3 /WX- /diagnostics:column /Ox /Ob2 /Oi /Ot /Oy /GL /D NODE_GYP_MODULE_NAME=node_sqlite3 /D USING_UV_SHARED=1 /D USING_V8_SHARED=1 /D V8_DEPRECATION_WARNINGS=1 /D V8_DEPRECATION_WARNINGS /D V8_IMMINENT_DEPRECATION_WARNINGS /D _GLIBCXX_USE_CXX11_ABI=1 /D ELECTRON_ENSURE_CONFIG_GYPI /D WIN32 /D _CRT_SECURE_NO_DEPRECATE /D _CRT_NONSTDC_NO_DEPRECATE /D _HAS_EXCEPTIONS=0 /D OPENSSL_NO_PINSHARED /D OPENSSL_THREADS /D NAPI_VERSION=8 /D NAPI_DISABLE_CPP_EXCEPTIONS=1 /D SQLITE_THREADSAFE=1 /D HAVE_USLEEP=1 /D SQLITE_ENABLE_FTS3 /D SQLITE_ENABLE_FTS4 /D SQLITE_ENABLE_FTS5 /D SQLITE_ENABLE_RTREE /D SQLITE_ENABLE_DBSTAT_VTAB=1 /D SQLITE_ENABLE_MATH_FUNCTIONS /D BUILDING_NODE_EXTENSION /D "HOST_BINARY=\"node.exe\"" /D NDEBUG /D _WINDLL /GF /Gm- /EHsc /MT /GS /Gy /fp:precise /Zc:wchar_t /Zc:forScope /Zc:inline /GR- /Fo"RELEASE\OBJ\NODE_SQLITE3\\SRC\BACKUP.OBJ" /Fd"RELEASE\OBJ\NODE_SQLITE3\VC143.PDB" /external:W3 /Gd /TP /wd4351 /wd4355 /wd4800 /wd4251 /wd4275 /wd4244 /wd4267 /analyze- /FC /Zc:__cplusplus -std:c++17 C:\USERS\ADMINISTRATOR\DESKTOP\DUVET\SRC\BUILDS\LYIFJXHX8\SOURCE\NODE_MODULES\SQLITE3\SRC\BACKUP.CC source: ShadowFury.exe, 00000000.00000003.1884452784.0000000006C30000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: ** for all file descriptors with rbu_file.pDb!=0. If the argument has source: ShadowFury.exe, 00000000.00000003.1884195439.0000000006830000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: /c /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\INCLUDE\NODE" /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\SRC" /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\DEPS\OPENSSL\CONFIG" /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\DEPS\OPENSSL\OPENSSL\INCLUDE" /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\DEPS\UV\INCLUDE" /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\DEPS\ZLIB" /I"C:\USERS\ADMINISTRATOR\.ELECTRON-GYP\24.1.1\DEPS\V8\INCLUDE" /I"C:\USERS\ADMINISTRATOR\DESKTOP\DUVET\SRC\BUILDS\LYIFJXHX8\SOURCE\NODE_MODULES\NODE-ADDON-API" /I"C:\USERS\ADMINISTRATOR\DESKTOP\DUVET\SRC\BUILDS\LYIFJXHX8\SOURCE\NODE_MODULES\SQLITE3\BUILD\RELEASE\OBJ\GLOBAL_INTERMEDIATE\SQLITE-AUTOCONF-3440200" /Z7 /nologo /W3 /WX- /diagnostics:column /Ox /Ob2 /Oi /Ot /Oy /GL /D NODE_GYP_MODULE_NAME=node_sqlite3 /D USING_UV_SHARED=1 /D USING_V8_SHARED=1 /D V8_DEPRECATION_WARNINGS=1 /D V8_DEPRECATION_WARNINGS /D V8_IMMINENT_DEPRECATION_WARNINGS /D _GLIBCXX_USE_CXX11_ABI=1 /D ELECTRON_ENSURE_CONFIG_GYPI /D WIN32 /D _CRT_SECURE_NO_DEPRECATE /D _CRT_NONSTDC_NO_DEPRECATE /D _HAS_EXCEPTIONS=0 /D OPENSSL_NO_PINSHARED /D OPENSSL_THREADS /D NAPI_VERSION=8 /D NAPI_DISABLE_CPP_EXCEPTIONS=1 /D SQLITE_THREADSAFE=1 /D HAVE_USLEEP=1 /D SQLITE_ENABLE_FTS3 /D SQLITE_ENABLE_FTS4 /D SQLITE_ENABLE_FTS5 /D SQLITE_ENABLE_RTREE /D SQLITE_ENABLE_DBSTAT_VTAB=1 /D SQLITE_ENABLE_MATH_FUNCTIONS /D BUILDING_NODE_EXTENSION /D "HOST_BINARY=\"node.exe\"" /D NDEBUG /D _WINDLL /GF /Gm- /EHsc /MT /GS /Gy /fp:precise /Zc:wchar_t /Zc:forScope /Zc:inline /GR- /Fo"RELEASE\OBJ\NODE_SQLITE3\\" /Fd"RELEASE\OBJ\NODE_SQLITE3\VC143.PDB" /external:W3 /Gd /TP /wd4351 /wd4355 /wd4800 /wd4251 /wd4275 /wd4244 /wd4267 /analyze- /FC /Zc:__cplusplus -std:c++17 C:\USERS\ADMINISTRATOR\DESKTOP\DUVET\SRC\BUILDS\LYIFJXHX8\SOURCE\NODE_MODULES\NODE-GYP\SRC\WIN_DELAY_LOAD_HOOK.CC source: ShadowFury.exe, 00000000.00000003.1884452784.0000000006C30000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\projects\src\out\Default\libEGL.dll.pdb source: ShadowFury.exe, 00000000.00000003.1889380677.0000000005C20000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: ** rbu_file.pDb!=0. source: ShadowFury.exe, 00000000.00000003.1884195439.0000000006830000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\projects\src\out\Default\vulkan-1.dll.pdb source: ShadowFury.exe, 00000000.00000003.1979571648.0000000004D60000.00000004.00001000.00020000.00000000.sdmp, ShadowFury.exe, 00000000.00000003.1979752685.00000000054D0000.00000004.00001000.00020000.00000000.sdmp, ShadowFury.exe, 00000000.00000003.1982489931.0000000005C20000.00000004.00001000.00020000.00000000.sdmp
Source: d3dcompiler_47.dll.0.drStatic PE information: 0xBEBD7FD7 [Fri May 29 01:54:31 2071 UTC]
Source: libGLESv2.dll.0.drStatic PE information: section name: .00cfg
Source: ShadowFury.exe.0.drStatic PE information: section name: .00cfg
Source: ShadowFury.exe.0.drStatic PE information: section name: .rodata
Source: ShadowFury.exe.0.drStatic PE information: section name: CPADinfo
Source: ShadowFury.exe.0.drStatic PE information: section name: malloc_h
Source: vk_swiftshader.dll.0.drStatic PE information: section name: .00cfg
Source: vulkan-1.dll.0.drStatic PE information: section name: .00cfg
Source: ffmpeg.dll.0.drStatic PE information: section name: .00cfg
Source: libEGL.dll.0.drStatic PE information: section name: .00cfg
Source: libGLESv2.dll0.0.drStatic PE information: section name: .00cfg
Source: ShadowFury.exe0.0.drStatic PE information: section name: .00cfg
Source: ShadowFury.exe0.0.drStatic PE information: section name: .rodata
Source: ShadowFury.exe0.0.drStatic PE information: section name: CPADinfo
Source: ShadowFury.exe0.0.drStatic PE information: section name: malloc_h
Source: vk_swiftshader.dll0.0.drStatic PE information: section name: .00cfg
Source: vulkan-1.dll0.0.drStatic PE information: section name: .00cfg
Source: ffmpeg.dll0.0.drStatic PE information: section name: .00cfg
Source: libEGL.dll0.0.drStatic PE information: section name: .00cfg
Source: C:\Users\user\Desktop\ShadowFury.exeFile created: C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\vulkan-1.dllJump to dropped file
Source: C:\Users\user\Desktop\ShadowFury.exeFile created: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeJump to dropped file
Source: C:\Users\user\Desktop\ShadowFury.exeFile created: C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\resources\elevate.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeFile created: C:\Users\user\AppData\Local\Temp\c72e6d37-050a-4632-91c0-63b85d93d972.tmp.nodeJump to dropped file
Source: C:\Users\user\Desktop\ShadowFury.exeFile created: C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\libGLESv2.dllJump to dropped file
Source: C:\Users\user\Desktop\ShadowFury.exeFile created: C:\Users\user\AppData\Local\Programs\ShadowFury\vk_swiftshader.dllJump to dropped file
Source: C:\Users\user\Desktop\ShadowFury.exeFile created: C:\Users\user\AppData\Local\Programs\ShadowFury\ffmpeg.dllJump to dropped file
Source: C:\Users\user\Desktop\ShadowFury.exeFile created: C:\Users\user\AppData\Local\Programs\ShadowFury\libEGL.dllJump to dropped file
Source: C:\Users\user\Desktop\ShadowFury.exeFile created: C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\vk_swiftshader.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeFile created: C:\Users\user\AppData\Local\Temp\ece2b052-aa6a-477b-a28f-4a0581807657.tmp.nodeJump to dropped file
Source: C:\Users\user\Desktop\ShadowFury.exeFile created: C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\StdUtils.dllJump to dropped file
Source: C:\Users\user\Desktop\ShadowFury.exeFile created: C:\Users\user\AppData\Local\Programs\ShadowFury\d3dcompiler_47.dllJump to dropped file
Source: C:\Users\user\Desktop\ShadowFury.exeFile created: C:\Users\user\AppData\Local\Programs\ShadowFury\vulkan-1.dllJump to dropped file
Source: C:\Users\user\Desktop\ShadowFury.exeFile created: C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\d3dcompiler_47.dllJump to dropped file
Source: C:\Users\user\Desktop\ShadowFury.exeFile created: C:\Users\user\AppData\Local\Programs\ShadowFury\libGLESv2.dllJump to dropped file
Source: C:\Users\user\Desktop\ShadowFury.exeFile created: C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\SpiderBanner.dllJump to dropped file
Source: C:\Users\user\Desktop\ShadowFury.exeFile created: C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\nsis7z.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeFile created: C:\Users\user\AppData\Local\Temp\6f9c7dcb-c5ec-4d75-b81c-93e1fcff8c95.tmp.nodeJump to dropped file
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeFile created: C:\Users\user\AppData\Local\Temp\65009a31-e18f-4331-be2b-a374113ace84.tmp.nodeJump to dropped file
Source: C:\Users\user\Desktop\ShadowFury.exeFile created: C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\ffmpeg.dllJump to dropped file
Source: C:\Users\user\Desktop\ShadowFury.exeFile created: C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\libEGL.dllJump to dropped file
Source: C:\Users\user\Desktop\ShadowFury.exeFile created: C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\System.dllJump to dropped file
Source: C:\Users\user\Desktop\ShadowFury.exeFile created: C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\ShadowFury.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeFile created: C:\Users\user\AppData\Local\Temp\65009a31-e18f-4331-be2b-a374113ace84.tmp.nodeJump to dropped file
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeFile created: C:\Users\user\AppData\Local\Temp\6f9c7dcb-c5ec-4d75-b81c-93e1fcff8c95.tmp.nodeJump to dropped file
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeFile created: C:\Users\user\AppData\Local\Temp\c72e6d37-050a-4632-91c0-63b85d93d972.tmp.nodeJump to dropped file
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeFile created: C:\Users\user\AppData\Local\Temp\ece2b052-aa6a-477b-a28f-4a0581807657.tmp.nodeJump to dropped file
Source: C:\Users\user\Desktop\ShadowFury.exeFile created: C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\LICENSE.electron.txtJump to behavior
Source: C:\Users\user\Desktop\ShadowFury.exeFile created: C:\Users\user\AppData\Local\Programs\ShadowFury\LICENSE.electron.txtJump to behavior
Source: C:\Users\user\Desktop\ShadowFury.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ShadowFury.lnkJump to behavior
Source: C:\Users\user\Desktop\ShadowFury.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ShadowFury.lnkJump to behavior

Hooking and other Techniques for Hiding and Protection

barindex
Loading BitLocker PowerShell Module
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Users\user\Desktop\ShadowFury.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ShadowFury.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ShadowFury.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ShadowFury.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ShadowFury.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ShadowFury.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

barindex
Opens the same file many times (likely Sandbox evasion)
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeFile opened: \Device\RasAcd count: 61641Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeFile opened: \Device\RasAcd count: 55052Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3101Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 379Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2725
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 411
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1246
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3060
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3083
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 935
Source: C:\Users\user\Desktop\ShadowFury.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\vulkan-1.dllJump to dropped file
Source: C:\Users\user\Desktop\ShadowFury.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\resources\elevate.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\c72e6d37-050a-4632-91c0-63b85d93d972.tmp.nodeJump to dropped file
Source: C:\Users\user\Desktop\ShadowFury.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\libGLESv2.dllJump to dropped file
Source: C:\Users\user\Desktop\ShadowFury.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\ShadowFury\libEGL.dllJump to dropped file
Source: C:\Users\user\Desktop\ShadowFury.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\ShadowFury\vk_swiftshader.dllJump to dropped file
Source: C:\Users\user\Desktop\ShadowFury.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\vk_swiftshader.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ece2b052-aa6a-477b-a28f-4a0581807657.tmp.nodeJump to dropped file
Source: C:\Users\user\Desktop\ShadowFury.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\StdUtils.dllJump to dropped file
Source: C:\Users\user\Desktop\ShadowFury.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\ShadowFury\d3dcompiler_47.dllJump to dropped file
Source: C:\Users\user\Desktop\ShadowFury.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\d3dcompiler_47.dllJump to dropped file
Source: C:\Users\user\Desktop\ShadowFury.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\ShadowFury\vulkan-1.dllJump to dropped file
Source: C:\Users\user\Desktop\ShadowFury.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\ShadowFury\libGLESv2.dllJump to dropped file
Source: C:\Users\user\Desktop\ShadowFury.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\SpiderBanner.dllJump to dropped file
Source: C:\Users\user\Desktop\ShadowFury.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\nsis7z.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\6f9c7dcb-c5ec-4d75-b81c-93e1fcff8c95.tmp.nodeJump to dropped file
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\65009a31-e18f-4331-be2b-a374113ace84.tmp.nodeJump to dropped file
Source: C:\Users\user\Desktop\ShadowFury.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\libEGL.dllJump to dropped file
Source: C:\Users\user\Desktop\ShadowFury.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\System.dllJump to dropped file
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7292Thread sleep count: 3101 > 30Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7360Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7292Thread sleep count: 379 > 30Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7332Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7256Thread sleep count: 2725 > 30
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7364Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7176Thread sleep count: 411 > 30
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7312Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7308Thread sleep count: 1246 > 30
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7368Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7344Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 8060Thread sleep count: 3060 > 30
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 1284Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 8068Thread sleep count: 324 > 30
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 412Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 8112Thread sleep count: 3083 > 30
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5888Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 8112Thread sleep count: 218 > 30
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 8184Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 8164Thread sleep count: 935 > 30
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 2496Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 1548Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\d0010809Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\d0010809Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\d0010809Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\d0010809
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\d0010809
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\d0010809
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeLast function: Thread delayed
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeLast function: Thread delayed
Source: C:\Users\user\Desktop\ShadowFury.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeFile Volume queried: C:\Users\user\AppData\Local\Programs\ShadowFury FullSizeInformation
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeFile Volume queried: C:\Users\user\AppData\Local\Programs\ShadowFury FullSizeInformation
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeFile Volume queried: C:\Users\user\AppData\Local\Temp FullSizeInformation
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeFile Volume queried: C:\Users\user\AppData\Local\Temp FullSizeInformation
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeFile Volume queried: C:\Users\user FullSizeInformation
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeFile Volume queried: C:\Users\user FullSizeInformation
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeFile Volume queried: C:\Users\user\AppData\Local\Programs\ShadowFury FullSizeInformation
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeFile Volume queried: C:\Users\user\AppData\Local\Programs\ShadowFury FullSizeInformation
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeFile Volume queried: C:\Users\user\AppData\Local\Temp FullSizeInformation
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeFile Volume queried: C:\Users\user FullSizeInformation
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeFile Volume queried: C:\Users\user FullSizeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Users\user\Desktop\ShadowFury.exeFile opened: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeJump to behavior
Source: C:\Users\user\Desktop\ShadowFury.exeFile opened: C:\Users\userJump to behavior
Source: C:\Users\user\Desktop\ShadowFury.exeFile opened: C:\Users\user\AppData\Local\Programs\ShadowFuryJump to behavior
Source: C:\Users\user\Desktop\ShadowFury.exeFile opened: C:\Users\user\AppDataJump to behavior
Source: C:\Users\user\Desktop\ShadowFury.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
Source: C:\Users\user\Desktop\ShadowFury.exeFile opened: C:\Users\user\AppData\Local\ProgramsJump to behavior
Source: ShadowFury.exe, 00000000.00000003.1982753666.0000000006970000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: VMware Virtual Webcam
Source: ShadowFury.exe, 00000000.00000003.1884452784.0000000006C30000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: if (lines.indexOf('VRTUAL') >= 0 || lines.indexOf('A M I ') >= 0 || lines.indexOf('VirtualBox') >= 0 || lines.indexOf('VMWare') >= 0 || lines.indexOf('Xen') >= 0 || lines.indexOf('Parallels') >= 0) {
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: VMware
Source: ShadowFury.exe, 00000000.00000003.1884452784.0000000006C30000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: result.virtualHost = 'Hyper-V';
Source: ShadowFury.exe, 00000000.00000003.1884452784.0000000006C30000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: const stdout = execSync('dmesg 2>/dev/null | grep -iE "virtual|hypervisor" | grep -iE "vmware|qemu|kvm|xen" | grep -viE "Nested Virtualization|/virtual/"');
Source: ShadowFury.exe, 00000000.00000003.1884195439.0000000006830000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: if (str.indexOf('tcg') >= 0) { result = 'QEMU'; }
Source: ShadowFury.exe, 00000000.00000003.1884452784.0000000006C30000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: if (lines.indexOf('VMware') >= 0 && !result.virtualHost) {
Source: ShadowFury.exe, 00000000.00000003.1982753666.0000000006970000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: VMware Virtual WebcamMedia.VideoCapture.BlacklistedDeviceGoogle Camera AdapterIP Camera [JPEG/MJPEG]CyberLink Webcam SplitterEpocCamWebcamMax..\..\media\capture\video\video_capture_metrics.ccDevice supports Media.VideoCapture.Device.SupportedPixelFormatMedia.VideoCapture.Device.SupportedResolution
Source: ShadowFury.exe, 00000000.00000003.1884452784.0000000006C30000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: case 'vmware':
Source: ShadowFury.exe, 00000000.00000003.1884452784.0000000006C30000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: if (stdout.toString().toLowerCase().indexOf('vmware') >= 0 && !result.virtualHost) {
Source: ShadowFury.exe, 00000000.00000003.1884452784.0000000006C30000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: if (model.startsWith('vmware')) { result.virtualHost = 'VMware'; }
Source: ShadowFury.exe, 00000000.00000003.1884195439.0000000006830000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: if (str.indexOf('qemu') >= 0) { result = 'QEMU'; }
Source: ShadowFury.exe, 00000000.00000003.1884452784.0000000006C30000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: if (manufacturer.startsWith('vmware') || manufacturer.startsWith('qemu') || manufacturer === 'xen' || manufacturer.startsWith('parallels')) {
Source: ShadowFury.exe, 00000000.00000003.1884452784.0000000006C30000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: if (manufacturer.startsWith('qemu')) { result.virtualHost = 'KVM'; }
Source: ShadowFury.exe, 00000000.00000003.1987405093.0000000005025000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: vmncVMware Screen Codec / VMware Videovp5On2 VP5vp6On2 VP6vp6fOn2 VP6 (Flash version)targaTruevision Targa imageimage/x-targaimage/x-tga
Source: ShadowFury.exe, 00000000.00000003.1884452784.0000000006C30000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: if (manufacturer.startsWith('vmware')) { result.virtualHost = 'VMware'; }
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: (IsLinux() && isVMWare) || (IsAndroid() && isNvidia) || (IsAndroid() && GetAndroidSdkLevel() < 27 && IsAdreno5xxOrOlder(functions)) || (IsAndroid() && IsMaliT8xxOrOlder(functions)) || (IsAndroid() && IsMaliG31OrOlder(functions))
Source: ShadowFury.exe, 00000000.00000003.1884452784.0000000006C30000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: result.virtualHost = 'VMware';
Source: ShadowFury.exe, 00000000.00000003.1884452784.0000000006C30000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: if (model === 'virtualbox' || model === 'kvm' || model === 'virtual machine' || model === 'bochs' || model.startsWith('vmware') || model.startsWith('qemu') || model.startsWith('parallels')) {
Source: ShadowFury.exe, 00000000.00000003.1983268209.0000000007537000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: lgnW2/4/PEZB31jiVg88O8EckzXZOFKs7sjsLjBOlDW0JB9LeGna8gI4zJVSk/BwJVmcIGfE
Source: ShadowFury.exe, 00000000.00000003.1884452784.0000000006C30000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: if (stdout.toString().toLowerCase().indexOf('qemu') >= 0 && !result.virtualHost) {
Source: ShadowFury.exe, 00000000.00000003.1884452784.0000000006C30000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: if (result.model.toLowerCase() === 'virtualbox' || result.model.toLowerCase() === 'kvm' || result.model.toLowerCase() === 'virtual machine' || result.model.toLowerCase() === 'bochs' || result.model.toLowerCase().startsWith('vmware') || result.model.toLowerCase().startsWith('droplet')) {
Source: ShadowFury.exe, 00000000.00000003.1884452784.0000000006C30000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: if (model.startsWith('qemu')) { result.virtualHost = 'KVM'; }
Source: ShadowFury.exe, 00000000.00000003.1884452784.0000000006C30000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: if (result.manufacturer.toLowerCase().startsWith('vmware') || result.manufacturer.toLowerCase() === 'xen') {
Source: ShadowFury.exe, 00000000.00000003.1884452784.0000000006C30000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: result.virtualHost = 'VMware';
Source: ShadowFury.exe, 00000000.00000003.1884452784.0000000006C30000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: result.virtualHost = 'QEMU';
Source: ShadowFury.exe, 00000000.00000003.1884452784.0000000006C30000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: result.virtualHost = 'VMware';
Source: ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: IIAMDARMAppleBroadcomGoogleIntelMesaMicrosoftNVIDIAImagination TechnologiesQualcommSamsung Electronics Co., Ltd.VivanteVMwareVirtIOTest
Source: ShadowFury.exe, 00000000.00000003.1884195439.0000000006830000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: if (str.indexOf('vmware') >= 0) { result = 'VMware'; }
Source: ShadowFury.exe, 00000000.00000003.1884452784.0000000006C30000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: case 'vmware':
Source: ShadowFury.exe, 00000000.00000003.1884452784.0000000006C30000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: if (disksById.indexOf('_QEMU_') >= 0) {
Source: ShadowFury.exe, 00000000.00000003.1987405093.0000000005025000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware Screen Codec / VMware Video
Source: C:\Users\user\Desktop\ShadowFury.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeMemory allocated: page read and write | page guardJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "chcp"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "echo %COMPUTERNAME%.%USERDNSDOMAIN%"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeProcess created: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exe "C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\ShadowFury" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1972 --field-trial-handle=1976,i,5983286272222929098,2111862597278059386,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeProcess created: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exe "C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\ShadowFury" --mojo-platform-channel-handle=2136 --field-trial-handle=1976,i,5983286272222929098,2111862597278059386,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "findstr /C:"Detected boot environment" "%windir%\Panther\setupact.log""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeProcess created: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exe "C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\user\AppData\Roaming\ShadowFury" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1808 --field-trial-handle=1976,i,5983286272222929098,2111862597278059386,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\chcp.com chcpJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "chcp"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "echo %COMPUTERNAME%.%USERDNSDOMAIN%"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeProcess created: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exe "C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\ShadowFury" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1968 --field-trial-handle=1972,i,18180359127166526210,17872614602038801051,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeProcess created: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exe "C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\ShadowFury" --mojo-platform-channel-handle=2164 --field-trial-handle=1972,i,18180359127166526210,17872614602038801051,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "findstr /C:"Detected boot environment" "%windir%\Panther\setupact.log""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\chcp.com chcp
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /C:"Detected boot environment" "C:\Windows\Panther\setupact.log"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /C:"Detected boot environment" "C:\Windows\Panther\setupact.log"
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeProcess created: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exe "c:\users\user\appdata\local\programs\shadowfury\shadowfury.exe" --type=gpu-process --user-data-dir="c:\users\user\appdata\roaming\shadowfury" --gpu-preferences=uaaaaaaaaadgaaayaaaaaaaaaaaaaaaaaabgaaaaaaawaaaaaaaaaaaaaaaqaaaaaaaaaaaaaaaaaaaaaaaaabgaaaaaaaaagaaaaaaaaaaiaaaaaaaaaagaaaaaaaaacaaaaaaaaaa= --mojo-platform-channel-handle=1972 --field-trial-handle=1976,i,5983286272222929098,2111862597278059386,131072 --disable-features=sparerendererforsiteperprocess,winretrievesuggestionsonlyondemand /prefetch:2
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeProcess created: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exe "c:\users\user\appdata\local\programs\shadowfury\shadowfury.exe" --type=utility --utility-sub-type=network.mojom.networkservice --lang=en-gb --service-sandbox-type=none --user-data-dir="c:\users\user\appdata\roaming\shadowfury" --mojo-platform-channel-handle=2136 --field-trial-handle=1976,i,5983286272222929098,2111862597278059386,131072 --disable-features=sparerendererforsiteperprocess,winretrievesuggestionsonlyondemand /prefetch:8
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeProcess created: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exe "c:\users\user\appdata\local\programs\shadowfury\shadowfury.exe" --type=gpu-process --user-data-dir="c:\users\user\appdata\roaming\shadowfury" --gpu-preferences=uaaaaaaaaadgaaayaaaaaaaaaaaaaaaaaabgaaaaaaawaaaaaaaaaaaaaaaqaaaaaaaaaaaaaaaaaaaaaaaaabgaaaaaaaaagaaaaaaaaaaiaaaaaaaaaagaaaaaaaaacaaaaaaaaaa= --mojo-platform-channel-handle=1968 --field-trial-handle=1972,i,18180359127166526210,17872614602038801051,131072 --disable-features=sparerendererforsiteperprocess,winretrievesuggestionsonlyondemand /prefetch:2
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeProcess created: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exe "c:\users\user\appdata\local\programs\shadowfury\shadowfury.exe" --type=utility --utility-sub-type=network.mojom.networkservice --lang=en-gb --service-sandbox-type=none --user-data-dir="c:\users\user\appdata\roaming\shadowfury" --mojo-platform-channel-handle=2164 --field-trial-handle=1972,i,18180359127166526210,17872614602038801051,131072 --disable-features=sparerendererforsiteperprocess,winretrievesuggestionsonlyondemand /prefetch:8
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeProcess created: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exe "c:\users\user\appdata\local\programs\shadowfury\shadowfury.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="c:\users\user\appdata\roaming\shadowfury" --gpu-preferences=uaaaaaaaaadoaaayaaaaaaaaaaaaaaaaaabgaaaaaaawaaaaaaaaaaaaaacqaaaaaaaaaaaaaaaaaaaaaaaaabgaaaaaaaaagaaaaaaaaaaiaaaaaaaaaagaaaaaaaaacaaaaaaaaaa= --mojo-platform-channel-handle=1808 --field-trial-handle=1976,i,5983286272222929098,2111862597278059386,131072 --disable-features=sparerendererforsiteperprocess,winretrievesuggestionsonlyondemand /prefetch:2
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeProcess created: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exe "c:\users\user\appdata\local\programs\shadowfury\shadowfury.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="c:\users\user\appdata\roaming\shadowfury" --gpu-preferences=uaaaaaaaaadoaaayaaaaaaaaaaaaaaaaaabgaaaaaaawaaaaaaaaaaaaaacqaaaaaaaaaaaaaaaaaaaaaaaaabgaaaaaaaaagaaaaaaaaaaiaaaaaaaaaagaaaaaaaaacaaaaaaaaaa= --mojo-platform-channel-handle=1444 --field-trial-handle=1972,i,18180359127166526210,17872614602038801051,131072 --disable-features=sparerendererforsiteperprocess,winretrievesuggestionsonlyondemand /prefetch:2
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeProcess created: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exe "c:\users\user\appdata\local\programs\shadowfury\shadowfury.exe" --type=gpu-process --user-data-dir="c:\users\user\appdata\roaming\shadowfury" --gpu-preferences=uaaaaaaaaadgaaayaaaaaaaaaaaaaaaaaabgaaaaaaawaaaaaaaaaaaaaaaqaaaaaaaaaaaaaaaaaaaaaaaaabgaaaaaaaaagaaaaaaaaaaiaaaaaaaaaagaaaaaaaaacaaaaaaaaaa= --mojo-platform-channel-handle=1972 --field-trial-handle=1976,i,5983286272222929098,2111862597278059386,131072 --disable-features=sparerendererforsiteperprocess,winretrievesuggestionsonlyondemand /prefetch:2Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeProcess created: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exe "c:\users\user\appdata\local\programs\shadowfury\shadowfury.exe" --type=utility --utility-sub-type=network.mojom.networkservice --lang=en-gb --service-sandbox-type=none --user-data-dir="c:\users\user\appdata\roaming\shadowfury" --mojo-platform-channel-handle=2136 --field-trial-handle=1976,i,5983286272222929098,2111862597278059386,131072 --disable-features=sparerendererforsiteperprocess,winretrievesuggestionsonlyondemand /prefetch:8Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeProcess created: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exe "c:\users\user\appdata\local\programs\shadowfury\shadowfury.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="c:\users\user\appdata\roaming\shadowfury" --gpu-preferences=uaaaaaaaaadoaaayaaaaaaaaaaaaaaaaaabgaaaaaaawaaaaaaaaaaaaaacqaaaaaaaaaaaaaaaaaaaaaaaaabgaaaaaaaaagaaaaaaaaaaiaaaaaaaaaagaaaaaaaaacaaaaaaaaaa= --mojo-platform-channel-handle=1808 --field-trial-handle=1976,i,5983286272222929098,2111862597278059386,131072 --disable-features=sparerendererforsiteperprocess,winretrievesuggestionsonlyondemand /prefetch:2Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeProcess created: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exe "c:\users\user\appdata\local\programs\shadowfury\shadowfury.exe" --type=gpu-process --user-data-dir="c:\users\user\appdata\roaming\shadowfury" --gpu-preferences=uaaaaaaaaadgaaayaaaaaaaaaaaaaaaaaabgaaaaaaawaaaaaaaaaaaaaaaqaaaaaaaaaaaaaaaaaaaaaaaaabgaaaaaaaaagaaaaaaaaaaiaaaaaaaaaagaaaaaaaaacaaaaaaaaaa= --mojo-platform-channel-handle=1968 --field-trial-handle=1972,i,18180359127166526210,17872614602038801051,131072 --disable-features=sparerendererforsiteperprocess,winretrievesuggestionsonlyondemand /prefetch:2Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeProcess created: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exe "c:\users\user\appdata\local\programs\shadowfury\shadowfury.exe" --type=utility --utility-sub-type=network.mojom.networkservice --lang=en-gb --service-sandbox-type=none --user-data-dir="c:\users\user\appdata\roaming\shadowfury" --mojo-platform-channel-handle=2164 --field-trial-handle=1972,i,18180359127166526210,17872614602038801051,131072 --disable-features=sparerendererforsiteperprocess,winretrievesuggestionsonlyondemand /prefetch:8Jump to behavior
Source: ShadowFury.exe, 00000000.00000003.1983268209.0000000007537000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: ..\..\third_party\webrtc\modules\desktop_capture\win\window_capture_utils.ccFail to create instance of VirtualDesktopManagerChrome_WidgetWin_ProgmanWindowsDeleteStringWindowsCreateString
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeQueries volume information: C:\Users VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeQueries volume information: C:\Users\user\AppData VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeQueries volume information: C:\Users\user\AppData\Local VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeQueries volume information: C:\Users\user\AppData\Local\Programs\ShadowFury VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeQueries volume information: C:\Users\user\AppData\Local\Programs\ShadowFury\resources VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeQueries volume information: C:\Users\user\AppData\Local\Programs\ShadowFury\resources\app.asar VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeQueries volume information: C:\Windows\SysWOW64\cmd.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeQueries volume information: C:\Windows\System32\spool\drivers\color\sRGB Color Space Profile.icm VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure.CimCmdlets\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.CimCmdlets.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure.CimCmdlets\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.CimCmdlets.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeQueries volume information: C:\Users VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeQueries volume information: C:\Users\user VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeQueries volume information: C:\Users\user\AppData\Local VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeQueries volume information: C:\Users\user\AppData\Local\Programs\ShadowFury VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeQueries volume information: C:\Windows\SysWOW64\cmd.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeQueries volume information: C:\Windows\System32\spool\drivers\color\sRGB Color Space Profile.icm VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure.CimCmdlets\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.CimCmdlets.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure.CimCmdlets\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.CimCmdlets.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Stealing of Sensitive Information

barindex
Tries to steal communication platform credentials (via file / registry access)
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exefile Attributes Queried: C:\Users\user\AppData\Local\DiscordJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exefile Attributes Queried: C:\Users\user\AppData\Local\DiscordCanaryJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exefile Attributes Queried: C:\Users\user\AppData\Local\DiscordPTBJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exefile Attributes Queried: C:\Users\user\AppData\Local\DiscordJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exefile Attributes Queried: C:\Users\user\AppData\Local\DiscordCanaryJump to behavior
Source: C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exefile Attributes Queried: C:\Users\user\AppData\Local\DiscordPTBJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
Windows Management Instrumentation		1
Windows Service		1
Windows Service		11
Masquerading		11
Input Capture		11
Security Software Discovery		Remote Services1
Email Collection		1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts1
Command and Scripting Interpreter		2
Registry Run Keys / Startup Folder		12
Process Injection		1
Disable or Modify Tools		LSASS Memory2
Process Discovery		Remote Desktop Protocol11
Input Capture		2
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAt1
DLL Side-Loading		2
Registry Run Keys / Startup Folder		131
Virtualization/Sandbox Evasion		Security Account Manager131
Virtualization/Sandbox Evasion		SMB/Windows Admin SharesData from Network Shared Drive3
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
DLL Side-Loading		12
Process Injection		NTDS1
Application Window Discovery		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
Timestomp		LSA Secrets1
Remote System Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
DLL Side-Loading		Cached Domain Credentials1
System Network Configuration Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup ItemsCompile After DeliveryDCSync2
File and Directory Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem33
System Information Discovery		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1430162 Sample: ShadowFury.exe Startdate: 23/04/2024 Architecture: WINDOWS Score: 68 69 ipinfo.io 2->69 71 illitluckygirl.com 2->71 79 Snort IDS alert for network traffic 2->79 81 Multi AV Scanner detection for domain / URL 2->81 8 ShadowFury.exe 5 2->8         started        13 ShadowFury.exe 5 2->13         started        15 ShadowFury.exe 12 194 2->15         started        signatures3 process4 dnsIp5 75 ipinfo.io 34.117.186.192, 443, 49741, 49744 GOOGLE-AS-APGoogleAsiaPacificPteLtdSG United States 8->75 53 6f9c7dcb-c5ec-4d75...e1fcff8c95.tmp.node, PE32 8->53 dropped 55 65009a31-e18f-4331...74113ace84.tmp.node, PE32 8->55 dropped 83 Tries to steal communication platform credentials (via file / registry access) 8->83 85 Opens the same file many times (likely Sandbox evasion) 8->85 17 powershell.exe 21 8->17         started        20 powershell.exe 8->20         started        22 ShadowFury.exe 1 8->22         started        31 6 other processes 8->31 57 ece2b052-aa6a-477b...0581807657.tmp.node, PE32 13->57 dropped 59 c72e6d37-050a-4632...b85d93d972.tmp.node, PE32 13->59 dropped 25 powershell.exe 13->25         started        27 powershell.exe 13->27         started        29 cmd.exe 13->29         started        33 6 other processes 13->33 61 C:\Users\user\AppData\...\ShadowFury.exe, PE32 15->61 dropped 63 C:\Users\user\AppData\Local\...\nsis7z.dll, PE32 15->63 dropped 65 C:\Users\user\AppData\Local\...\System.dll, PE32 15->65 dropped 67 16 other files (none is malicious) 15->67 dropped file6 signatures7 process8 dnsIp9 77 Loading BitLocker PowerShell Module 17->77 35 conhost.exe 17->35         started        37 conhost.exe 20->37         started        73 chrome.cloudflare-dns.com 162.159.61.3, 443, 49742, 49743 CLOUDFLARENETUS United States 22->73 39 conhost.exe 25->39         started        41 conhost.exe 27->41         started        47 2 other processes 29->47 43 conhost.exe 31->43         started        45 conhost.exe 31->45         started        49 4 other processes 31->49 51 4 other processes 33->51 signatures10 process11

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
ShadowFury.exe0%VirustotalBrowse
ShadowFury.exe0%ReversingLabs

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exe3%VirustotalBrowse
C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exe0%ReversingLabs
C:\Users\user\AppData\Local\Programs\ShadowFury\d3dcompiler_47.dll0%ReversingLabs
C:\Users\user\AppData\Local\Programs\ShadowFury\d3dcompiler_47.dll0%VirustotalBrowse
C:\Users\user\AppData\Local\Programs\ShadowFury\ffmpeg.dll0%ReversingLabs
C:\Users\user\AppData\Local\Programs\ShadowFury\ffmpeg.dll0%VirustotalBrowse
C:\Users\user\AppData\Local\Programs\ShadowFury\libEGL.dll0%ReversingLabs
C:\Users\user\AppData\Local\Programs\ShadowFury\libEGL.dll0%VirustotalBrowse
C:\Users\user\AppData\Local\Programs\ShadowFury\libGLESv2.dll0%ReversingLabs
C:\Users\user\AppData\Local\Programs\ShadowFury\libGLESv2.dll0%VirustotalBrowse
C:\Users\user\AppData\Local\Programs\ShadowFury\vk_swiftshader.dll0%ReversingLabs
C:\Users\user\AppData\Local\Programs\ShadowFury\vk_swiftshader.dll0%VirustotalBrowse
C:\Users\user\AppData\Local\Programs\ShadowFury\vulkan-1.dll0%ReversingLabs
C:\Users\user\AppData\Local\Programs\ShadowFury\vulkan-1.dll0%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\65009a31-e18f-4331-be2b-a374113ace84.tmp.node8%ReversingLabs
C:\Users\user\AppData\Local\Temp\6f9c7dcb-c5ec-4d75-b81c-93e1fcff8c95.tmp.node5%ReversingLabs
C:\Users\user\AppData\Local\Temp\c72e6d37-050a-4632-91c0-63b85d93d972.tmp.node8%ReversingLabs
C:\Users\user\AppData\Local\Temp\ece2b052-aa6a-477b-a28f-4a0581807657.tmp.node5%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\ShadowFury.exe0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\ShadowFury.exe3%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\d3dcompiler_47.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\d3dcompiler_47.dll0%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\ffmpeg.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\ffmpeg.dll0%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\libEGL.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\libEGL.dll0%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\libGLESv2.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\libGLESv2.dll0%VirustotalBrowse

Unpacked PE Files

No Antivirus matches

Domains

SourceDetectionScannerLabelLink
chrome.cloudflare-dns.com0%VirustotalBrowse
illitluckygirl.com10%VirustotalBrowse

URLs

SourceDetectionScannerLabelLink
http://anglebug.com/46330%URL Reputationsafe
https://anglebug.com/73820%URL Reputationsafe
https://crbug.com/13560530%URL Reputationsafe
http://crbug.com/1102630%URL Reputationsafe
https://tc39.github.io/ecma262/#sec-%iteratorprototype%-object0%URL Reputationsafe
http://anglebug.com/69290%URL Reputationsafe
https://anglebug.com/72460%URL Reputationsafe
https://anglebug.com/73690%URL Reputationsafe
https://anglebug.com/74890%URL Reputationsafe
https://crbug.com/5930240%URL Reputationsafe
http://exslt.org/common0%URL Reputationsafe
https://tc39.es/ecma262/#sec-timeclip0%URL Reputationsafe
https://crbug.com/13005750%URL Reputationsafe
https://crbug.com/7104430%URL Reputationsafe
https://crbug.com/10600120%URL Reputationsafe
http://anglebug.com/39970%URL Reputationsafe
http://anglebug.com/47220%URL Reputationsafe
http://crbug.com/6426050%URL Reputationsafe
http://anglebug.com/14520%URL Reputationsafe
https://webassembly.github.io/spec/web-api0%URL Reputationsafe
https://crbug.com/650547callClearTwiceUsing0%URL Reputationsafe
http://anglebug.com/35020%URL Reputationsafe
http://anglebug.com/36230%URL Reputationsafe
http://anglebug.com/36250%URL Reputationsafe
http://anglebug.com/36240%URL Reputationsafe
http://anglebug.com/28940%URL Reputationsafe
http://anglebug.com/38620%URL Reputationsafe
http://anglebug.com/48360%URL Reputationsafe
https://heycam.github.io/webidl/#es-iterable-entries0%URL Reputationsafe
https://heycam.github.io/webidl/#es-interfaces0%URL Reputationsafe
http://istanbul-js.org/0%VirustotalBrowse
http://127.0.0.12%VirustotalBrowse
https://w3c.github.io/manifest/#installability-signals0%VirustotalBrowse
https://beacons.gcp.gvt2.com/domainreliability/upload0%VirustotalBrowse
http://www.xfa.org/schema/xfa-template/0%VirustotalBrowse
http://www.xfa.org/schema/xdc/1%VirustotalBrowse

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
chrome.cloudflare-dns.com
162.159.61.3
truefalseunknown
ipinfo.io
34.117.186.192
truefalse
    		high
    illitluckygirl.com
    		unknown
    		unknownfalseunknown

    URLs from Memory and Binaries

    NameSourceMaliciousAntivirus DetectionReputation
    https://sqlite.org/forum/forumpost/eb8613976aShadowFury.exe, 00000000.00000003.1883935339.0000000005920000.00000004.00001000.00020000.00000000.sdmpfalse
      		high
      https://url.spec.whatwg.org/#concept-url-originShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpfalse
        		high
        https://tools.ietf.org/html/rfc6455#section-1.3ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpfalse
          		high
          https://www.ecma-international.org/ecma-262/8.0/#sec-atomescapeShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpfalse
            		high
            https://github.com/sebhildebrandt/systeminformation.gitShadowFury.exe, 00000000.00000003.1884195439.0000000006830000.00000004.00001000.00020000.00000000.sdmpfalse
              		high
              http://anglebug.com/4633ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              		unknown
              https://anglebug.com/7382ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              		unknown
              https://www.ecma-international.org/ecma-262/8.0/#prod-AtomShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpfalse
                		high
                https://github.com/nodejs/node/pull/35941ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpfalse
                  		high
                  https://www.chromestatus.com/feature/5093566007214080ShadowFury.exe, 00000000.00000003.1983268209.000000000768F000.00000004.00001000.00020000.00000000.sdmpfalse
                    		high
                    https://console.spec.whatwg.org/#tableShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpfalse
                      		high
                      https://github.com/nodejs/string_decoderShadowFury.exe, 00000000.00000003.1884195439.0000000006830000.00000004.00001000.00020000.00000000.sdmpfalse
                        		high
                        https://docs.google.com/ShadowFury.exe, 00000000.00000003.1983268209.000000000768F000.00000004.00001000.00020000.00000000.sdmpfalse
                          		high
                          https://crbug.com/1356053ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://elinux.org/RPI_vcgencmd_usageShadowFury.exe, 00000000.00000003.1884452784.0000000006C30000.00000004.00001000.00020000.00000000.sdmpfalse
                            		high
                            https://encoding.spec.whatwg.org/#textencoderShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpfalse
                              		high
                              http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd-//W3C//DTDShadowFury.exe, 00000000.00000003.1983268209.000000000768F000.00000004.00001000.00020000.00000000.sdmpfalse
                                		high
                                https://github.com/tc39/proposal-weakrefsShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpfalse
                                  		high
                                  https://goo.gl/t5IS6M).ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpfalse
                                    		high
                                    http://crbug.com/110263ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-AssertionShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpfalse
                                      		high
                                      https://github.com/google/caja/blob/HEAD/src/com/google/caja/ses/repairES5.jsShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpfalse
                                        		high
                                        https://tc39.github.io/ecma262/#sec-%iteratorprototype%-objectShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        https://url.spec.whatwg.org/#concept-urlencoded-serializerShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpfalse
                                          		high
                                          https://www.chromium.org/blink/origin-trials/portals.ShadowFury.exe, 00000000.00000003.1982753666.0000000006970000.00000004.00001000.00020000.00000000.sdmpfalse
                                            		high
                                            http://anglebug.com/6929ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            https://semver.org/ShadowFury.exe, 00000000.00000003.1884452784.0000000006C30000.00000004.00001000.00020000.00000000.sdmpfalse
                                              		high
                                              https://wiki.squid-cache.org/SquidFaq/InnerWorkings#What_is_a_half-closed_filedescriptor.3FShadowFury.exe, 00000000.00000003.1982753666.0000000006970000.00000004.00001000.00020000.00000000.sdmpfalse
                                                		high
                                                https://nodejs.org/api/fs.htmlShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://chromium.googlesource.com/chromium/src/ShadowFury.exe, 00000000.00000003.1993745329.0000000005020000.00000004.00000020.00020000.00000000.sdmp, ShadowFury.exe, 00000000.00000003.1982753666.0000000006970000.00000004.00001000.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://github.com/nodejs/node/pull/21313ShadowFury.exe, 00000000.00000003.1982753666.0000000006970000.00000004.00001000.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://www.chromium.org/blink/origin-trials/portals.TheShadowFury.exe, 00000000.00000003.1982753666.0000000006970000.00000004.00001000.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://anglebug.com/7246ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpfalse
                                                        • URL Reputation: safe
                                                        		unknown
                                                        https://anglebug.com/7369ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpfalse
                                                        • URL Reputation: safe
                                                        		unknown
                                                        https://anglebug.com/7489ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpfalse
                                                        • URL Reputation: safe
                                                        		unknown
                                                        https://bit.ly/3rpDuEX.ShadowFury.exe, 00000000.00000003.1983268209.000000000768F000.00000004.00001000.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://crbug.com/593024ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          https://www.ecma-international.org/ecma-262/8.0/#prod-NonemptyClassRangesShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://w3c.github.io/manifest/#installability-signalsShadowFury.exe, 00000000.00000003.1983268209.000000000768F000.00000004.00001000.00020000.00000000.sdmpfalseunknown
                                                            http://www.midnight-commander.org/browser/lib/tty/key.cShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://nodejs.org/ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://tools.ietf.org/html/rfc7540#section-8.1.2.5ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://exslt.org/commonShadowFury.exe, 00000000.00000003.1983268209.000000000768F000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  https://github.com/tensorflow/modelsShadowFury.exe, 00000000.00000003.1993745329.0000000005020000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://www.ecma-international.org/ecma-262/8.0/#prod-Hex4DigitsShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://www.squid-cache.org/Doc/config/half_closed_clients/ShadowFury.exe, 00000000.00000003.1982753666.0000000006970000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://www.ecma-international.org/ecma-262/8.0/#prod-DecimalEscapeShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://c.docs.google.com/ShadowFury.exe, 00000000.00000003.1983268209.000000000768F000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://github.com/KhronosGroup/SPIRV-Headers.gitShadowFury.exe, 00000000.00000003.1993745329.0000000005020000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-ClassControlLetterShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://www.sqlite.org/src/info/908f001483982c43ShadowFury.exe, 00000000.00000003.1883935339.0000000005920000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://tc39.es/ecma262/#sec-timeclipShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  https://issuetracker.google.com/161903006ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://127.0.0.1ShadowFury.exe, 00000000.00000003.1982753666.0000000006970000.00000004.00001000.00020000.00000000.sdmpfalseunknown
                                                                                    https://crbug.com/1300575ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                    • URL Reputation: safe
                                                                                    		unknown
                                                                                    https://github.com/nodejs/node/pull/33661ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://www.nongnu.org/freebangfont/downloads.html#muktiShadowFury.exe, 00000000.00000003.1993745329.0000000005020000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://crbug.com/710443ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                        • URL Reputation: safe
                                                                                        		unknown
                                                                                        http://narwhaljs.org)ShadowFury.exe, 00000000.00000003.1982753666.0000000006970000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                          		low
                                                                                          http://istanbul-js.org/ShadowFury.exe, 00000000.00000003.1884452784.0000000006C30000.00000004.00001000.00020000.00000000.sdmpfalseunknown
                                                                                          https://github.com/tensorflow/tflite-supportShadowFury.exe, 00000000.00000003.1993745329.0000000005020000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://github.com/WICG/scheduling-apisShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://sqlite.org/ShadowFury.exe, 00000000.00000003.1993745329.0000000005020000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://crbug.com/1060012ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                • URL Reputation: safe
                                                                                                		unknown
                                                                                                http://localhosthttp://127.0.0.1object-srcShadowFury.exe, 00000000.00000003.1982753666.0000000006970000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                  		low
                                                                                                  https://code.google.com/p/chromium/issues/detail?id=25916ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    http://anglebug.com/3997ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                    • URL Reputation: safe
                                                                                                    		unknown
                                                                                                    http://anglebug.com/4722ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                    • URL Reputation: safe
                                                                                                    		unknown
                                                                                                    http://crbug.com/642605ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                    • URL Reputation: safe
                                                                                                    		unknown
                                                                                                    https://fetch.spec.whatwg.org/#fetch-timing-infoShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://anglebug.com/1452ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                      • URL Reputation: safe
                                                                                                      		unknown
                                                                                                      https://webassembly.github.io/spec/web-apiShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                      • URL Reputation: safe
                                                                                                      		unknown
                                                                                                      https://github.com/electron/electron/issues/18397.ModuleShadowFury.exe, 00000000.00000003.1982753666.0000000006970000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://www.xfa.org/schema/xdc/ShadowFury.exe, 00000004.00000000.2064453399.0000000007462000.00000002.00000001.01000000.0000000C.sdmpfalseunknown
                                                                                                        https://github.com/nodejs/node/pull/12607ShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://www.ecma-international.org/ecma-262/#sec-line-terminatorsShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            http://www.sqlite.org/ShadowFury.exe, 00000000.00000003.1884195439.0000000006830000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://www.unicode.org/Public/UNIDATA/EastAsianWidth.txtShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://crbug.com/650547callClearTwiceUsingShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                • URL Reputation: safe
                                                                                                                		unknown
                                                                                                                https://github.com/npm/node-tar/issues/183ShadowFury.exe, 00000000.00000003.1884452784.0000000006C30000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://html4/loose.dtdShadowFury.exe, 00000000.00000003.1983268209.000000000768F000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                    		low
                                                                                                                    http://anglebug.com/3502ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                    • URL Reputation: safe
                                                                                                                    		unknown
                                                                                                                    http://anglebug.com/3623ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                    • URL Reputation: safe
                                                                                                                    		unknown
                                                                                                                    https://gitlab.freedesktop.org/xdg/xdgmimeShadowFury.exe, 00000000.00000003.1993745329.0000000005020000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://anglebug.com/3625ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                      • URL Reputation: safe
                                                                                                                      		unknown
                                                                                                                      http://anglebug.com/3624ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                      • URL Reputation: safe
                                                                                                                      		unknown
                                                                                                                      http://www.unicode.org/copyright.htmlShadowFury.exe, 00000000.00000003.1862439762.0000000005E20000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://beacons.gcp.gvt2.com/domainreliability/uploadShadowFury.exe, 00000000.00000003.1983268209.000000000768F000.00000004.00001000.00020000.00000000.sdmpfalseunknown
                                                                                                                        http://anglebug.com/2894ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                        • URL Reputation: safe
                                                                                                                        		unknown
                                                                                                                        http://anglebug.com/3862ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                        • URL Reputation: safe
                                                                                                                        		unknown
                                                                                                                        http://anglebug.com/4836ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                        • URL Reputation: safe
                                                                                                                        		unknown
                                                                                                                        https://issuetracker.google.com/issues/166475273ShadowFury.exe, 00000000.00000003.1892978701.0000000006970000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://developer.chrome.com/docs/extensions/mv3/cross-origin-isolation/.ShadowFury.exe, 00000000.00000003.1983268209.0000000007537000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://github.com/WICG/construct-stylesheets/issues/119#issuecomment-588352418.ShadowFury.exe, 00000000.00000003.1983268209.0000000007537000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-ExtendedAtomShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://github.com/w3c/webappsec-trusted-types/wiki/Trusted-Types-for-function-constructorShadowFury.exe, 00000000.00000003.1982753666.0000000006970000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://heycam.github.io/webidl/#es-iterable-entriesShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                  • URL Reputation: safe
                                                                                                                                  		unknown
                                                                                                                                  https://github.com/wasdk/wasmparserShadowFury.exe, 00000000.00000003.1993745329.0000000005020000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://heycam.github.io/webidl/#es-interfacesShadowFury.exe, 00000000.00000003.1983017593.0000000006EB0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                    • URL Reputation: safe
                                                                                                                                    		unknown
                                                                                                                                    http://www.xfa.org/schema/xfa-template/ShadowFury.exe, 00000004.00000000.2064453399.0000000007462000.00000002.00000001.01000000.0000000C.sdmpfalseunknown

                                                                                                                                    World Map of Contacted IPs

                                                                                                                                    • No. of IPs < 25%
                                                                                                                                    • 25% < No. of IPs < 50%
                                                                                                                                    • 50% < No. of IPs < 75%
                                                                                                                                    • 75% < No. of IPs

                                                                                                                                    Public IPs

                                                                                                                                    IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                    34.117.186.192
                                                                                                                                    		ipinfo.ioUnited States
                                                                                                                                    		139070GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfalse
                                                                                                                                    162.159.61.3
                                                                                                                                    		chrome.cloudflare-dns.comUnited States
                                                                                                                                    		13335CLOUDFLARENETUSfalse

                                                                                                                                    General Information

                                                                                                                                    Joe Sandbox version:40.0.0 Tourmaline
                                                                                                                                    Analysis ID:1430162
                                                                                                                                    Start date and time:2024-04-23 08:41:27 +02:00
                                                                                                                                    Joe Sandbox product:CloudBasic
                                                                                                                                    Overall analysis duration:0h 11m 5s
                                                                                                                                    Hypervisor based Inspection enabled:false
                                                                                                                                    Report type:full
                                                                                                                                    Cookbook file name:default.jbs
                                                                                                                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                    Run name:Run with higher sleep bypass
                                                                                                                                    Number of analysed new started processes analysed:43
                                                                                                                                    Number of new started drivers analysed:0
                                                                                                                                    Number of existing processes analysed:0
                                                                                                                                    Number of existing drivers analysed:0
                                                                                                                                    Number of injected processes analysed:0
                                                                                                                                    Technologies:
                                                                                                                                    • HCA enabled
                                                                                                                                    • EGA enabled
                                                                                                                                    • AMSI enabled
                                                                                                                                    Analysis Mode:default
                                                                                                                                    Analysis stop reason:Timeout
                                                                                                                                    Sample name:ShadowFury.exe
                                                                                                                                    Detection:MAL
                                                                                                                                    Classification:mal68.spyw.evad.winEXE@59/132@35/2
                                                                                                                                    EGA Information:Failed
                                                                                                                                    HCA Information:
                                                                                                                                    • Successful, ratio: 100%
                                                                                                                                    • Number of executed functions: 0
                                                                                                                                    • Number of non-executed functions: 0
                                                                                                                                    Cookbook Comments:
                                                                                                                                    • Found application associated with file extension: .exe
                                                                                                                                    • Sleeps bigger than 100000000ms are automatically reduced to 1000ms

                                                                                                                                    Warnings

                                                                                                                                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                                                    • Excluded IPs from analysis (whitelisted): 142.251.40.163, 142.250.81.227
                                                                                                                                    • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, www.gstatic.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                    • Not all processes where analyzed, report is missing behavior information
                                                                                                                                    • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                    • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                    • Report size getting too big, too many NtCreateKey calls found.
                                                                                                                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                    • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                    • Report size getting too big, too many NtQueryVolumeInformationFile calls found.

                                                                                                                                    Simulations

                                                                                                                                    Behavior and APIs

                                                                                                                                    TimeTypeDescription
                                                                                                                                    07:42:56AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ShadowFury.lnk
                                                                                                                                    08:42:41API Interceptor18x Sleep call for process: ShadowFury.exe modified

                                                                                                                                    Joe Sandbox View / Context

                                                                                                                                    IPs

                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                    34.117.186.192SecuriteInfo.com.Win32.Evo-gen.24318.16217.exeGet hashmaliciousUnknownBrowse
                                                                                                                                    • ipinfo.io/json
                                                                                                                                    SecuriteInfo.com.Win32.Evo-gen.28489.31883.exeGet hashmaliciousUnknownBrowse
                                                                                                                                    • ipinfo.io/json
                                                                                                                                    Raptor.HardwareService.Setup 1.msiGet hashmaliciousUnknownBrowse
                                                                                                                                    • ipinfo.io/ip
                                                                                                                                    Conferma_Pdf_Editor.exeGet hashmaliciousPlanet StealerBrowse
                                                                                                                                    • ipinfo.io/
                                                                                                                                    Conferma_Pdf_Editor.exeGet hashmaliciousPlanet StealerBrowse
                                                                                                                                    • ipinfo.io/
                                                                                                                                    w.shGet hashmaliciousXmrigBrowse
                                                                                                                                    • /ip
                                                                                                                                    Raptor.HardwareService.Setup_2.3.6.0.msiGet hashmaliciousUnknownBrowse
                                                                                                                                    • ipinfo.io/ip
                                                                                                                                    Raptor.HardwareService.Setup_2.3.6.0.msiGet hashmaliciousUnknownBrowse
                                                                                                                                    • ipinfo.io/ip
                                                                                                                                    uUsgzQ3DoW.exeGet hashmaliciousRedLineBrowse
                                                                                                                                    • ipinfo.io/ip
                                                                                                                                    8BZBgbeCcz.exeGet hashmaliciousRedLineBrowse
                                                                                                                                    • ipinfo.io/ip
                                                                                                                                    162.159.61.3Sonic-Glyder.exeGet hashmaliciousStealitBrowse
                                                                                                                                      SenPalia.exeGet hashmaliciousUnknownBrowse
                                                                                                                                        Sonic-Glyder.exeGet hashmaliciousStealitBrowse
                                                                                                                                          SenPalia.exeGet hashmaliciousUnknownBrowse
                                                                                                                                            UnderWars.exeGet hashmaliciousUnknownBrowse
                                                                                                                                              SenPalia.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                SenPalia.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                  ppop_verification_request.zipGet hashmaliciousUnknownBrowse
                                                                                                                                                    EpsilonFruit.exeGet hashmaliciousPafishBrowse

                                                                                                                                                      Domains

                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                      chrome.cloudflare-dns.comSonic-Glyder.exeGet hashmaliciousStealitBrowse
                                                                                                                                                      • 162.159.61.3
                                                                                                                                                      SenPalia.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                      • 172.64.41.3
                                                                                                                                                      UnderWars.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                      • 172.64.41.3
                                                                                                                                                      Sonic-Glyder.exeGet hashmaliciousStealitBrowse
                                                                                                                                                      • 162.159.61.3
                                                                                                                                                      SenPalia.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                      • 162.159.61.3
                                                                                                                                                      UnderWars.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                      • 162.159.61.3
                                                                                                                                                      https://edbullardcompany-my.sharepoint.com/:f:/g/personal/eric_rosario_bullard_com/EoLKvcaqSE1Go3fA5to5CQABtxAftKTD0ktrakp7rbi4Xg?e=Mvbf0DGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                      • 172.64.41.3
                                                                                                                                                      SenPalia.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                      • 172.64.41.3
                                                                                                                                                      SenPalia.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                      • 162.159.61.3
                                                                                                                                                      ipinfo.ioSOLkM5sa4R.exeGet hashmaliciousPhemedrone StealerBrowse
                                                                                                                                                      • 34.117.186.192
                                                                                                                                                      xOiio3LmAO.exeGet hashmaliciousPhemedrone StealerBrowse
                                                                                                                                                      • 34.117.186.192
                                                                                                                                                      SOLkM5sa4R.exeGet hashmaliciousPhemedrone StealerBrowse
                                                                                                                                                      • 34.117.186.192
                                                                                                                                                      ygm2mXUReY.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                                      • 34.117.186.192
                                                                                                                                                      file.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                                      • 34.117.186.192
                                                                                                                                                      file.exeGet hashmaliciousClipboard Hijacker, RisePro StealerBrowse
                                                                                                                                                      • 34.117.186.192
                                                                                                                                                      Dj43d18ukx.exeGet hashmaliciousDCRatBrowse
                                                                                                                                                      • 34.117.186.192
                                                                                                                                                      SenPalia.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                      • 34.117.186.192
                                                                                                                                                      UnderWars.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                      • 34.117.186.192

                                                                                                                                                      ASNs

                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                      GOOGLE-AS-APGoogleAsiaPacificPteLtdSGnagateliteqfUK.exeGet hashmaliciousAZORult++Browse
                                                                                                                                                      • 34.117.188.166
                                                                                                                                                      c3nBx2HQG2.exeGet hashmaliciousGlupteba, Mars Stealer, Phorpiex, PureLog Stealer, Stealc, Vidar, zgRATBrowse
                                                                                                                                                      • 34.117.186.192
                                                                                                                                                      SOLkM5sa4R.exeGet hashmaliciousPhemedrone StealerBrowse
                                                                                                                                                      • 34.117.186.192
                                                                                                                                                      xOiio3LmAO.exeGet hashmaliciousPhemedrone StealerBrowse
                                                                                                                                                      • 34.117.186.192
                                                                                                                                                      SOLkM5sa4R.exeGet hashmaliciousPhemedrone StealerBrowse
                                                                                                                                                      • 34.117.186.192
                                                                                                                                                      ygm2mXUReY.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                                      • 34.117.186.192
                                                                                                                                                      file.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                                      • 34.117.186.192
                                                                                                                                                      file.exeGet hashmaliciousClipboard Hijacker, RisePro StealerBrowse
                                                                                                                                                      • 34.117.186.192
                                                                                                                                                      Dj43d18ukx.exeGet hashmaliciousDCRatBrowse
                                                                                                                                                      • 34.117.186.192
                                                                                                                                                      CLOUDFLARENETUSanuwhqTXGt.dllGet hashmaliciousUnknownBrowse
                                                                                                                                                      • 104.21.45.11
                                                                                                                                                      Urgent PO 18-3081 Confirmation.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                      • 172.67.74.152
                                                                                                                                                      Gam.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                                      • 172.67.180.182
                                                                                                                                                      Quotation.xlsGet hashmaliciousRemcosBrowse
                                                                                                                                                      • 172.67.206.230
                                                                                                                                                      Invoice.docGet hashmaliciousUnknownBrowse
                                                                                                                                                      • 172.67.175.222
                                                                                                                                                      171385176494b902dcff1b37e29676f3c17c0cb0090fe4b0a33f3f6a97431f2344b56a8ec2497.dat-decoded.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                      • 104.26.12.205
                                                                                                                                                      Gam.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                                      • 172.67.180.182
                                                                                                                                                      PO No. 2430800015.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                      • 104.26.13.205
                                                                                                                                                      Texas_Tool_Purchase_Order#T18834-1.vbsGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                                                                                                      • 104.26.13.205

                                                                                                                                                      JA3 Fingerprints

                                                                                                                                                      No context

                                                                                                                                                      Dropped Files

                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                      C:\Users\user\AppData\Local\Programs\ShadowFury\d3dcompiler_47.dllSenPalia.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                        UnderWars.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                          SenPalia.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                            UnderWars.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                              SenPalia.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                SenPalia.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                  SecuriteInfo.com.Heuristic.HEUR.AGEN.1343277.7061.14046.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                    SecuriteInfo.com.Heuristic.HEUR.AGEN.1343277.7061.14046.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                      nsis-installer.exeGet hashmaliciousUnknownBrowse

                                                                                                                                                                        Created / dropped Files

                                                                                                                                                                        C:\Users\user\AppData\Local\D3DSCache\a5ae4d5e940ad976\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exe
                                                                                                                                                                        File Type:data
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):65552
                                                                                                                                                                        Entropy (8bit):0.01271010969945183
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:3:n19/lGlll/l/lXp9ZjrPBY0GlMlltesUvlt/ZP:D/0dPBY0yM/gsU9D
                                                                                                                                                                        MD5:5A4FEF909E580A45C1DA03E44D5EB6B2
                                                                                                                                                                        SHA1:C0AEEFD3AFEA312D5542BB8D58D2825038A769DB
                                                                                                                                                                        SHA-256:4326106B517CB2C4FBB68E189715F158547D77B3EBEEFEDDE79EA92338655714
                                                                                                                                                                        SHA-512:94D32F5606F1E9A73765F02F1D72F3E3B89FFABCF7CDE8606576420AA0591AEF99931C8974E70E6A5586C42352D34079E6483CBFE80D9A8DDBEC4865170BD9C7
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:..$&........................................f...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\D3DSCache\a5ae4d5e940ad976\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exe
                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                        Category:modified
                                                                                                                                                                        Size (bytes):4
                                                                                                                                                                        Entropy (8bit):1.5
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:3:R:R
                                                                                                                                                                        MD5:F49655F856ACB8884CC0ACE29216F511
                                                                                                                                                                        SHA1:CB0F1F87EC0455EC349AAA950C600475AC7B7B6B
                                                                                                                                                                        SHA-256:7852FCE59C67DDF1D6B8B997EAA1ADFAC004A9F3A91C37295DE9223674011FBA
                                                                                                                                                                        SHA-512:599E93D25B174524495ED29653052B3590133096404873318F05FD68F4C9A5C9A3B30574551141FBB73D7329D6BE342699A17F3AE84554BAB784776DFDA2D5F8
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:EERF

                                                                                                                                                                        C:\Users\user\AppData\Local\D3DSCache\a5ae4d5e940ad976\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exe
                                                                                                                                                                        File Type:Matlab v4 mat-file (little endian) (, numeric, rows 0, columns 16, imaginary
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):65536
                                                                                                                                                                        Entropy (8bit):0.02779066036249742
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:6:i9q0sRKUEZ+lX1IbR3tU3KtU3H6tz2Hsqi:f1RKQ1Ib7U+Ui2i
                                                                                                                                                                        MD5:F525329025C2DF16E4E1CDCD837D0A51
                                                                                                                                                                        SHA1:22A520A26C5826A851BFB42AA172BE470F42EEBA
                                                                                                                                                                        SHA-256:DD3A8BD45D6317AC70D999C7C9A4639F969107367FA9B3859D10F91F7F2A96AB
                                                                                                                                                                        SHA-512:EAAE5DA2B0E379A04D5691AFB2CE157695613BFD9C1D3CDB3E42C3DB43F759622521ABDA031AFBC29DEDE0A45136BB3C2430D2AC30D527514A398ECF4C41C0C3
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:....................(....x:no.&A.e.u~+..C.:.\.U.s.e.r.s.\.j.o.n.e.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.P.r.o.g.r.a.m.s.\.S.h.a.d.o.w.F.u.r.y.\.S.h.a.d.o.w.F.u.r.y...e.x.e...............................(...p.DJ!.IL.....Z.F.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                        File Type:data
                                                                                                                                                                        Category:modified
                                                                                                                                                                        Size (bytes):2172
                                                                                                                                                                        Entropy (8bit):5.232442309969644
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:48:wzYNSU4y4RQmFoUeWmfmZ9tK8NPQbHxqucUku1lflrBDX:wkkHyIFKL3OZ2K4KUNrBb
                                                                                                                                                                        MD5:C15F0B1717AC3779F4AD7B904E6838BB
                                                                                                                                                                        SHA1:C51C13F70F8E7B07602AB47899A318DE46DE844F
                                                                                                                                                                        SHA-256:F4711DB765555534AD1FB8535C13FA72A167F7DE765682AA3E46F5652C5137C8
                                                                                                                                                                        SHA-512:529CB206661F5DE72235537472D3775CE9360ACF5E0BC34E510EDB40838F487A34C9F01C8A2E5AC008D1832A45014A4BFD925A069557EC66DDA0516C34868D90
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:@...e.......................[.Z.Z.....|.*.......................X................$.....K.sG.<p..a.......Microsoft.Management.Infrastructure.CimCmdlets..H...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..|f........System.Core.D...............4..7..D.#V.............System.Management.AutomationL.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServices4.................%...K... ...........System.Xml..8..................1...L..U;V.<}........System.Numerics.4.....................@.[8]'.\........System.Data.<...............i..VdqF...|...........System.ConfigurationH................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...<...............V.}...@...i...........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerS

                                                                                                                                                                        C:\Users\user\AppData\Local\Programs\ShadowFury\LICENSE.electron.txt

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\Desktop\ShadowFury.exe
                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):1096
                                                                                                                                                                        Entropy (8bit):5.13006727705212
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:24:36DiJHxRHuyPP3GtIHw1Gg9QH+sUW8Ok4F+d1o36qjFD:36DiJzfPvGt7ICQH+sfIte36AFD
                                                                                                                                                                        MD5:4D42118D35941E0F664DDDBD83F633C5
                                                                                                                                                                        SHA1:2B21EC5F20FE961D15F2B58EFB1368E66D202E5C
                                                                                                                                                                        SHA-256:5154E165BD6C2CC0CFBCD8916498C7ABAB0497923BAFCD5CB07673FE8480087D
                                                                                                                                                                        SHA-512:3FFBBA2E4CD689F362378F6B0F6060571F57E228D3755BDD308283BE6CBBEF8C2E84BEB5FCF73E0C3C81CD944D01EE3FCF141733C4D8B3B0162E543E0B9F3E63
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:Copyright (c) Electron contributors.Copyright (c) 2013-2020 GitHub Inc...Permission is hereby granted, free of charge, to any person obtaining.a copy of this software and associated documentation files (the."Software"), to deal in the Software without restriction, including.without limitation the rights to use, copy, modify, merge, publish,.distribute, sublicense, and/or sell copies of the Software, and to.permit persons to whom the Software is furnished to do so, subject to.the following conditions:..The above copyright notice and this permission notice shall be.included in all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,.EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF.MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND.NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE.LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION.OF CONTRACT, TORT OR OTHERWISE, ARISIN

                                                                                                                                                                        C:\Users\user\AppData\Local\Programs\ShadowFury\LICENSES.chromium.html

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\Desktop\ShadowFury.exe
                                                                                                                                                                        File Type:HTML document, ASCII text
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):8312662
                                                                                                                                                                        Entropy (8bit):4.705814170451806
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:24576:dbTy6TU675kfWScRQfJw91SmfJB6i6e6R626X8HHdE/pG6:tygpj
                                                                                                                                                                        MD5:312446EDF757F7E92AAD311F625CEF2A
                                                                                                                                                                        SHA1:91102D30D5ABCFA7B6EC732E3682FB9C77279BA3
                                                                                                                                                                        SHA-256:C2656201AC86438D062673771E33E44D6D5E97670C3160E0DE1CB0BD5FBBAE9B
                                                                                                                                                                        SHA-512:DCE01F2448A49A0E6F08BBDE6570F76A87DCC81179BB51D5E2642AD033EE81AE3996800363826A65485AB79085572BBACE51409AE7102ED1A12DF65018676333
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview: Generated by licenses.py; do not edit. --><!doctype html>.<html>.<head>.<meta charset="utf-8">.<meta name="viewport" content="width=device-width">.<meta name="color-scheme" content="light dark">.<title>Credits</title>.<link rel="stylesheet" href="chrome://resources/css/text_defaults.css">.<link rel="stylesheet" href="chrome://credits/credits.css">.</head>.<body>.<span class="page-title" style="float:left;">Credits</span>.<a id="print-link" href="#" style="float:right;" hidden>Print</a>.<div style="clear:both; overflow:auto;"> Chromium <3s the following projects -->.<div class="product">.<span class="title">2-dim General Purpose FFT (Fast Fourier/Cosine/Sine Transform) Package</span>.<span class="homepage"><a href="http://www.kurims.kyoto-u.ac.jp/~ooura/fft.html">homepage</a></span>.<input type="checkbox" hidden id="0">.<label class="show" for="0" tabindex="0"></label>.<div class="licence">.<pre>Copyright(C) 1997,2001 Takuya OOURA (email: ooura@kurims.kyoto-u.ac.jp)..You may us

                                                                                                                                                                        C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exe

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\Desktop\ShadowFury.exe
                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):138321408
                                                                                                                                                                        Entropy (8bit):6.983407133929919
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:1572864:O4sMLl/BkZTVV2iplzf+ekzrMdTOG0AfhgojwlwVgmPQtn06H9rejAEdCoIZXCVG:nl/BkVVPBDgmPKa5Wnu3X7
                                                                                                                                                                        MD5:40C4CD50211B681DD8FB792E61C1528A
                                                                                                                                                                        SHA1:D9A5697C55DE20ECE15E8123A97F9987ED519D5C
                                                                                                                                                                        SHA-256:BB0410610F2B6148F5A2D7995059264ACA1F92CBC7F636ACEF259CAD6162679B
                                                                                                                                                                        SHA-512:6E9CD99FEE28A0543AB09C993942EF1498F1AB46CD056B178FC4BD903B5FAEDA1BC96A3E1A93658794E5851C8B60C3C89AB54A424CA8FFABA03CF40CD4BDA9E7
                                                                                                                                                                        Malicious:true
                                                                                                                                                                        Antivirus:
                                                                                                                                                                        • Antivirus: Virustotal, Detection: 3%, Browse
                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...)<#d.........."......"...h.......L|...........@.......................... w...........@.............................$.......h.....5.......................7..?..........................+......XO..............d...8...D........................text...B!.......".................. ..`.rdata..DWK..@...XK..&..............@..@.data.....=..........~..............@....00cfg........5......j..............@..@.rodata.`.....5......l.............. ..`.tls..........5......v..............@...CPADinfo(.....5......x..............@...malloc_hL.....5......z.............. ..`.rsrc.........5.....................@..@.reloc...?...7...?.................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Programs\ShadowFury\chrome_100_percent.pak

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\Desktop\ShadowFury.exe
                                                                                                                                                                        File Type:data
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):127125
                                                                                                                                                                        Entropy (8bit):7.915612661029362
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:3072:vlKzwqCT4wDNzIwL2o418Gb0+VRLf0ld0GY3cQ39Vm2I:vlKzwt4uEgK18Gb0OV8ld0GecQ3f2
                                                                                                                                                                        MD5:ACD0FA0A90B43CD1C87A55A991B4FAC3
                                                                                                                                                                        SHA1:17B84E8D24DA12501105B87452F86BFA5F9B1B3C
                                                                                                                                                                        SHA-256:CCBCA246B9A93FA8D4F01A01345E7537511C590E4A8EFD5777B1596D10923B4B
                                                                                                                                                                        SHA-512:3E4C4F31C6C7950D5B886F6A8768077331A8F880D70B905CF7F35F74BE204C63200FF4A88FA236ABCCC72EC0FC102C14F50DD277A30F814F35ADFE5A7AE3B774
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:..............t...#.....:.I...J~p...K~6...L~....M~#...N~....O~`...P~m...Q~....R~....S~I...T~....U~'"..V~.,..^~.7.._~;9..b~v:..c~(<..j~.<..k~.B..l~fH..m~.J..n~.K..o~.L.....M.....N....aP....IS....BV....uY.....]....Pa.....d....h....i...hk....l....m...An....n.....................................K.....x...........4.....m.....D.............................1........................'.....*.....4.....>.....C.....D....hM.....U.....V....>X.....Z....E].....]....a...%c....d....f....h....i....k....l....o...wq....t...7v....y....}....~...m................................3.................g.....6............................k.....-...........3.....9......................H.......................Y.................{.....s....M..............F...................&....y..............\....p....Z.........Z.........g...........................T..................6...............M.................r...........1.................X.................u.......

                                                                                                                                                                        C:\Users\user\AppData\Local\Programs\ShadowFury\chrome_200_percent.pak

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\Desktop\ShadowFury.exe
                                                                                                                                                                        File Type:data
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):177406
                                                                                                                                                                        Entropy (8bit):7.939611912805236
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:3072:4DQYaEQN6AJPKNzIwafR54x5GMR+F44ffbdZnYw9p4AbIVGYoDd+HxNK/rIM0:4DQYaNN68QEVgx5GMRejnbdZnVE6YopY
                                                                                                                                                                        MD5:4610337E3332B7E65B73A6EA738B47DF
                                                                                                                                                                        SHA1:8D824C9CF0A84AB902E8069A4DE9BF6C1A9AAF3B
                                                                                                                                                                        SHA-256:C91ABF556E55C29D1EA9F560BB17CC3489CB67A5D0C7A22B58485F5F2FBCF25C
                                                                                                                                                                        SHA-512:039B50284D28DCD447E0A486A099FA99914D29B543093CCCDA77BBEFDD61F7B7F05BB84B2708AE128C5F2D0C0AB19046D08796D1B5A1CFF395A0689AB25CCB51
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:..............t...#.....:.t...J~....K~....L~....M~....N~....O~....P~.%..Q~.*..R~.-..S~c5..T~.9..U~.A..V~.V..^~Ck.._~.m..b~)o..c~yr..j~#s..k~.}..l~....m~...n~...o~......................................K.....!..................Q..............*........................a.......................,%....H0.....2....E:....(A.....F.....L.....R.....T....QY....:].....f.....i....br....Sv..........C...........).................].....}................................................................................................. ....!....%.....*.....,..........O/...../....y1.....2....l4.....6.....7....A:.....?.....C.....K.....S.....Y....._.....e....Ok.....l.....m.....n.....o.....q.....r.....s.....u....:w..............P............................%.............7................,........G........u.............B........S.........a....%........;.....................l...........T..........R...........6..........).............

                                                                                                                                                                        C:\Users\user\AppData\Local\Programs\ShadowFury\d3dcompiler_47.dll

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\Desktop\ShadowFury.exe
                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):4127200
                                                                                                                                                                        Entropy (8bit):6.577665867424953
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:49152:OS7PQ+besnXqRtHKzhwSsz6Ku1FVVOsLQuouM0MeAD36FqxLfeIgSNwLTzHiU2Ir:O4PhqqFVUsLQl6FqVCLTzHxJIMd
                                                                                                                                                                        MD5:3B4647BCB9FEB591C2C05D1A606ED988
                                                                                                                                                                        SHA1:B42C59F96FB069FD49009DFD94550A7764E6C97C
                                                                                                                                                                        SHA-256:35773C397036B368C1E75D4E0D62C36D98139EBE74E42C1FF7BE71C6B5A19FD7
                                                                                                                                                                        SHA-512:00CD443B36F53985212AC43B44F56C18BF70E25119BBF9C59D05E2358FF45254B957F1EC63FC70FB57B1726FD8F76CCFAD8103C67454B817A4F183F9122E3F50
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Antivirus:
                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                        Joe Sandbox View:
                                                                                                                                                                        • Filename: SenPalia.exe, Detection: malicious, Browse
                                                                                                                                                                        • Filename: UnderWars.exe, Detection: malicious, Browse
                                                                                                                                                                        • Filename: SenPalia.exe, Detection: malicious, Browse
                                                                                                                                                                        • Filename: UnderWars.exe, Detection: malicious, Browse
                                                                                                                                                                        • Filename: SenPalia.exe, Detection: malicious, Browse
                                                                                                                                                                        • Filename: SenPalia.exe, Detection: malicious, Browse
                                                                                                                                                                        • Filename: SecuriteInfo.com.Heuristic.HEUR.AGEN.1343277.7061.14046.exe, Detection: malicious, Browse
                                                                                                                                                                        • Filename: SecuriteInfo.com.Heuristic.HEUR.AGEN.1343277.7061.14046.exe, Detection: malicious, Browse
                                                                                                                                                                        • Filename: nsis-installer.exe, Detection: malicious, Browse
                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........!7P.OdP.OdP.Od..NeR.OdP.Nd..OdY..dU.Od.Jem.Od.KeQ.Od...dQ.Od..Leo.Od..Je..Od..OeQ.Od..Ge..Od..Kec.Od...dQ.Od..MeQ.OdRichP.Od................PE..L..................!.....2<..*...............P<...............................?.......?...@A.........................<<.u.....=.P.....=.@.............>..%....=.........T....................u..........@.............=..............................text...e0<......2<................. ..`.data...`"...P<......6<.............@....idata........=.......<.............@..@.rsrc...@.....=.......<.............@..@.reloc........=.......<.............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Programs\ShadowFury\ffmpeg.dll

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\Desktop\ShadowFury.exe
                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):2577408
                                                                                                                                                                        Entropy (8bit):6.874677747990032
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:49152:YKM7YWN1tYNFKtJPP5f+8xH6UahvIxi9xrBYHZU7ewdCUQFdqQi9muA:YKM7YWNT2Kt9QoaUalEi9xqZ29dA
                                                                                                                                                                        MD5:1BB0E1140EF08440AD47D80B70DBF742
                                                                                                                                                                        SHA1:C2E4243BAD76B465B5AB39865AC023DB1632D6B0
                                                                                                                                                                        SHA-256:C0D9EDDE3864D9450744F4BC526A98608B629AEED01C6647F600802E1B1CF671
                                                                                                                                                                        SHA-512:29D71E3BD7DF7014A03E26CA6EE5B59FF6E3D06096742FAE5DEC6282ABD1F0D2F24C886A503E3A691D38CC68E0DA504A7F657DCEC4758B640A1A523D3EEAA57A
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Antivirus:
                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...)<#d.........."!................p........................................@=...........@A.........................+&......1&.(............................`<.(...l.%.......................%.....@...............l3&..............................text...7........................... ..`.rdata..T...........................@..@.data........p&......X&.............@....00cfg.......@<......t&.............@..@.tls.........P<......v&.............@....reloc..(....`<......x&.............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Programs\ShadowFury\icudtl.dat

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\Desktop\ShadowFury.exe
                                                                                                                                                                        File Type:data
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):10542048
                                                                                                                                                                        Entropy (8bit):6.277141340322909
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:98304:OKPBQYOo+ddlymOk25flQCUliXUxiG9Ha93Whla6ZGdnp/8k:OKPBhORjOhCliXUxiG9Ha93Whla6ZGrn
                                                                                                                                                                        MD5:D89CE8C00659D8E5D408C696EE087CE3
                                                                                                                                                                        SHA1:49FC8109960BE3BB32C06C3D1256CB66DDED19A8
                                                                                                                                                                        SHA-256:9DFBE0DAD5C7021CFE8DF7F52458C422CBC5BE9E16FF33EC90665BB1E3F182DE
                                                                                                                                                                        SHA-512:DB097CE3EB9E132D0444DF79B167A7DCB2DF31EFFBBD3DF72DA3D24AE2230CC5213C6DF5E575985A9918FBD0A6576E335B6EBC12B6258BC93FA205399DE64C37
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:...'........CmnD........ Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html .Q....B.......B...#...B.. $...B..p$...B...$...B...%...B..`P...C...P...C...Q..(C......<C.....OC......bC..@...uC.......C..P....C.......C.......C..p....C.. ....C.......C.......D..p... D.....3D..0...FD.....YD.....lD.......D......D..0....D.......D..p....D......D..@....D.......E......E..@...*E.....=E..P...NE......bE.....rE..@....E.......E.......E..P....E.......E......E..@....F.......F.....'F..0...7F..P...JF......aF......qF...G...F.. H...F..`K...F...K...F...L...F...-...F...c...G....'.'G....'.>G..@.'.UG..0.'.oG....'..G...!'..G...!'..G..P&'..G...)'..G..@*'..H..`.(..H...e).7H..0.).VH...)*.xH....*..H....*..H...P+..H...Y+..H...Z+..I...]+. I..`^+.9I.. .+.UI....+.lI....+..I..P.-..I...=...I.......I.......I.. ....J..p....J......-J..p...EJ......ZJ......rJ..`....J..@....J.......J.......J..0....J.......J.......J..0....K..@....K..../.2K...,/.GK..../.\K..

                                                                                                                                                                        C:\Users\user\AppData\Local\Programs\ShadowFury\libEGL.dll

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\Desktop\ShadowFury.exe
                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):380416
                                                                                                                                                                        Entropy (8bit):6.587105864412105
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:6144:6FVfk760MmXXwvT3WpVgvpqwm9SPECshBZeD6EHh:267rjnpVgvpqwm93rIW
                                                                                                                                                                        MD5:E0A5D1A5D55DFFB55513ACB736CEF1C1
                                                                                                                                                                        SHA1:307FC023790AF5BF3D45678DE985E8E9F34896F7
                                                                                                                                                                        SHA-256:AA5DA4005C76CFE5195B69282B2AD249D7DC2300BBC979592BD67315FC30C669
                                                                                                                                                                        SHA-512:094E23869FD42C60F83E0F4D1A2CD1A29D2EFD805AC02A01CE9700B8E7B0E39E52FE86503264A0298C85F0D02B38620F1E773F2EA981F3049AEBA3104B04253F
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Antivirus:
                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...)<#d.........."!.....h...b...............................................@............@A........................0;......FI..(.......x.......................P@..@........................-.......................J..`............................text....f.......h.................. ..`.rdata...............l..............@..@.data...d3...........f..............@....00cfg..............................@..@.tls................................@....rsrc...x...........................@..@.reloc..P@.......B..................@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Programs\ShadowFury\libGLESv2.dll

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\Desktop\ShadowFury.exe
                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):6685696
                                                                                                                                                                        Entropy (8bit):6.815311523896318
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:98304:ZHYQkvdLN+UNQR14/hr5njmwSNDBVO0Bz7arD+0t1t0zA5Lgs2+A1tCw:itvwq/hr5jmwSVBJBz7arQA+sq1tC
                                                                                                                                                                        MD5:44F7C21B6010048E0DCDC43D83EBD357
                                                                                                                                                                        SHA1:D0A4DFD8DBAE1A8421C3043315D78ECD84502B16
                                                                                                                                                                        SHA-256:F6259A9B9C284EE5916447DD9D0BA051C2908C9D3662D42D8BBE6CE6D65A37DE
                                                                                                                                                                        SHA-512:7E03538DD8E798D0E808A8FC6E149E83DE9F8404E839900F6C9535DA6AAC8EF4D5C31044E547DDE34DCECE1255FAB9A9255FA069A99FCB08E49785D812B3887C
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Antivirus:
                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...)<#d.........."!......M.........`<C.......................................f...........@A..........................^.....r._.d.....b.......................b.t...,0^....................../^.....P.N..............._.8....^.@....................text...J.M.......M................. ..`.rdata..<.....N.......M.............@..@.data...<....._..(...._.............@....00cfg.......pb.......a.............@..@.tls..........b.......a.............@....rsrc.........b.......a.............@..@.reloc..t.....b.......a.............@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Programs\ShadowFury\locales\af.pak

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\Desktop\ShadowFury.exe
                                                                                                                                                                        File Type:data
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):377708
                                                                                                                                                                        Entropy (8bit):5.4079285675542845
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:6144:ebGJWQdLX/Wi6fR9a5DhZ2FQPnUGSBhjA636Zi2Jyn9Ybt5KXpgmLwSVxJsVxSjf:6GJW2bOi6fRmZ2OPnUThjA636Zi2Jynd
                                                                                                                                                                        MD5:7E51349EDC7E6AED122BFA00970FAB80
                                                                                                                                                                        SHA1:EB6DF68501ECCE2090E1AF5837B5F15AC3A775EB
                                                                                                                                                                        SHA-256:F528E698B164283872F76DF2233A47D7D41E1ABA980CE39F6B078E577FD14C97
                                                                                                                                                                        SHA-512:69DA19053EB95EEF7AB2A2D3F52CA765777BDF976E5862E8CEBBAA1D1CE84A7743F50695A3E82A296B2F610475ABB256844B6B9EB7A23A60B4A9FC4EAE40346D
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:........E...h.....i.....j.....k.....l.....n."...o.'...p.4...r.:...s.K...t.T...v.i...w.v...y.|...z.....|.....}.....................................................................................-.....>.....E.....N.....g.....p.....{...................................................../.....?.....K.....X.....y...........................................................<.....R.....W.....].....l.....y.....}.....................................................+.....9.....A.....I.....P.....U.....c.....s...............................................%.....J.....d.....m.....y...........................................................+.....2.....5.....6.....B.....L.....V.....].....g.............................O.....^.....k.................................................................".....5.....Q.....z....................................... .....".....%.....(.$...*.D...+.G...,.e........./.....0.....1.....3.....4.....5.....6.D...7.U...8.j...9.y...<.....=.....>.....?.....@.....A.....C.$...D.+.

                                                                                                                                                                        C:\Users\user\AppData\Local\Programs\ShadowFury\locales\am.pak

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\Desktop\ShadowFury.exe
                                                                                                                                                                        File Type:data
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):613642
                                                                                                                                                                        Entropy (8bit):4.894733266944232
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:12288:b3pIuPzq8xSTwO8sgjZz5E9VJAVtnuviQix30jH8+I:b3plq8xLO8zjZz5E9VJAVtSiQO
                                                                                                                                                                        MD5:2009647C3E7AED2C4C6577EE4C546E19
                                                                                                                                                                        SHA1:E2BBACF95EC3695DAAE34835A8095F19A782CBCF
                                                                                                                                                                        SHA-256:6D61E5189438F3728F082AD6F694060D7EE8E571DF71240DFD5B77045A62954E
                                                                                                                                                                        SHA-512:996474D73191F2D550C516ED7526C9E2828E2853FCFBE87CA69D8B1242EB0DEDF04030BBCA3E93236BBD967D39DE7F9477C73753AF263816FAF7D4371F363BA3
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:........W...h.....i.....j.'...k.6...l.A...n.I...o.N...p.[...r.a...s.r...t.{...v.....w.....y.....z.....|.....}.........................................................................7.....S.....i.........................................L.....k.....m.....q...................................1.....A.....`.............................".....4.....=.....\.....~...................................5.....Q.....W.....Z.....i.............................K.....z.....................................................8.....G.....`.............................".........................................>.....A.....s.............................@.....G.....J.....K.....W.....`.....|.......................<............................./.....g.....w...............................................3.......................E.....j.....p.....x..................... .....".....%.6...(.c...*.....+.....,.........../.....0.....1.]...3.y...4.....5.....6.K...7.s...8.....9.....;.....<.....=.....>.?...?.I...@.i...A.....C...

                                                                                                                                                                        C:\Users\user\AppData\Local\Programs\ShadowFury\locales\ar.pak

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\Desktop\ShadowFury.exe
                                                                                                                                                                        File Type:data
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):671738
                                                                                                                                                                        Entropy (8bit):4.903433286644294
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:12288:gjptqBycpX8vYULIrmhkH+P5NNb++YTzgpPMgSENeX:BB2um5S++
                                                                                                                                                                        MD5:47A6D10B4112509852D4794229C0A03B
                                                                                                                                                                        SHA1:2FB49A0B07FBDF8D4CE51A7B5A7F711F47A34951
                                                                                                                                                                        SHA-256:857FE3AB766B60A8D82B7B6043137E3A7D9F5CFB8DDD942316452838C67D0495
                                                                                                                                                                        SHA-512:5F5B280261195B8894EFAE9DF2BECE41C6C6A72199D65BA633C30D50A579F95FA04916A30DB77831F517B22449196D364D6F70D10D6C5B435814184B3BCF1667
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:........*...h.....i.....j.....k.....l.....n.....o.....p.....r.....s.....t.!...v.6...w.C...y.I...z.X...|.^...}.p.....x.....}.................................................................'.....^.....n...................................'.....*...........V.....x.........................................G.....].....p...............................................o...................................................../.....Q.....s.......................(....._.....i.....q.....x.............................#.....:.....m.......................).....Z.....k.........................................$.....?.....U.....k...........................................................p.................7.....L.....h.......................!.....1.....9.....E.....g.......................&.....Z............................................. .'...".D...%.x...(.....*.....+.....,.6.....M.../.~...0.....1.....3.....4.....5.,...6.....7.....8.....9.....;.....<.:...=.P...>.....?.....@.....A.....C.....D.....E.!...F._.

                                                                                                                                                                        C:\Users\user\AppData\Local\Programs\ShadowFury\locales\bg.pak

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\Desktop\ShadowFury.exe
                                                                                                                                                                        File Type:data
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):701716
                                                                                                                                                                        Entropy (8bit):4.66095894344634
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:12288:7Od6KqVw2iILlY+dAs1aQUfjoaVV4FH2mFxvx35uKN3CuKb7szmV2Jfu64K+z5jG:KsKqJi6lY+dAs1aQU7yZx35uK4XQzQI9
                                                                                                                                                                        MD5:A19269683A6347E07C55325B9ECC03A4
                                                                                                                                                                        SHA1:D42989DAF1C11FCFFF0978A4FB18F55EC71630EC
                                                                                                                                                                        SHA-256:AD65351A240205E881EF5C4CF30AD1BC6B6E04414343583597086B62D48D8A24
                                                                                                                                                                        SHA-512:1660E487DF3F3F4EC1CEA81C73DCA0AB86AAF121252FBD54C7AC091A43D60E1AFD08535B082EFD7387C12616672E78AA52DDDFCA01F833ABEF244284482F2C76
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:........P...h.....i.....j.....k.%...l.0...n.8...o.=...p.J...r.P...s.a...t.j...v.....w.....y.....z.....|.....}.........................................................................F.....h...............................................[.........................................#.....Q.....x...................................[.........................................T...............................................'.....U......................./.....c...............................................>.....s.............................4.....^................. .....9.....V.....l...................................\...............................................&.....B.....S.....v...............................................O.....r...................................0.......................9.....z.......................-.....[............... .....".....%.....(.E...*.q...+.t...,.........../.....0.....1.....3.....4.....5.....6.....7.....8.....9.....;.3...<.G...=._...>.....?.....@.....A.....C.F.

                                                                                                                                                                        C:\Users\user\AppData\Local\Programs\ShadowFury\locales\bn.pak

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\Desktop\ShadowFury.exe
                                                                                                                                                                        File Type:data
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):904943
                                                                                                                                                                        Entropy (8bit):4.273773274227575
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:1536:wqf22AwWk+ADszaaH0PaMadiMNKVbVtQW01jilDouMGsW2uMBVr+9RU4yVS5PMxq:1zW/AMfafVoCp8YbkJBbdJ2DB5y0XlRB
                                                                                                                                                                        MD5:5CDD07FA357C846771058C2DB67EB13B
                                                                                                                                                                        SHA1:DEB87FC5C13DA03BE86F67526C44F144CC65F6F6
                                                                                                                                                                        SHA-256:01C830B0007B8CE6ACA46E26D812947C3DF818927B826F7D8C5FFD0008A32384
                                                                                                                                                                        SHA-512:2AC29A3AA3278BD9A8FE1BA28E87941F719B14FBF8B52E0B7DC9D66603C9C147B9496BF7BE4D9E3AA0231C024694EF102DCC094C80C42BE5D68D3894C488098C
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:........K...h.....i.....j.....k.$...l./...n.7...o.=...p.J...r.P...s.a...t.j...v.....w.....y.....z.....|.....}.............................................................................................................7.....a.......................".....$.....(.....P.......................+.....T.....p.......................H...................................M.....c...........5.....D....._.........................................A.....z.................B.......................................................................H.....a.....s.........................................B.....g.............................3.....W.....{...............................................>...........j...................................6.....R.........................................g...........9.....u...........V...................................8... .M...".....%.....(. ...*.\...,._........./.....0.....1.`...3.....4.....5.....6.....7.....8.E...9.d...;.....<.....=.....>."...?.5...@.j...A.....C.3...D.S.

                                                                                                                                                                        C:\Users\user\AppData\Local\Programs\ShadowFury\locales\ca.pak

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\Desktop\ShadowFury.exe
                                                                                                                                                                        File Type:data
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):426906
                                                                                                                                                                        Entropy (8bit):5.400864409916039
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:12288:+XnGrijIs3cSlFEYLCJBB43nbhjJSwmrwiwWzM1ldLbpuQ16BtryBBwIle3nei3X:iNV4ossMNu51hnW5CptA
                                                                                                                                                                        MD5:D259469E94F2ADF54380195555154518
                                                                                                                                                                        SHA1:D69060BBE8E765CA4DC1F7D7C04C3C53C44B8AB5
                                                                                                                                                                        SHA-256:F98B7442BEFC285398A5DD6A96740CBA31D2F5AADADD4D5551A05712D693029B
                                                                                                                                                                        SHA-512:D0BD0201ACF4F7DAA84E89AA484A3DEC7B6A942C3115486716593213BE548657AD702EF2BC1D3D95A4A56B0F6E7C33D5375F41D6A863E4CE528F2BD6A318240E
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:........N...h.....i.....j.....k.!...l.,...n.4...o.9...p.F...r.L...s.]...t.f...v.{...w.....y.....z.....|.....}...............................................................................6.....O.....o.....|.....................................................2.....J.....j.....q...........................................................1.....;.....M.....].......................................................................D.....i.................................................................+.....2.....?.....u.........................................".....5.....F.....b.....e.....}.............................................................................&.....h......................./.....P.....s.....................................................4.....P.....|...............................................:.....F... .Q...".g...%.....(.....*.....+.....,.........../.-...0.2...1.h...3.x...4.....5.....6.....7.....8.....9.(...;.6...<.D...=.R...>.l...?.v...@.....A.....C.....D.....E...

                                                                                                                                                                        C:\Users\user\AppData\Local\Programs\ShadowFury\resources.pak

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\Desktop\ShadowFury.exe
                                                                                                                                                                        File Type:data
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):5245458
                                                                                                                                                                        Entropy (8bit):7.995476669559971
                                                                                                                                                                        Encrypted:true
                                                                                                                                                                        SSDEEP:98304:HLYxfQVcnNWz49PDq2AwpmqdhBh1Dd42cjrwrbHw4o0DPelwG3RC:H0pQGcMButuBhpd4jkrU4oeelrRC
                                                                                                                                                                        MD5:7D5065ECBA284ED704040FCA1C821922
                                                                                                                                                                        SHA1:095FCC890154A52AD1998B4B1E318F99B3E5D6B8
                                                                                                                                                                        SHA-256:A10C3D236246E001CB9D434A65FC3E8AA7ACDDDDD9608008DB5C5C73DEE0BA1F
                                                                                                                                                                        SHA-512:521B2266E3257ADAA775014F77B0D512FF91B087C2572359D68FFE633B57A423227E3D5AF8EE4494538F1D09AA45FFA1FE8E979814178512C37F7088DDD7995D
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:............f.......P'....$*.....-...43@...4.H...4XK...4i]...4.f...4.m...4?p...4.v...4.x...4.z...4.~...4....4.....4?....4.....4....4.....4=....4z....4a....4....4....4.....4.....4.....43....4.....4.....4J....4J....4.....4.....4#....4j....4J....5.....5....v5.:..w5.;..x5.<..y5.>..z5a?...5.?...5.D...5.E...5dJ...5.O...5.V...5.f...5.w...5.x...5.|..n<&...x<....y<....z<....{<....|<....<+....<r....<8....</....<....V@....W@....X@x...Y@d...Z@....[@2...\@O...]@....^@...._@hh..`@....<A....=A.....P.~...Pe....PX....P.....P.....Pt....P.....P3....Q.....QF....Q.....Q.....Q.....Q[....QA....Q.....Q.....QW....Q.....Qv....Q9!...Q.'...QF....Q.1..,Q.F..-QsL...QLN../Q.P..0Q.U..1Q.i..2Q.j..3Q.k..4QEm..5Q.o..6Q.r..7Q~t..8QEw..9Q!x..:Q.z..;Ql...<Q)...=Q....>Q ...?Q"....R....Ry....}.....}. ...}._...}%a...}[h...}.h...}[j...}Lo...}....}.&...}.....}.6...}4;...}.=...}&B...}mG...~.O...~.d...~.q...~.t...~.|...~.}..!~...."~....#~...$~|...&~....'~A...(~....)~....*~t$..+~.4..,~.6..-~V8...~.;../~i<..0~|=..1~iA..2~.H

                                                                                                                                                                        C:\Users\user\AppData\Local\Programs\ShadowFury\snapshot_blob.bin

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\Desktop\ShadowFury.exe
                                                                                                                                                                        File Type:data
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):220112
                                                                                                                                                                        Entropy (8bit):3.855980291560132
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:3072:PCwB4XM5LZsfo0p7SnaCCz3wqTYLmN6hdSajAvDGc/dH4WBlkwHvwi0UQn1nWIa3:KwNsf5PBt
                                                                                                                                                                        MD5:916127734BC7C5B0DB478191A37FC19A
                                                                                                                                                                        SHA1:F9D868C2578F14513FCB95E109AEC795C98DBBA3
                                                                                                                                                                        SHA-256:E19ED7FB96E19BB5BFE791DF03561D654EA5D52021C3403A2652F439A8D77801
                                                                                                                                                                        SHA-512:D291B26568572D5777B036577DDF30C1B6C6C41E9D53EF2D8AF735DB001EA5C568371F3907FBFFC02FEEE628F0F29AFB718AE5DEB32FF245A37947A7B1B9C297
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:..........j)11.2.214.9-electron.0...........................................D......L...........`....`....`....`b...`....`..........Y.D......`$.........D......`$.......D......`$.......m.D......`$.........D......`D.........D......`$.......1.D......`$.......D......`$.......D......`$.........D......`$.......D......`$......ID......`$.......D......`$.......D......`$....(Jb....I.....@..F^......`.....(Jb....M.....@..F^..`.....H...IDa........D`....D`....D`.......D`.....D]D....D`......WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa............L.........................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Programs\ShadowFury\v8_context_snapshot.bin

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\Desktop\ShadowFury.exe
                                                                                                                                                                        File Type:data
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):523336
                                                                                                                                                                        Entropy (8bit):5.1733870178138
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:6144:51ZU4IFZ/X+KBIViMMg8zYOK8B4UnK83ItBaUHK:nZaZ/OiY2BnrUAF
                                                                                                                                                                        MD5:4F4D00247758C684C295243DDEDD2948
                                                                                                                                                                        SHA1:F8E8FC6C22FDE9DF1D60C329E38B38A85F96BB69
                                                                                                                                                                        SHA-256:4EA84C4465EEA20B46E6DED30F711F1E0D61E15574D861B0210819ABD5E895E5
                                                                                                                                                                        SHA-512:2C335672979114BD68FF6F1B1B94235FBF072FE8642CAD1F7D61855B92741F0633FA0CCB77CD520BE560DB2D3AC75F9BE08E22806487BF5D3045781E3903AD45
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:........r4u.11.2.214.9-electron.0................................................C..`...l...............`....`....`T...`b...`....`..........Y.D......`$.........D......`$.......D......`$.......m.D......`$.........D......`D.........D......`$.......1.D......`$.......D......`$.......D......`$.........D......`$.......D......`$......ID......`$.......D......`$.......D......`$....(Jb....I.....@..F^......`.....(Jb....M.....@..F^..`.....H...IDa........D`....D`....D`.......D`.....D]D....D`......WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa............L.................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Programs\ShadowFury\vk_swiftshader.dll

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\Desktop\ShadowFury.exe
                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):4691456
                                                                                                                                                                        Entropy (8bit):6.674054781171017
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:98304:x2GmsucG1vUTM3SFhCrHglx7LQDCwchuW6ugI:cuuF4XhCGLQDCaI
                                                                                                                                                                        MD5:65A5705D95A0820740B3396851FF1751
                                                                                                                                                                        SHA1:A692A80BAFC41BA1B29EF19890F8465B3FB20DCB
                                                                                                                                                                        SHA-256:4C4B935CBB320033F504A89B1EB0A4BCB176BBD46A5981153CB1F54DEB146A1C
                                                                                                                                                                        SHA-512:0C5DF23B96EAF952C4A498FF6D854DF2B62E7631B16C2855ED37DDBADFFBA3DD52E7450F2E06CF094BEC2E0D70D14C87A652150766D90EC8662E03123DF5942D
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Antivirus:
                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...)<#d.........."!.....N9..D.......4.......................................H...........@A.........................C.~...f.C.P....pF.......................F..6...:C.....................0:C......`9..............C..............................text....L9......N9................. ..`.rdata......`9......R9.............@..@.data...8T....C..z....C.............@....00cfg.......PF......TE.............@..@.tls....1....`F......VE.............@....rsrc........pF......XE.............@..@.reloc...6....F..8...^E.............@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Programs\ShadowFury\vk_swiftshader_icd.json

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\Desktop\ShadowFury.exe
                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):106
                                                                                                                                                                        Entropy (8bit):4.724752649036734
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:3:YD96WyV18tzsmyXLVi1rTVWSCwW2TJHzeZ18rY:Y8WyV18tAZLVmCwXFiZ18rY
                                                                                                                                                                        MD5:8642DD3A87E2DE6E991FAE08458E302B
                                                                                                                                                                        SHA1:9C06735C31CEC00600FD763A92F8112D085BD12A
                                                                                                                                                                        SHA-256:32D83FF113FEF532A9F97E0D2831F8656628AB1C99E9060F0332B1532839AFD9
                                                                                                                                                                        SHA-512:F5D37D1B45B006161E4CEFEEBBA1E33AF879A3A51D16EE3FF8C3968C0C36BBAFAE379BF9124C13310B77774C9CBB4FA53114E83F5B48B5314132736E5BB4496F
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:{"file_format_version": "1.0.0", "ICD": {"library_path": ".\\vk_swiftshader.dll", "api_version": "1.0.5"}}

                                                                                                                                                                        C:\Users\user\AppData\Local\Programs\ShadowFury\vulkan-1.dll

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\Desktop\ShadowFury.exe
                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):804864
                                                                                                                                                                        Entropy (8bit):6.7728821881501
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:24576:cJObHhG7TEnCGlrpZpjL4TB46Z5WODYsHh6g3P0zAk722:c0c7TECgpZpju46Z5WODYsHh6g3P0zA+
                                                                                                                                                                        MD5:A947C5D8FEC95A0F24B4143CED301209
                                                                                                                                                                        SHA1:EBF3089985377A58B8431A14E22A814857287AAF
                                                                                                                                                                        SHA-256:29CB256921A1B0F222C82650469D534CCDF038D1F395B3AAA9F1086918F5D3FA
                                                                                                                                                                        SHA-512:75F5E055F4422B5558FC1CB3EA84FB7CBEAAE6F71C786CC06C295D4AB51C0B1C84E28A7C89FE544F007DBE8E612BED4059139F1575934FE4BAC8E538C674EBD3
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Antivirus:
                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...)<#d.........."!.....H...........8....................................................@A........................._..<!..L...P.... .......................0.......=.......................<.......`..............x................................text....F.......H.................. ..`.rdata..<U...`...V...L..............@..@.data...`5..........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc.......0......................@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\65009a31-e18f-4331-be2b-a374113ace84.tmp.node

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exe
                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):97792
                                                                                                                                                                        Entropy (8bit):6.296434347136517
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:1536:8Z7jVavjhGcYS3/OHs+6Lzmg1KWMwrBs8WF8/ZXdPKynsW7cdRYIq1EBZQctGX:8ravjhGcYSPl+6LX1KWB/LShRYyBukGX
                                                                                                                                                                        MD5:C5CB988E34DA7D6AABA113C2565224BD
                                                                                                                                                                        SHA1:FC15F35453A6B483C20402BD7CA0040EB0096D0B
                                                                                                                                                                        SHA-256:C376F270E702F71BAC0BCC4982031E99379728F748468C9B09C0C1B31D93FA08
                                                                                                                                                                        SHA-512:FED34CF2DDBB50319520067E0A960619D1B2A3DB29D4D47484ED271B3EDDC1F98AAD292A3FFC67AC6B94118BCC0D0944E23F37799CA9AEC3F852983A5C596CB1
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Antivirus:
                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 8%
                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........b..1..1..1...0..1...0n..1...0...1$'.1..1$'.0...1$'.0...1$'.0...1...0..1..1...1.$.0..1.$.1..1.$.0..1Rich..1........PE..L....l%f...........!...'.............<....................................................@..................................g..<....................................Q..p............................L..@...............,...(b..@....................text...o........................... ..`.rdata..tn.......p..................@..@.data...P....p.......\..............@....rsrc................h..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\6f9c7dcb-c5ec-4d75-b81c-93e1fcff8c95.tmp.node

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exe
                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):1596416
                                                                                                                                                                        Entropy (8bit):6.7441818559216
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:24576:WNZHyYJJhiA2bn2FBR4ynyowTFasl6UULOumD16klKFDRpvO4ZeXQlkuev2AFSH:UZT32b6tC14FDRpvOMevFS
                                                                                                                                                                        MD5:38B06A59C62C0AE0697CA7CA9D038FAA
                                                                                                                                                                        SHA1:5B0F8B212D3810E5A11EF3C8DB5CB608FE09F037
                                                                                                                                                                        SHA-256:DA32EED100DB13A4604149F70E3D04190183A83EF0737CEC69E2A9BFB6108E4D
                                                                                                                                                                        SHA-512:8DD4BD26AC711925AC7BE8ED6AA8CD8DA5E503CC10D7F8A8DD78A9655420F511215A925BA902370C9B5BE0515CE38C68A5650DE0136279FEFBB12080CEDB273E
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Antivirus:
                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 5%
                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........................|......./H...../H...../H.............!...K......Kq.....K.....Rich...........................PE..L....l%f...........!...'.....~...........................................................@..................................r..(..................................`*..p...........................0...@....................h..@....................text............................... ..`.rdata..j}.......~..................@..@.data....<.......0...j..............@....rsrc...............................@..@.reloc.............................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3wqgek32.5bo.psm1

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):60
                                                                                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_befqev12.yp0.psm1

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):60
                                                                                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bfzby2tn.dti.ps1

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):60
                                                                                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bp5zyjii.nj3.psm1

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):60
                                                                                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_csboxvu0.vp4.psm1

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):60
                                                                                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_euaxoon1.utp.psm1

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):60
                                                                                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_gbcndarq.3cq.psm1

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):60
                                                                                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hqeemgkq.tmi.psm1

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):60
                                                                                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jjride20.aha.ps1

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):60
                                                                                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nfpbmemr.4in.ps1

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):60
                                                                                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_oh5to30c.2rc.ps1

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):60
                                                                                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ovpyas1j.143.ps1

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):60
                                                                                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_paaopvor.qvp.ps1

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):60
                                                                                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qia5zjfx.s0j.ps1

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):60
                                                                                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qvmutyrc.fwo.ps1

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):60
                                                                                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_stre2n4a.5iq.psm1

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):60
                                                                                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_u1sbwzmi.jg3.ps1

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):60
                                                                                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vxj3fnhu.bhr.psm1

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):60
                                                                                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_w1sns1et.j1b.ps1

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):60
                                                                                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zpkphbdv.kid.psm1

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):60
                                                                                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\c72e6d37-050a-4632-91c0-63b85d93d972.tmp.node

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exe
                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):97792
                                                                                                                                                                        Entropy (8bit):6.296434347136517
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:1536:8Z7jVavjhGcYS3/OHs+6Lzmg1KWMwrBs8WF8/ZXdPKynsW7cdRYIq1EBZQctGX:8ravjhGcYSPl+6LX1KWB/LShRYyBukGX
                                                                                                                                                                        MD5:C5CB988E34DA7D6AABA113C2565224BD
                                                                                                                                                                        SHA1:FC15F35453A6B483C20402BD7CA0040EB0096D0B
                                                                                                                                                                        SHA-256:C376F270E702F71BAC0BCC4982031E99379728F748468C9B09C0C1B31D93FA08
                                                                                                                                                                        SHA-512:FED34CF2DDBB50319520067E0A960619D1B2A3DB29D4D47484ED271B3EDDC1F98AAD292A3FFC67AC6B94118BCC0D0944E23F37799CA9AEC3F852983A5C596CB1
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Antivirus:
                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 8%
                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........b..1..1..1...0..1...0n..1...0...1$'.1..1$'.0...1$'.0...1$'.0...1...0..1..1...1.$.0..1.$.1..1.$.0..1Rich..1........PE..L....l%f...........!...'.............<....................................................@..................................g..<....................................Q..p............................L..@...............,...(b..@....................text...o........................... ..`.rdata..tn.......p..................@..@.data...P....p.......\..............@....rsrc................h..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\ece2b052-aa6a-477b-a28f-4a0581807657.tmp.node

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exe
                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):1596416
                                                                                                                                                                        Entropy (8bit):6.7441818559216
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:24576:WNZHyYJJhiA2bn2FBR4ynyowTFasl6UULOumD16klKFDRpvO4ZeXQlkuev2AFSH:UZT32b6tC14FDRpvOMevFS
                                                                                                                                                                        MD5:38B06A59C62C0AE0697CA7CA9D038FAA
                                                                                                                                                                        SHA1:5B0F8B212D3810E5A11EF3C8DB5CB608FE09F037
                                                                                                                                                                        SHA-256:DA32EED100DB13A4604149F70E3D04190183A83EF0737CEC69E2A9BFB6108E4D
                                                                                                                                                                        SHA-512:8DD4BD26AC711925AC7BE8ED6AA8CD8DA5E503CC10D7F8A8DD78A9655420F511215A925BA902370C9B5BE0515CE38C68A5650DE0136279FEFBB12080CEDB273E
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Antivirus:
                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 5%
                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........................|......./H...../H...../H.............!...K......Kq.....K.....Rich...........................PE..L....l%f...........!...'.....~...........................................................@..................................r..(..................................`*..p...........................0...@....................h..@....................text............................... ..`.rdata..j}.......~..................@..@.data....<.......0...j..............@....rsrc...............................@..@.reloc.............................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\LICENSE.electron.txt

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\Desktop\ShadowFury.exe
                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):1096
                                                                                                                                                                        Entropy (8bit):5.13006727705212
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:24:36DiJHxRHuyPP3GtIHw1Gg9QH+sUW8Ok4F+d1o36qjFD:36DiJzfPvGt7ICQH+sfIte36AFD
                                                                                                                                                                        MD5:4D42118D35941E0F664DDDBD83F633C5
                                                                                                                                                                        SHA1:2B21EC5F20FE961D15F2B58EFB1368E66D202E5C
                                                                                                                                                                        SHA-256:5154E165BD6C2CC0CFBCD8916498C7ABAB0497923BAFCD5CB07673FE8480087D
                                                                                                                                                                        SHA-512:3FFBBA2E4CD689F362378F6B0F6060571F57E228D3755BDD308283BE6CBBEF8C2E84BEB5FCF73E0C3C81CD944D01EE3FCF141733C4D8B3B0162E543E0B9F3E63
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:Copyright (c) Electron contributors.Copyright (c) 2013-2020 GitHub Inc...Permission is hereby granted, free of charge, to any person obtaining.a copy of this software and associated documentation files (the."Software"), to deal in the Software without restriction, including.without limitation the rights to use, copy, modify, merge, publish,.distribute, sublicense, and/or sell copies of the Software, and to.permit persons to whom the Software is furnished to do so, subject to.the following conditions:..The above copyright notice and this permission notice shall be.included in all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,.EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF.MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND.NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE.LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION.OF CONTRACT, TORT OR OTHERWISE, ARISIN

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\LICENSES.chromium.html

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\Desktop\ShadowFury.exe
                                                                                                                                                                        File Type:HTML document, ASCII text
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):8312662
                                                                                                                                                                        Entropy (8bit):4.705814170451806
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:24576:dbTy6TU675kfWScRQfJw91SmfJB6i6e6R626X8HHdE/pG6:tygpj
                                                                                                                                                                        MD5:312446EDF757F7E92AAD311F625CEF2A
                                                                                                                                                                        SHA1:91102D30D5ABCFA7B6EC732E3682FB9C77279BA3
                                                                                                                                                                        SHA-256:C2656201AC86438D062673771E33E44D6D5E97670C3160E0DE1CB0BD5FBBAE9B
                                                                                                                                                                        SHA-512:DCE01F2448A49A0E6F08BBDE6570F76A87DCC81179BB51D5E2642AD033EE81AE3996800363826A65485AB79085572BBACE51409AE7102ED1A12DF65018676333
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview: Generated by licenses.py; do not edit. --><!doctype html>.<html>.<head>.<meta charset="utf-8">.<meta name="viewport" content="width=device-width">.<meta name="color-scheme" content="light dark">.<title>Credits</title>.<link rel="stylesheet" href="chrome://resources/css/text_defaults.css">.<link rel="stylesheet" href="chrome://credits/credits.css">.</head>.<body>.<span class="page-title" style="float:left;">Credits</span>.<a id="print-link" href="#" style="float:right;" hidden>Print</a>.<div style="clear:both; overflow:auto;"> Chromium <3s the following projects -->.<div class="product">.<span class="title">2-dim General Purpose FFT (Fast Fourier/Cosine/Sine Transform) Package</span>.<span class="homepage"><a href="http://www.kurims.kyoto-u.ac.jp/~ooura/fft.html">homepage</a></span>.<input type="checkbox" hidden id="0">.<label class="show" for="0" tabindex="0"></label>.<div class="licence">.<pre>Copyright(C) 1997,2001 Takuya OOURA (email: ooura@kurims.kyoto-u.ac.jp)..You may us

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\ShadowFury.exe

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\Desktop\ShadowFury.exe
                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):138321408
                                                                                                                                                                        Entropy (8bit):6.983407133929919
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:1572864:O4sMLl/BkZTVV2iplzf+ekzrMdTOG0AfhgojwlwVgmPQtn06H9rejAEdCoIZXCVG:nl/BkVVPBDgmPKa5Wnu3X7
                                                                                                                                                                        MD5:40C4CD50211B681DD8FB792E61C1528A
                                                                                                                                                                        SHA1:D9A5697C55DE20ECE15E8123A97F9987ED519D5C
                                                                                                                                                                        SHA-256:BB0410610F2B6148F5A2D7995059264ACA1F92CBC7F636ACEF259CAD6162679B
                                                                                                                                                                        SHA-512:6E9CD99FEE28A0543AB09C993942EF1498F1AB46CD056B178FC4BD903B5FAEDA1BC96A3E1A93658794E5851C8B60C3C89AB54A424CA8FFABA03CF40CD4BDA9E7
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Antivirus:
                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                        • Antivirus: Virustotal, Detection: 3%, Browse
                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...)<#d.........."......"...h.......L|...........@.......................... w...........@.............................$.......h.....5.......................7..?..........................+......XO..............d...8...D........................text...B!.......".................. ..`.rdata..DWK..@...XK..&..............@..@.data.....=..........~..............@....00cfg........5......j..............@..@.rodata.`.....5......l.............. ..`.tls..........5......v..............@...CPADinfo(.....5......x..............@...malloc_hL.....5......z.............. ..`.rsrc.........5.....................@..@.reloc...?...7...?.................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\chrome_100_percent.pak

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\Desktop\ShadowFury.exe
                                                                                                                                                                        File Type:data
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):127125
                                                                                                                                                                        Entropy (8bit):7.915612661029362
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:3072:vlKzwqCT4wDNzIwL2o418Gb0+VRLf0ld0GY3cQ39Vm2I:vlKzwt4uEgK18Gb0OV8ld0GecQ3f2
                                                                                                                                                                        MD5:ACD0FA0A90B43CD1C87A55A991B4FAC3
                                                                                                                                                                        SHA1:17B84E8D24DA12501105B87452F86BFA5F9B1B3C
                                                                                                                                                                        SHA-256:CCBCA246B9A93FA8D4F01A01345E7537511C590E4A8EFD5777B1596D10923B4B
                                                                                                                                                                        SHA-512:3E4C4F31C6C7950D5B886F6A8768077331A8F880D70B905CF7F35F74BE204C63200FF4A88FA236ABCCC72EC0FC102C14F50DD277A30F814F35ADFE5A7AE3B774
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:..............t...#.....:.I...J~p...K~6...L~....M~#...N~....O~`...P~m...Q~....R~....S~I...T~....U~'"..V~.,..^~.7.._~;9..b~v:..c~(<..j~.<..k~.B..l~fH..m~.J..n~.K..o~.L.....M.....N....aP....IS....BV....uY.....]....Pa.....d....h....i...hk....l....m...An....n.....................................K.....x...........4.....m.....D.............................1........................'.....*.....4.....>.....C.....D....hM.....U.....V....>X.....Z....E].....]....a...%c....d....f....h....i....k....l....o...wq....t...7v....y....}....~...m................................3.................g.....6............................k.....-...........3.....9......................H.......................Y.................{.....s....M..............F...................&....y..............\....p....Z.........Z.........g...........................T..................6...............M.................r...........1.................X.................u.......

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\chrome_200_percent.pak

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\Desktop\ShadowFury.exe
                                                                                                                                                                        File Type:data
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):177406
                                                                                                                                                                        Entropy (8bit):7.939611912805236
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:3072:4DQYaEQN6AJPKNzIwafR54x5GMR+F44ffbdZnYw9p4AbIVGYoDd+HxNK/rIM0:4DQYaNN68QEVgx5GMRejnbdZnVE6YopY
                                                                                                                                                                        MD5:4610337E3332B7E65B73A6EA738B47DF
                                                                                                                                                                        SHA1:8D824C9CF0A84AB902E8069A4DE9BF6C1A9AAF3B
                                                                                                                                                                        SHA-256:C91ABF556E55C29D1EA9F560BB17CC3489CB67A5D0C7A22B58485F5F2FBCF25C
                                                                                                                                                                        SHA-512:039B50284D28DCD447E0A486A099FA99914D29B543093CCCDA77BBEFDD61F7B7F05BB84B2708AE128C5F2D0C0AB19046D08796D1B5A1CFF395A0689AB25CCB51
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:..............t...#.....:.t...J~....K~....L~....M~....N~....O~....P~.%..Q~.*..R~.-..S~c5..T~.9..U~.A..V~.V..^~Ck.._~.m..b~)o..c~yr..j~#s..k~.}..l~....m~...n~...o~......................................K.....!..................Q..............*........................a.......................,%....H0.....2....E:....(A.....F.....L.....R.....T....QY....:].....f.....i....br....Sv..........C...........).................].....}................................................................................................. ....!....%.....*.....,..........O/...../....y1.....2....l4.....6.....7....A:.....?.....C.....K.....S.....Y....._.....e....Ok.....l.....m.....n.....o.....q.....r.....s.....u....:w..............P............................%.............7................,........G........u.............B........S.........a....%........;.....................l...........T..........R...........6..........).............

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\d3dcompiler_47.dll

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\Desktop\ShadowFury.exe
                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):4127200
                                                                                                                                                                        Entropy (8bit):6.577665867424953
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:49152:OS7PQ+besnXqRtHKzhwSsz6Ku1FVVOsLQuouM0MeAD36FqxLfeIgSNwLTzHiU2Ir:O4PhqqFVUsLQl6FqVCLTzHxJIMd
                                                                                                                                                                        MD5:3B4647BCB9FEB591C2C05D1A606ED988
                                                                                                                                                                        SHA1:B42C59F96FB069FD49009DFD94550A7764E6C97C
                                                                                                                                                                        SHA-256:35773C397036B368C1E75D4E0D62C36D98139EBE74E42C1FF7BE71C6B5A19FD7
                                                                                                                                                                        SHA-512:00CD443B36F53985212AC43B44F56C18BF70E25119BBF9C59D05E2358FF45254B957F1EC63FC70FB57B1726FD8F76CCFAD8103C67454B817A4F183F9122E3F50
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Antivirus:
                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........!7P.OdP.OdP.Od..NeR.OdP.Nd..OdY..dU.Od.Jem.Od.KeQ.Od...dQ.Od..Leo.Od..Je..Od..OeQ.Od..Ge..Od..Kec.Od...dQ.Od..MeQ.OdRichP.Od................PE..L..................!.....2<..*...............P<...............................?.......?...@A.........................<<.u.....=.P.....=.@.............>..%....=.........T....................u..........@.............=..............................text...e0<......2<................. ..`.data...`"...P<......6<.............@....idata........=.......<.............@..@.rsrc...@.....=.......<.............@..@.reloc........=.......<.............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\ffmpeg.dll

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\Desktop\ShadowFury.exe
                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):2577408
                                                                                                                                                                        Entropy (8bit):6.874677747990032
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:49152:YKM7YWN1tYNFKtJPP5f+8xH6UahvIxi9xrBYHZU7ewdCUQFdqQi9muA:YKM7YWNT2Kt9QoaUalEi9xqZ29dA
                                                                                                                                                                        MD5:1BB0E1140EF08440AD47D80B70DBF742
                                                                                                                                                                        SHA1:C2E4243BAD76B465B5AB39865AC023DB1632D6B0
                                                                                                                                                                        SHA-256:C0D9EDDE3864D9450744F4BC526A98608B629AEED01C6647F600802E1B1CF671
                                                                                                                                                                        SHA-512:29D71E3BD7DF7014A03E26CA6EE5B59FF6E3D06096742FAE5DEC6282ABD1F0D2F24C886A503E3A691D38CC68E0DA504A7F657DCEC4758B640A1A523D3EEAA57A
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Antivirus:
                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...)<#d.........."!................p........................................@=...........@A.........................+&......1&.(............................`<.(...l.%.......................%.....@...............l3&..............................text...7........................... ..`.rdata..T...........................@..@.data........p&......X&.............@....00cfg.......@<......t&.............@..@.tls.........P<......v&.............@....reloc..(....`<......x&.............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\icudtl.dat

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\Desktop\ShadowFury.exe
                                                                                                                                                                        File Type:data
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):10542048
                                                                                                                                                                        Entropy (8bit):6.277141340322909
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:98304:OKPBQYOo+ddlymOk25flQCUliXUxiG9Ha93Whla6ZGdnp/8k:OKPBhORjOhCliXUxiG9Ha93Whla6ZGrn
                                                                                                                                                                        MD5:D89CE8C00659D8E5D408C696EE087CE3
                                                                                                                                                                        SHA1:49FC8109960BE3BB32C06C3D1256CB66DDED19A8
                                                                                                                                                                        SHA-256:9DFBE0DAD5C7021CFE8DF7F52458C422CBC5BE9E16FF33EC90665BB1E3F182DE
                                                                                                                                                                        SHA-512:DB097CE3EB9E132D0444DF79B167A7DCB2DF31EFFBBD3DF72DA3D24AE2230CC5213C6DF5E575985A9918FBD0A6576E335B6EBC12B6258BC93FA205399DE64C37
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:...'........CmnD........ Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html .Q....B.......B...#...B.. $...B..p$...B...$...B...%...B..`P...C...P...C...Q..(C......<C.....OC......bC..@...uC.......C..P....C.......C.......C..p....C.. ....C.......C.......D..p... D.....3D..0...FD.....YD.....lD.......D......D..0....D.......D..p....D......D..@....D.......E......E..@...*E.....=E..P...NE......bE.....rE..@....E.......E.......E..P....E.......E......E..@....F.......F.....'F..0...7F..P...JF......aF......qF...G...F.. H...F..`K...F...K...F...L...F...-...F...c...G....'.'G....'.>G..@.'.UG..0.'.oG....'..G...!'..G...!'..G..P&'..G...)'..G..@*'..H..`.(..H...e).7H..0.).VH...)*.xH....*..H....*..H...P+..H...Y+..H...Z+..I...]+. I..`^+.9I.. .+.UI....+.lI....+..I..P.-..I...=...I.......I.......I.. ....J..p....J......-J..p...EJ......ZJ......rJ..`....J..@....J.......J.......J..0....J.......J.......J..0....K..@....K..../.2K...,/.GK..../.\K..

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\libEGL.dll

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\Desktop\ShadowFury.exe
                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):380416
                                                                                                                                                                        Entropy (8bit):6.587105864412105
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:6144:6FVfk760MmXXwvT3WpVgvpqwm9SPECshBZeD6EHh:267rjnpVgvpqwm93rIW
                                                                                                                                                                        MD5:E0A5D1A5D55DFFB55513ACB736CEF1C1
                                                                                                                                                                        SHA1:307FC023790AF5BF3D45678DE985E8E9F34896F7
                                                                                                                                                                        SHA-256:AA5DA4005C76CFE5195B69282B2AD249D7DC2300BBC979592BD67315FC30C669
                                                                                                                                                                        SHA-512:094E23869FD42C60F83E0F4D1A2CD1A29D2EFD805AC02A01CE9700B8E7B0E39E52FE86503264A0298C85F0D02B38620F1E773F2EA981F3049AEBA3104B04253F
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Antivirus:
                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...)<#d.........."!.....h...b...............................................@............@A........................0;......FI..(.......x.......................P@..@........................-.......................J..`............................text....f.......h.................. ..`.rdata...............l..............@..@.data...d3...........f..............@....00cfg..............................@..@.tls................................@....rsrc...x...........................@..@.reloc..P@.......B..................@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\libGLESv2.dll

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\Desktop\ShadowFury.exe
                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):6685696
                                                                                                                                                                        Entropy (8bit):6.815311523896318
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:98304:ZHYQkvdLN+UNQR14/hr5njmwSNDBVO0Bz7arD+0t1t0zA5Lgs2+A1tCw:itvwq/hr5jmwSVBJBz7arQA+sq1tC
                                                                                                                                                                        MD5:44F7C21B6010048E0DCDC43D83EBD357
                                                                                                                                                                        SHA1:D0A4DFD8DBAE1A8421C3043315D78ECD84502B16
                                                                                                                                                                        SHA-256:F6259A9B9C284EE5916447DD9D0BA051C2908C9D3662D42D8BBE6CE6D65A37DE
                                                                                                                                                                        SHA-512:7E03538DD8E798D0E808A8FC6E149E83DE9F8404E839900F6C9535DA6AAC8EF4D5C31044E547DDE34DCECE1255FAB9A9255FA069A99FCB08E49785D812B3887C
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Antivirus:
                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...)<#d.........."!......M.........`<C.......................................f...........@A..........................^.....r._.d.....b.......................b.t...,0^....................../^.....P.N..............._.8....^.@....................text...J.M.......M................. ..`.rdata..<.....N.......M.............@..@.data...<....._..(...._.............@....00cfg.......pb.......a.............@..@.tls..........b.......a.............@....rsrc.........b.......a.............@..@.reloc..t.....b.......a.............@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\locales\af.pak

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\Desktop\ShadowFury.exe
                                                                                                                                                                        File Type:data
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):377708
                                                                                                                                                                        Entropy (8bit):5.4079285675542845
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:6144:ebGJWQdLX/Wi6fR9a5DhZ2FQPnUGSBhjA636Zi2Jyn9Ybt5KXpgmLwSVxJsVxSjf:6GJW2bOi6fRmZ2OPnUThjA636Zi2Jynd
                                                                                                                                                                        MD5:7E51349EDC7E6AED122BFA00970FAB80
                                                                                                                                                                        SHA1:EB6DF68501ECCE2090E1AF5837B5F15AC3A775EB
                                                                                                                                                                        SHA-256:F528E698B164283872F76DF2233A47D7D41E1ABA980CE39F6B078E577FD14C97
                                                                                                                                                                        SHA-512:69DA19053EB95EEF7AB2A2D3F52CA765777BDF976E5862E8CEBBAA1D1CE84A7743F50695A3E82A296B2F610475ABB256844B6B9EB7A23A60B4A9FC4EAE40346D
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:........E...h.....i.....j.....k.....l.....n."...o.'...p.4...r.:...s.K...t.T...v.i...w.v...y.|...z.....|.....}.....................................................................................-.....>.....E.....N.....g.....p.....{...................................................../.....?.....K.....X.....y...........................................................<.....R.....W.....].....l.....y.....}.....................................................+.....9.....A.....I.....P.....U.....c.....s...............................................%.....J.....d.....m.....y...........................................................+.....2.....5.....6.....B.....L.....V.....].....g.............................O.....^.....k.................................................................".....5.....Q.....z....................................... .....".....%.....(.$...*.D...+.G...,.e........./.....0.....1.....3.....4.....5.....6.D...7.U...8.j...9.y...<.....=.....>.....?.....@.....A.....C.$...D.+.

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\locales\am.pak

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\Desktop\ShadowFury.exe
                                                                                                                                                                        File Type:data
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):613642
                                                                                                                                                                        Entropy (8bit):4.894733266944232
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:12288:b3pIuPzq8xSTwO8sgjZz5E9VJAVtnuviQix30jH8+I:b3plq8xLO8zjZz5E9VJAVtSiQO
                                                                                                                                                                        MD5:2009647C3E7AED2C4C6577EE4C546E19
                                                                                                                                                                        SHA1:E2BBACF95EC3695DAAE34835A8095F19A782CBCF
                                                                                                                                                                        SHA-256:6D61E5189438F3728F082AD6F694060D7EE8E571DF71240DFD5B77045A62954E
                                                                                                                                                                        SHA-512:996474D73191F2D550C516ED7526C9E2828E2853FCFBE87CA69D8B1242EB0DEDF04030BBCA3E93236BBD967D39DE7F9477C73753AF263816FAF7D4371F363BA3
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:........W...h.....i.....j.'...k.6...l.A...n.I...o.N...p.[...r.a...s.r...t.{...v.....w.....y.....z.....|.....}.........................................................................7.....S.....i.........................................L.....k.....m.....q...................................1.....A.....`.............................".....4.....=.....\.....~...................................5.....Q.....W.....Z.....i.............................K.....z.....................................................8.....G.....`.............................".........................................>.....A.....s.............................@.....G.....J.....K.....W.....`.....|.......................<............................./.....g.....w...............................................3.......................E.....j.....p.....x..................... .....".....%.6...(.c...*.....+.....,.........../.....0.....1.]...3.y...4.....5.....6.K...7.s...8.....9.....;.....<.....=.....>.?...?.I...@.i...A.....C...

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\locales\ar.pak

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\Desktop\ShadowFury.exe
                                                                                                                                                                        File Type:data
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):671738
                                                                                                                                                                        Entropy (8bit):4.903433286644294
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:12288:gjptqBycpX8vYULIrmhkH+P5NNb++YTzgpPMgSENeX:BB2um5S++
                                                                                                                                                                        MD5:47A6D10B4112509852D4794229C0A03B
                                                                                                                                                                        SHA1:2FB49A0B07FBDF8D4CE51A7B5A7F711F47A34951
                                                                                                                                                                        SHA-256:857FE3AB766B60A8D82B7B6043137E3A7D9F5CFB8DDD942316452838C67D0495
                                                                                                                                                                        SHA-512:5F5B280261195B8894EFAE9DF2BECE41C6C6A72199D65BA633C30D50A579F95FA04916A30DB77831F517B22449196D364D6F70D10D6C5B435814184B3BCF1667
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:........*...h.....i.....j.....k.....l.....n.....o.....p.....r.....s.....t.!...v.6...w.C...y.I...z.X...|.^...}.p.....x.....}.................................................................'.....^.....n...................................'.....*...........V.....x.........................................G.....].....p...............................................o...................................................../.....Q.....s.......................(....._.....i.....q.....x.............................#.....:.....m.......................).....Z.....k.........................................$.....?.....U.....k...........................................................p.................7.....L.....h.......................!.....1.....9.....E.....g.......................&.....Z............................................. .'...".D...%.x...(.....*.....+.....,.6.....M.../.~...0.....1.....3.....4.....5.,...6.....7.....8.....9.....;.....<.:...=.P...>.....?.....@.....A.....C.....D.....E.!...F._.

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\locales\bg.pak

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\Desktop\ShadowFury.exe
                                                                                                                                                                        File Type:data
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):701716
                                                                                                                                                                        Entropy (8bit):4.66095894344634
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:12288:7Od6KqVw2iILlY+dAs1aQUfjoaVV4FH2mFxvx35uKN3CuKb7szmV2Jfu64K+z5jG:KsKqJi6lY+dAs1aQU7yZx35uK4XQzQI9
                                                                                                                                                                        MD5:A19269683A6347E07C55325B9ECC03A4
                                                                                                                                                                        SHA1:D42989DAF1C11FCFFF0978A4FB18F55EC71630EC
                                                                                                                                                                        SHA-256:AD65351A240205E881EF5C4CF30AD1BC6B6E04414343583597086B62D48D8A24
                                                                                                                                                                        SHA-512:1660E487DF3F3F4EC1CEA81C73DCA0AB86AAF121252FBD54C7AC091A43D60E1AFD08535B082EFD7387C12616672E78AA52DDDFCA01F833ABEF244284482F2C76
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:........P...h.....i.....j.....k.%...l.0...n.8...o.=...p.J...r.P...s.a...t.j...v.....w.....y.....z.....|.....}.........................................................................F.....h...............................................[.........................................#.....Q.....x...................................[.........................................T...............................................'.....U......................./.....c...............................................>.....s.............................4.....^................. .....9.....V.....l...................................\...............................................&.....B.....S.....v...............................................O.....r...................................0.......................9.....z.......................-.....[............... .....".....%.....(.E...*.q...+.t...,.........../.....0.....1.....3.....4.....5.....6.....7.....8.....9.....;.3...<.G...=._...>.....?.....@.....A.....C.F.

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\locales\bn.pak

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\Desktop\ShadowFury.exe
                                                                                                                                                                        File Type:data
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):904943
                                                                                                                                                                        Entropy (8bit):4.273773274227575
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:1536:wqf22AwWk+ADszaaH0PaMadiMNKVbVtQW01jilDouMGsW2uMBVr+9RU4yVS5PMxq:1zW/AMfafVoCp8YbkJBbdJ2DB5y0XlRB
                                                                                                                                                                        MD5:5CDD07FA357C846771058C2DB67EB13B
                                                                                                                                                                        SHA1:DEB87FC5C13DA03BE86F67526C44F144CC65F6F6
                                                                                                                                                                        SHA-256:01C830B0007B8CE6ACA46E26D812947C3DF818927B826F7D8C5FFD0008A32384
                                                                                                                                                                        SHA-512:2AC29A3AA3278BD9A8FE1BA28E87941F719B14FBF8B52E0B7DC9D66603C9C147B9496BF7BE4D9E3AA0231C024694EF102DCC094C80C42BE5D68D3894C488098C
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:........K...h.....i.....j.....k.$...l./...n.7...o.=...p.J...r.P...s.a...t.j...v.....w.....y.....z.....|.....}.............................................................................................................7.....a.......................".....$.....(.....P.......................+.....T.....p.......................H...................................M.....c...........5.....D....._.........................................A.....z.................B.......................................................................H.....a.....s.........................................B.....g.............................3.....W.....{...............................................>...........j...................................6.....R.........................................g...........9.....u...........V...................................8... .M...".....%.....(. ...*.\...,._........./.....0.....1.`...3.....4.....5.....6.....7.....8.E...9.d...;.....<.....=.....>."...?.5...@.j...A.....C.3...D.S.

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\locales\ca.pak

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\Desktop\ShadowFury.exe
                                                                                                                                                                        File Type:data
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):426906
                                                                                                                                                                        Entropy (8bit):5.400864409916039
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:12288:+XnGrijIs3cSlFEYLCJBB43nbhjJSwmrwiwWzM1ldLbpuQ16BtryBBwIle3nei3X:iNV4ossMNu51hnW5CptA
                                                                                                                                                                        MD5:D259469E94F2ADF54380195555154518
                                                                                                                                                                        SHA1:D69060BBE8E765CA4DC1F7D7C04C3C53C44B8AB5
                                                                                                                                                                        SHA-256:F98B7442BEFC285398A5DD6A96740CBA31D2F5AADADD4D5551A05712D693029B
                                                                                                                                                                        SHA-512:D0BD0201ACF4F7DAA84E89AA484A3DEC7B6A942C3115486716593213BE548657AD702EF2BC1D3D95A4A56B0F6E7C33D5375F41D6A863E4CE528F2BD6A318240E
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:........N...h.....i.....j.....k.!...l.,...n.4...o.9...p.F...r.L...s.]...t.f...v.{...w.....y.....z.....|.....}...............................................................................6.....O.....o.....|.....................................................2.....J.....j.....q...........................................................1.....;.....M.....].......................................................................D.....i.................................................................+.....2.....?.....u.........................................".....5.....F.....b.....e.....}.............................................................................&.....h......................./.....P.....s.....................................................4.....P.....|...............................................:.....F... .Q...".g...%.....(.....*.....+.....,.........../.-...0.2...1.h...3.x...4.....5.....6.....7.....8.....9.(...;.6...<.D...=.R...>.l...?.v...@.....A.....C.....D.....E...

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\locales\cs.pak

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\Desktop\ShadowFury.exe
                                                                                                                                                                        File Type:data
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):436202
                                                                                                                                                                        Entropy (8bit):5.843819816549512
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:6144:U4ftEfqE2jv7ShUjBA59wjd558YAGKND9Gto8QV:U41HE2jjShqywjd558YAbNDcI
                                                                                                                                                                        MD5:04A680847C4A66AD9F0A88FB9FB1FC7B
                                                                                                                                                                        SHA1:2AFCDF4234A9644FB128B70182F5A3DF1EE05BE1
                                                                                                                                                                        SHA-256:1CC44C5FBE1C0525DF37C5B6267A677F79C9671F86EDA75B6FC13ABF5D5356EB
                                                                                                                                                                        SHA-512:3A8A409A3C34149A977DEA8A4CB0E0822281AED2B0A75B02479C95109D7D51F6FB2C2772CCF1486CA4296A0AC2212094098F5CE6A1265FA6A7EB941C0CFEF83E
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:......../...h.....i.....j.....k.....l.....n.....o.....p.....r.....s.....t.(...v.=...w.J...y.P...z._...|.e...}.w.........................................................................................#.....,.....9.....V.....d.........................................!.....?.....L.....X.....d.....o.....................................................".....4.....E.....{.......................................................................8.....O.....d.....{.................................................................H.....Z.....h.....................................................9.....<.....J.....X.....h.....w.................................................................!.....p.......................".....>.....s.....................................................&.....N.....n.........................................+.....5... .=...".N...%.u...(.....*.....+.....,.........../.....0.....1.H...3.V...4.s...5.....6.....7.....8.....9.....<."...=.,...>.A...?.I...@.[...A.....C.....D...

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\locales\da.pak

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\Desktop\ShadowFury.exe
                                                                                                                                                                        File Type:data
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):396104
                                                                                                                                                                        Entropy (8bit):5.454826678090317
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:6144:Q3rSn4RJ28687mlwlGXaJwZkqEb1Phv6VP5yarXGzOJixhd4/TWwS:eND/xqkqEO5nrFTq
                                                                                                                                                                        MD5:1A53D374B9C37F795A462AAC7A3F118F
                                                                                                                                                                        SHA1:154BE9CF05042ECED098A20FF52FA174798E1FEA
                                                                                                                                                                        SHA-256:D0C38EB889EE27D81183A0535762D8EF314F0FDEB90CCCA9176A0CE9AB09B820
                                                                                                                                                                        SHA-512:395279C9246BD30A0E45D775D9F9C36353BD11D9463282661C2ABD876BDB53BE9C9B617BB0C2186592CD154E9353EA39E3FEED6B21A07B6850AB8ECD57E1ED29
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:........[...h.....i.)...j.5...k.D...l.O...n.W...o.\...p.i...r.o...s.....t.....v.....w.....y.....z.....|.....}.........................................................................?.....M.....].....q.....y...........................................................4.....K.....R.....].....m.....t...........................................................5.....F.....u.............................................................................9.....T.....m.....w.....z................................................................./.....E.....k.............................................................................+.....2.....5.....6.....=.....F.....L.....S.....^.............................X.....n.......................................................................F.....[................................................... .....".....%.,...(.T...*.....+.....,.........../.....0.....1.....3.....4.%...5.=...6.o...7.....8.....9.....;.....<.....=.....>.....?.....@.....A.%...C.B...D.L.

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\locales\de.pak

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\Desktop\ShadowFury.exe
                                                                                                                                                                        File Type:data
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):424277
                                                                                                                                                                        Entropy (8bit):5.503137231857292
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:6144:TFigju3qg4wajEzUKnYm31SOmhqYl51gHNiOIkCJD:TFiecqg1aqHSOu599kCJD
                                                                                                                                                                        MD5:8E6654B89ED4C1DC02E1E2D06764805A
                                                                                                                                                                        SHA1:FF660BC85BB4A0FA3B2637050D2B2D1AECC37AD8
                                                                                                                                                                        SHA-256:61CBCE9A31858DDF70CC9B0C05FB09CE7032BFB8368A77533521722465C57475
                                                                                                                                                                        SHA-512:5AC71EDA16F07F3F2B939891EDA2969C443440350FD88AB3A9B3180B8B1A3ECB11E79E752CF201F21B3DBFBA00BCC2E4F796F347E6137A165C081E86D970EE61
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:............h.V...i.g...j.s...k.....l.....n.....o.....p.....r.....s.....t.....v.....w.....y.....z.....|.....}.............#.....+.....3.....;.....B.....I.....P.....Q.....R.....T...........................................................$.....:.....<.....@.....h.....}.....................................................-.....Q.....d.....j.....s...............................................4.....K.....O.....R.....[.....t...................................D.....Q.....[.....c.....j.....p.....}...............................................0.....d.................................................................6.....O.....i.....p.....s.....t.....~...................................=...................................6.....?.....Q.....[.....h.....m.....r...................................(.....Y.....u.....{........................... .....".....%.....(.....*./...+.2...,.P.....a.../.w...0.....1.....3.....4.....5.....6.A...7.U...8.i...9.w...;.....<.....=.....>.....?.....@.....A.....C.....D.%.

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\locales\el.pak

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\Desktop\ShadowFury.exe
                                                                                                                                                                        File Type:data
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):769050
                                                                                                                                                                        Entropy (8bit):4.75072843480339
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:12288:H/58dBquNw2202pgtZSWjZ4LIbsJvaP5A3HKQiEQBR07391qf2utKMaBlS9WffFR:H8BquNw2202pgtsWjyLrJvaRA3HtiEQG
                                                                                                                                                                        MD5:9528D21E8A3F5BAD7CA273999012EBE8
                                                                                                                                                                        SHA1:58CD673CE472F3F2F961CF8B69B0C8B8C01D457C
                                                                                                                                                                        SHA-256:E79C1E7A47250D88581E8E3BAF78DCAF31FE660B74A1E015BE0F4BAFDFD63E12
                                                                                                                                                                        SHA-512:165822C49CE0BDB82F3C3221E6725DAC70F53CFDAD722407A508FA29605BC669FB5E5070F825F02D830E0487B28925644438305372A366A3D60B55DA039633D7
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:........M...h.....i.....j.....k.....l.(...n.0...o.5...p.B...r.H...s.Y...t.b...v.w...w.....y.....z.....|.....}.........................................................................P.....w.............................B.....N.....Z...................................+.....x...................................h.....y.............................&.....C.....a.................,.....4.....H.....o...................................!.....M.................8...............................................1....._.....w.................!.....2.....q.................J.....a.........................................,.....O.....|.........................................!.....3.....F.....^.......................,.................<.............................(.....;.....I.......................M.................T.................................../... .B...".e...%.....(.....*.7...+.:...,.X........./.....0.....1.m...3.....4.....5.#...6.....7.....8.....9. ...;.a...<.w...=.....>.....?.....@.....A.B...C...

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\locales\en-GB.pak

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\Desktop\ShadowFury.exe
                                                                                                                                                                        File Type:data
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):344606
                                                                                                                                                                        Entropy (8bit):5.5169703217013675
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:6144:80kjE55JcUnMP9egFXwqfaYnT9Xa5alSeBNdg:80kQJZnM1XwWT05YScg
                                                                                                                                                                        MD5:D59E613E8F17BDAFD00E0E31E1520D1F
                                                                                                                                                                        SHA1:529017D57C4EFED1D768AB52E5A2BC929FDFB97C
                                                                                                                                                                        SHA-256:90E585F101CF0BB77091A9A9A28812694CEE708421CE4908302BBD1BC24AC6FD
                                                                                                                                                                        SHA-512:29FF3D42E5D0229F3F17BC0ED6576C147D5C61CE2BD9A2E658A222B75D993230DE3CE35CA6B06F5AFA9EA44CFC67817A30A87F4FAF8DC3A5C883B6EE30F87210
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:..........h.h.....i.....j.....k.....l.....n.....o.....p.....r.....s.....t.(...v.=...w.J...y.P...z._...|.e...}.w...........................................................................................................3.....;.....E.....c.....t.....v.....z...........................................................+.....:.....T.....g.....k.....q...................................................................................,.....:.....S.....h.....{.......................................................................+.....5.....A.....X.....h.................................................................(.....=.....R.....f.....m.....p.....q.....x..................................................... .....P.....].....h.......................................................................-.....D.....l....................................... .....".....%.....(.....*.....+.....,./.....@.../.N...0.W...1.....3.....4.....5.....6.....7.....8.....9.(...;.9...<.A...=.L...>.a...?.i...@.x...A...

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\locales\en-US.pak

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\Desktop\ShadowFury.exe
                                                                                                                                                                        File Type:data
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):347111
                                                                                                                                                                        Entropy (8bit):5.508989875739037
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:6144:xiLqIY2MuZYLMMP9ecGmM8faYdY4K55TiSbn8vMwS:xiLqIp34MM+mM0Y55eSKMwS
                                                                                                                                                                        MD5:5E3813E616A101E4A169B05F40879A62
                                                                                                                                                                        SHA1:615E4D94F69625DDA81DFAEC7F14E9EE320A2884
                                                                                                                                                                        SHA-256:4D207C5C202C19C4DACA3FDDB2AE4F747F943A8FAF86A947EEF580E2F2AEE687
                                                                                                                                                                        SHA-512:764A271A9CFB674CCE41EE7AED0AD75F640CE869EFD3C865D1B2D046C9638F4E8D9863A386EBA098F5DCEDD20EA98BAD8BCA158B68EB4BDD606D683F31227594
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:..........:.h.....i.....j.*...k.9...l.D...n.L...o.Q...p.^...r.d...s.u...t.~...v.....w.....y.....z.....|.....}.........................................................................6.....C.....R.....b.....i.....r.................................................................#...........>.....E.....Q.....l.....~.................................................................2.....:.....F.....S.....W.....Z.....`.....p...................................................................................:.....A.....P...........................................................'.....5.....H.....K.....\.....l.....|...................................................................................E.....m.....t.......................................................................0.....I.....m......................................................... .....".....%.3...(.J...*.c...+.f...,.........../.....0.....1.....3.....4.....5.....6.J...7.Z...8.o...9.|...;.....<.....=.....>.....?.....@.....A...

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\locales\es-419.pak

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\Desktop\ShadowFury.exe
                                                                                                                                                                        File Type:data
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):421147
                                                                                                                                                                        Entropy (8bit):5.3798866108688905
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:3072:34e5fql0vt1s9zjzVMY/6+yN9d8piKkGp2Ioiw/QbuOXV5blUB0GLF96RRIHKxgY:34e5Sktm92Yfhpjq+5wLF96oSdc4
                                                                                                                                                                        MD5:7F6696CC1E71F84D9EC24E9DC7BD6345
                                                                                                                                                                        SHA1:36C1C44404EE48FC742B79173F2C7699E1E0301F
                                                                                                                                                                        SHA-256:D1F17508F3A0106848C48A240D49A943130B14BD0FEB5ED7AE89605C7B7017D1
                                                                                                                                                                        SHA-512:B226F94F00978F87B7915004A13CDBD23DE2401A8AFAA2517498538967DF89B735F8ECC46870C92E3022CAC795218A60AD2B8FFF1EFAD9FEEA4EC193704A568A
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:........b...h.&...i./...j.;...k.J...l.U...n.]...o.b...p.o...r.u...s.....t.....v.....w.....y.....z.....|.....}.........................................................................B.....T.....c.....x.................................................................I.....c.....k.....y............................................... .....%.....-.....?.....c.....t...........................................................2.....M.....d...............................................#.....6.....E.....W.....o.....w.........................................B.....N.....a.....m...........................................................$.....'.....(.....1.....:.....C.....J.....[.................2.....:.........................................+.....6.....?.....D.....]...................................@.....Y....._.....g.....u............... .....".....%.....(.....*.....+.....,.<.....b.../.....0.....1.....3.....4.....5.....6.[...7.m...8.....9.....;.....<.....=.....>.....?.....@.....A.1...C.X...D.b.

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\locales\es.pak

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\Desktop\ShadowFury.exe
                                                                                                                                                                        File Type:data
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):421332
                                                                                                                                                                        Entropy (8bit):5.349883254359391
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:6144:fILAyMcQXU0+/3IgsC5pN+v6Idj3J5Orj7FQoz7L66PZqS:ALAyNQCsupUv6gj3J5OrmoznGS
                                                                                                                                                                        MD5:A36992D320A88002697DA97CD6A4F251
                                                                                                                                                                        SHA1:C1F88F391A40CCF2B8A7B5689320C63D6D42935F
                                                                                                                                                                        SHA-256:C5566B661675B613D69A507CBF98768BC6305B80E6893DC59651A4BE4263F39D
                                                                                                                                                                        SHA-512:9719709229A4E8F63247B3EFE004ECFEB5127F5A885234A5F78EE2B368F9E6C44EB68A071E26086E02AA0E61798B7E7B9311D35725D3409FFC0E740F3AA3B9B5
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:........Z...h.....i.....j.*...k.9...l.D...n.L...o.Q...p.^...r.d...s.u...t.~...v.....w.....y.....z.....|.....}.........................................................................:.....M.....].....r...........................................................(.....G.....a.....i.....w.....................................................!.....).....;.....N....._.................................................................3.....S.....}............................................... .....-.....>.....V.....^.....o...................................5.....@.....J.....V.....h.............................................................................'.....0.....7.....H.................3.....;.........................................+.....6.....B.....G....._.........................................G.....M.....U.....c............... .....".....%.....(.....*.....+.....,.).....C.../.]...0.d...1.....3.....4.....5.....6.6...7.G...8.\...9.n...;.....<.....=.....>.....?.....@.....A.....C.1...D.;.

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\locales\et.pak

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\Desktop\ShadowFury.exe
                                                                                                                                                                        File Type:data
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):380687
                                                                                                                                                                        Entropy (8bit):5.464870724176939
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:6144:2Mg++J/xRN0JLnrC4HFJbT/RauiQ/G5LjR43f7LQkPQW:2MmJnq7DG5LjQ
                                                                                                                                                                        MD5:A94E1775F91EA8622F82AE5AB5BA6765
                                                                                                                                                                        SHA1:FF17ACCDD83AC7FCC630E9141E9114DA7DE16FDB
                                                                                                                                                                        SHA-256:1606B94AEF97047863481928624214B7E0EC2F1E34EC48A117965B928E009163
                                                                                                                                                                        SHA-512:A2575D2BD50494310E8EF9C77D6C1749420DFBE17A91D724984DF025C47601976AF7D971ECAE988C99723D53F240E1A6B3B7650A17F3B845E3DAEEFAAF9FE9B9
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:........m...h.<...i.M...j.Y...k.h...l.s...n.{...o.....p.....r.....s.....t.....v.....w.....y.....z.....|.....}...............................!.....(...../.....6.....7.....8.....:.....l.....|...............................................,.....B.....D.....H.....p.................................................................5.....B.....H.....P.....^.....m.....v.......................................................................-.....F.....Z.....o.......................................................................0.....=.....W.....e.................................................................-.....B.....V.....m.....t.....w.....x...............................................U.....[...............................................$.....).....,.....<.....b.....x.........................................$.....6.....O.....Z... .d...".w...%.....(.....*.....+.....,....... .../.8...0.E...1.n...3.y...4.....5.....6.....7.....8.....9.+...;.>...<.K...=.T...>.g...?.o...@.~...A.....C.....D...

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\locales\fa.pak

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\Desktop\ShadowFury.exe
                                                                                                                                                                        File Type:data
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):622184
                                                                                                                                                                        Entropy (8bit):5.029655615738747
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:12288:Kxw5iX9nuyaXTfwHxwNUWGOGfStQEvy1zeItDmNtua/1wMTAKzIxRAQiHedNu36/:Kxw5YuyaXTfwRwNUWGOGfStQEvy1zeIR
                                                                                                                                                                        MD5:9D273AF70EAFD1B5D41F157DBFB94FDC
                                                                                                                                                                        SHA1:DA98BDE34B59976D4514FF518BD977A713EA4F2E
                                                                                                                                                                        SHA-256:319D1E20150D4E3F496309BA82FCE850E91378EE4B0C7119A003A510B14F878B
                                                                                                                                                                        SHA-512:0A892071BEA92CC7F1A914654BC4F9DA6B9C08E3CB29BB41E9094F6120DDC7A08A257C0D2B475C98E7CDCF604830E582CF2A538CC184056207F196FFC43F29AD
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:............h.z...i.....j.....k.....l.....n.....o.....p.....r.....s.....t.....v.....w.....y.....z.....|."...}.4.....<.....A.....I.....Q.....Y.....`.....g.....n.....p.....u.............................,.....5.....].....k.....u...................................A.....p.....v...................................E.....`.........................................T.....y.....................................................8.....W.......................+.....F.....N.....V.....].....g.....x.............................+.....B....._.............................3.....B.....\.....r.........................................-.....J.....Q.....T.....e.....v.....................................................s............................./.....7.....J.....V.....b.......................$.....J.....w...................................G.....Z... .m...".....%.....(.....*.(...+.+...,.I.....m.../.....0.....1.....3.....4.+...5._...6.....7.....8.....9.G...;.W...<.i...=.}...>.....?.....@.....A.....C.V...D.}...E...

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\locales\fi.pak

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\Desktop\ShadowFury.exe
                                                                                                                                                                        File Type:data
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):389118
                                                                                                                                                                        Entropy (8bit):5.427253181023048
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:6144:nEbM+RtZ9eC6cMkohGZxGseSFOE/xaWEkLl5W5ucHiEi18OWUcrOShPGNgX1wL2:V+/upPgZxaS5W5xHiEi18OWUsU2
                                                                                                                                                                        MD5:D4B776267EFEBDCB279162C213F3DB22
                                                                                                                                                                        SHA1:7236108AF9E293C8341C17539AA3F0751000860A
                                                                                                                                                                        SHA-256:297E3647EAF9B3B95CF833D88239919E371E74CC345A2E48A5033EBE477CD54E
                                                                                                                                                                        SHA-512:1DC7D966D12E0104AACB300FD4E94A88587A347DB35AD2327A046EF833FB354FD9CBE31720B6476DB6C01CFCB90B4B98CE3CD995E816210B1438A13006624E8F
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:............h.....i.....j.....k.....l.....n.....o.....p.....r.....s.....t.....v.....w.....y.....z.(...|.....}.@.....H.....M.....U.....].....e.....l.....s.....z.....{.....|...........................................................$....._.....x.....z.....~.....................................................7.....E.....R.....f.....v.....|...........................................................".....,.....2.....Q.....j.................................................................&.....3.....H.....N.....V...............................................!.....-.....>.....O.....R.....`.....r.............................................................................9.............................,.....?.....h.....w...........................................................5.....X............................................. .....".....%.....(.3...*.S...+.V...,.t........./.....0.....1.....3.....4.....5.6...6.p...7.....8.....9.....;.....<.....=.....>.....?.#...@.B...A.z...C.....D.....E...

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\locales\fil.pak

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\Desktop\ShadowFury.exe
                                                                                                                                                                        File Type:data
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):438088
                                                                                                                                                                        Entropy (8bit):5.195613019166525
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:6144:2zHaVyEDQV5aZrU+5xeuhGjZ3ZmA58Pm+7JATvy8:2zNMdU4XA5Imb
                                                                                                                                                                        MD5:3165351C55E3408EAA7B661FA9DC8924
                                                                                                                                                                        SHA1:181BEE2A96D2F43D740B865F7E39A1BA06E2CA2B
                                                                                                                                                                        SHA-256:2630A9D5912C8EF023154C6A6FB5C56FAF610E1E960AF66ABEF533AF19B90CAA
                                                                                                                                                                        SHA-512:3B1944EA3CFCBE98D4CE390EA3A8FF1F6730EB8054E282869308EFE91A9DDCD118290568C1FC83BD80E8951C4E70A451E984C27B400F2BDE8053EA25B9620655
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:..........].h.....i.....j.....k.....l.....n.....o.....p.&...r.,...s.=...t.F...v.[...w.h...y.n...z.}...|.....}...........................................................................................5.....<.....E.....d.....l.....y...................................................../.....E.....O.....^.....................................................".....8.......................................................................%.....J.....d.....~.................................................................+.....h.....q.....}...................................&.....4.....I.....o.....r................................................................. .....*.....5.....>.....O.................(.....0.................................................................,.....R.....l.............................6.....=.....H.....Y............... .....".....%.....(.....*.....+.....,.*.....B.../.W...0.`...1.....3.....4.....5.....6.....7.3...8.O...9.d...;.}...<.....=.....>.....?.....@.....A...

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\locales\fr.pak

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\Desktop\ShadowFury.exe
                                                                                                                                                                        File Type:data
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):454982
                                                                                                                                                                        Entropy (8bit):5.385096169417585
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:12288:07bju28t6QuagV1ZztzYpZ4MYnYM/LDBW5Mx0q20wCbKZL3wfzkCh1f/5FEs6rYr:6JVzbf55Z
                                                                                                                                                                        MD5:0BF28AFF31E8887E27C4CD96D3069816
                                                                                                                                                                        SHA1:B5313CF6B5FBCE7E97E32727A3FAE58B0F2F5E97
                                                                                                                                                                        SHA-256:2E1D413442DEF9CAE2D93612E3FD04F3AFAF3DD61E4ED7F86400D320AF5500C2
                                                                                                                                                                        SHA-512:95172B3B1153B31FCEB4B53681635A881457723CD1000562463D2F24712267B209B3588C085B89C985476C82D9C27319CB6378619889379DA4FAE1595CB11992
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:........>...h.....i.....j.....k.....l.....n.....o."...p./...r.5...s.F...t.O...v.d...w.q...y.w...z.....|.....}...........................................................................................1.....<.....E.....g.....s.....{.....................................................+.....<.....I.....W..............................................."...........j.......................................................................,.....M.....p.......................................................................T.....b.....l.........................................+.....:.....R.....U.....l...................................................................................[.......................$.....9.....N.................................................................X.........................................$.....E.....O... .[...".t...%.....(.....*.....+.....,.........../.#...0.1...1.n...3.....4.....5.....6.....7.....8.4...9.J...;.]...<.k...=.}...>.....?.....@.....A.....C.(...D.:.

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\locales\gu.pak

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\Desktop\ShadowFury.exe
                                                                                                                                                                        File Type:data
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):879149
                                                                                                                                                                        Entropy (8bit):4.32399215971305
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:3072:Xz2UMY57hmdUoITsKMaWZKerbtsMhmksd4M+0+z20QmuOAl5VpvoxWnhygfZw/gQ:D2UMY57h9w4MSbsp5cLhdKE8
                                                                                                                                                                        MD5:7B5F52F72D3A93F76337D5CF3168EBD1
                                                                                                                                                                        SHA1:00D444B5A7F73F566E98ABADF867E6BB27433091
                                                                                                                                                                        SHA-256:798EA5D88A57D1D78FA518BF35C5098CBEB1453D2CB02EF98CD26CF85D927707
                                                                                                                                                                        SHA-512:10C6F4FAAB8CCB930228C1D9302472D0752BE19AF068EC5917249675B40F22AB24C3E29EC3264062826113B966C401046CFF70D91E7E05D8AADCC0B4E07FEC9B
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:........N...h.....i.....j.$...k.3...l.>...n.F...o.K...p.X...r.^...s.o...t.x...v.....w.....y.....z.....|.....}.............................................................................................................T.....l.................'.....).....5.....].......................4.....S.....i.............................l.................................................................'.....k.....t.....w.............................a.................;.....[.....n.....v.....}.......................+.....:.....f.......................X.....y...........].....s...................................6.....X.....w...............................................-.....L.....c....................... .....B.................Q.............................3.....?.....K.....}...................................o.............................3.....[... .a...".....%.....(.....*.g...+.j...,.........../.....0.....1.~...3.....4.....5.....6.[...7.....8.....9.....;.Q...<.h...=.....>.....?.....@.....A.D...C...

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\locales\he.pak

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\Desktop\ShadowFury.exe
                                                                                                                                                                        File Type:data
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):544193
                                                                                                                                                                        Entropy (8bit):4.6265566170608325
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:12288:DczykRrlOUmTU2/S9iyBZ60DAf1X2VeQCap4M52QoLpMzu5flmd9DnwWHQgZ:+F55VoQ
                                                                                                                                                                        MD5:6D787DC113ADFB6A539674AF7D6195DB
                                                                                                                                                                        SHA1:F966461049D54C61CDD1E48EF1EA0D3330177768
                                                                                                                                                                        SHA-256:A976FAD1CC4EB29709018C5FFCC310793A7CEB2E69C806454717CCAE9CBC4D21
                                                                                                                                                                        SHA-512:6748DAD2813FC544B50DDEA0481B5ACE3EB5055FB2D985CA357403D3B799618D051051B560C4151492928D6D40FCE9BB33B167217C020BDCC3ED4CAE58F6B676
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:........)...h.....i.....j.....k.....l.....n.....o.....p.....r.....s.....t.%...v.:...w.G...y.M...z.\...|.b...}.t.....|.............................................................................2.....K.....^.....w.....................................................4.....O.....f.....y.............................%.....:....._.....r.....z...................................9.....A.....K.....g...............................................C.....m............................................... .....<.....d.....n...................................2.....}...................................!.....$.....7.....N.....a.....y................................................................._.........../.....9.............................".....:.....@.....L.....].....e.............................$....._............................................. .1...".L...%.}...(.....*.....+.....,.........../.....0.....1.W...3.l...4.....5.....6.....7.....8.1...9.E...;.Z...<.t...=.....>.....?.....@.....A.B...C.u.

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\locales\hi.pak

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\Desktop\ShadowFury.exe
                                                                                                                                                                        File Type:data
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):921748
                                                                                                                                                                        Entropy (8bit):4.3093889077968495
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:3072:zGFGsUtYgPLdROwJgdkFSvf4QAEm5dmGhsYK/GR3TX4/NMdpqdYnLsuFQdXPtg8y:zGEAgT/Zu5J57JtK
                                                                                                                                                                        MD5:1766A05BE4DC634B3321B5B8A142C671
                                                                                                                                                                        SHA1:B959BCADC3724AE28B5FE141F3B497F51D1E28CF
                                                                                                                                                                        SHA-256:0EEE8E751B5B0AF1E226106BEB09477634F9F80774FF30894C0F5A12B925AC35
                                                                                                                                                                        SHA-512:FAEC1D6166133674A56B5E38A68F9E235155CC910B5CCEB3985981B123CC29EDA4CD60B9313AB787EC0A8F73BF715299D9BF068E4D52B766A7AB8808BD146A39
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:........"...h.....i.....j.....k.....l.....n.....o.....p.....r.....s.....t.....v.,...w.9...y.?...z.N...|.T...}.f.....n.....s.....{.....................................................6.....X.....}.............................&.....@...................................%.....S.....y.......................&.............................Z.....j.....................................................2.....n.....w.....z.......................A.................).....o..............................................._.....n.................7.....T...............................................$.....n.....q............................./.....b.....i.....l.....n.........................................R...................................Z.....z...................................5.................q.................\...................................0... .K...".k...%.....(.....*.2...+.5...,.S........./.....0.....1.p...3.....4.....5.....6._...7.....8.....9.....;.^...<.r...=.....>.....?.....@.....A.;...C...

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\locales\hr.pak

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\Desktop\ShadowFury.exe
                                                                                                                                                                        File Type:data
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):423481
                                                                                                                                                                        Entropy (8bit):5.516218200944141
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:3072:yL0fCmEZW/FhjNmvgVRTKBOS+/6ocIG0uPXuyAF6WI6DkYAiKbeM/ogQbn7xjemW:QYCmNLjN3pV5v5tE77ORS
                                                                                                                                                                        MD5:8F9498D18D90477AD24EA01A97370B08
                                                                                                                                                                        SHA1:3868791B549FC7369AB90CD27684F129EBD628BE
                                                                                                                                                                        SHA-256:846943F77A425F3885689DCF12D62951C5B7646E68EADC533B8B5C2A1373F02E
                                                                                                                                                                        SHA-512:3C66A84592DEBE522F26C48B55C04198AD8A16C0DCFA05816825656C76C1C6CCCF5767B009F20ECB77D5A589EE44B0A0011EC197FEC720168A6C72C71EBF77FD
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:........h...h.2...i.C...j.O...k.^...l.i...n.q...o.v...p.....r.....s.....t.....v.....w.....y.....z.....|.....}...........................................%.....,.....-...........0.....Y.....e.....q.................................................................A.....T.....p.....x...........................................................".....*.....8.....G.....X.............................................................................%.....B.....c.......................................................................G.....U.....a.....w.............................................../.....2.....B.....S.....f.....|.................................................................(.....g.............................8.....l.....{.....................................................I.....h................................................... .....".0...%.U...(.r...*.....+.....,.........../.....0.....1.....3.)...4.F...5.d...6.....7.....8.....9.....;.....<.....=.....>.4...?.=...@.N...A.....C...

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\locales\hu.pak

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\Desktop\ShadowFury.exe
                                                                                                                                                                        File Type:data
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):456789
                                                                                                                                                                        Entropy (8bit):5.643595706627357
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:6144:SGAK2lkJ2gSSSfLOAYkky1MV5QgsZfGRAxY62R9PSam7EEOEeLvx5gR4RStG2r2/:pAKWkJ2gSsAkV5QgsiR4747vx5VL/
                                                                                                                                                                        MD5:F5E1CA8A14C75C6F62D4BFF34E27DDB5
                                                                                                                                                                        SHA1:7ABA6BFF18BDC4C477DA603184D74F054805C78F
                                                                                                                                                                        SHA-256:C0043D9FA0B841DA00EC1672D60015804D882D4765A62B6483F2294C3C5B83E0
                                                                                                                                                                        SHA-512:1050F96F4F79F681B3EAF4012EC0E287C5067B75BA7A2CBE89D9B380C07698099B156A0EB2CBC5B8AA336D2DAA98E457B089935B534C4D6636987E7E7E32B169
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:........6...h.....i.....j.....k.....l.....n.....o.....p.....r.#...s.4...t.=...v.R...w._...y.e...z.t...|.z...}.....................................................................................2.....G.....W.....q.....................................................9.....X.....d.....}...............................................0.....5.....;.....N.....^.....s.....................................................-.....G.....d.....z.......................#.....?.....H.....P.....W.....].....l...............................................(.....Q.....x...........................................................;.....`.....u.....|...............................................1.......................b.....w...........................................................K.....l.......................5.....L.....T....._.....w............... .....".....%.....(.....*.8...+.;...,.Y.....j.../.....0.....1.....3.....4.....5.....6.P...7.k...8.....9.....;.....<.....=.....>.....?.....@.....A.0...C.U...D.b.

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\locales\id.pak

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\Desktop\ShadowFury.exe
                                                                                                                                                                        File Type:data
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):373937
                                                                                                                                                                        Entropy (8bit):5.37852966615304
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:6144:Fl9jv1p49ahfjDVnjHFsRmP28Wvr5PdhpvtEDSVsEaOq:FlLpblVnjHFCm+8Sr5Pdhzq
                                                                                                                                                                        MD5:7B39423028DA71B4E776429BB4F27122
                                                                                                                                                                        SHA1:CB052AB5F734D7A74A160594B25F8A71669C38F2
                                                                                                                                                                        SHA-256:3D95C5819F57A0AD06A118A07E0B5D821032EDCF622DF9B10A09DA9AA974885F
                                                                                                                                                                        SHA-512:E40679B01AB14B6C8DFDCE588F3B47BCAFF55DBB1539B343F611B3FCBD1D0E7D8C347A2B928215A629F97E5F68D19C51AF775EC27C6F906CAC131BEAE646CE1A
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:........@...h.....i.....j.....k.....l.....n.!...o.&...p.3...r.9...s.J...t.S...v.h...w.u...y.{...z.....|.....}.................................................................................................5.....=.....T.....[.....e.......................................................................,.....J.....[.....h.............................................................................;.....?.....B.....G.....[.....j.....~.................................................................*.....F.....L.....a.........................................6.....H.....Q.....\.....r.........................................................................................!.....'.....3.....a.........................................C.....M.....Y.....`.....h.....o.....v.........................................>.....Q.....V.....\.....i............... .....".....%.....(.....*.....+.....,.#.....3.../.B...0.F...1.z...3.....4.....5.....6.....7.....8.....9.'...;.5...<.>...=.K...>.`...?.h...@.y...A...

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\locales\it.pak

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\Desktop\ShadowFury.exe
                                                                                                                                                                        File Type:data
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):414412
                                                                                                                                                                        Entropy (8bit):5.287149423624235
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:6144:8cPuDjrpxctogSrqRrhsO11RT9TeexAGTL6+q2WKLV9fLwY+25OM388HrmwGWNBI:8cmDZREZJy8KL1LjAS5ZzoC
                                                                                                                                                                        MD5:D58A43068BF847C7CD6284742C2F7823
                                                                                                                                                                        SHA1:497389765143FAC48AF2BD7F9A309BFE65F59ED9
                                                                                                                                                                        SHA-256:265D8B1BC479AD64FA7A41424C446139205AF8029A2469D558813EDD10727F9C
                                                                                                                                                                        SHA-512:547A1581DDA28C5C1A0231C736070D8A7B53A085A0CE643A4A1510C63A2D4670FF2632E9823CD25AE2C7CDC87FA65883E0A193853890D4415B38056CB730AB54
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:........S...h.....i.....j.%...k.4...l.?...n.G...o.L...p.Y...r._...s.p...t.y...v.....w.....y.....z.....|.....}.........................................................................1.....D.....S.....l.....w.................................................................?.....F.....V.....d.....p.....}...............................................!.....7.....k.............................................................................O.....t.......................................................................>.....L.....Y.....v...........................................................3.....H.....[.....s.................................................................*.....u.............................,.....R.....Z.....n.....w...............................................3.....N............................................. .....".....%.....(.(...*.D...+.G...,.e.....v.../.....0.....1.....3.....4.....5.....6.}...7.....8.....9.....;.....<.....=.....>.....?.....@./...A.]...C.....D...

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\locales\ja.pak

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\Desktop\ShadowFury.exe
                                                                                                                                                                        File Type:data
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):505292
                                                                                                                                                                        Entropy (8bit):5.701779406023226
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:3072:rO2YZ2QUgbjicTver049pUVOT6z4Z72hA/Na4oQPkwaIAOenOIUNH7bbeCcX5RWX:rOpZ2eH/IzSVKo4Z728owPS58HRxVX
                                                                                                                                                                        MD5:D10D536BCD183030BA07FF5C61BF5E3A
                                                                                                                                                                        SHA1:44DD78DBA9F098AC61222EB9647D111AD1608960
                                                                                                                                                                        SHA-256:2A3D3ABC9F80BAD52BD6DA5769901E7B9E9F052B6A58A7CC95CE16C86A3AA85A
                                                                                                                                                                        SHA-512:C67AEDE9DED1100093253E350D6137AB8B2A852BD84B6C82BA1853F792E053CECD0EA0519319498AED5759BEDC66D75516A4F2F7A07696A0CEF24D5F34EF9DD2
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:..........y.h.....i.....j.....k.....l.....m.....o.....p.....v.....w.....y.....z.....|.....}.0.....8.....=.....E.....P.....X.....g.....l.....t.....{...............................................$.....*.....<.....d.....y...................................).....S.....t...............................................'.....H.....c.....i.....x.............................5.....;.....M.....k...............................................E.....u.....................................................+.....R.....^.............................Q.....~...............................................#.....8.....d...........................................................V...........,.....2...................................5.....>.....J.....P.....Y.....t.............................8............................................. .....".....%.I...(.....*.....+.....,.........../.....0.#...1.h...3.....4.....5.....6.....7.4...8.R...9.p...;.....<.....=.....>.....?.....@.....A.E...C.l...D.....E.....F.....G...

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\locales\kn.pak

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\Desktop\ShadowFury.exe
                                                                                                                                                                        File Type:data
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):1012272
                                                                                                                                                                        Entropy (8bit):4.2289205973296395
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:12288:VxaK34cS7yFcH4dr/4g7M5iVUZ+xw+UFV:jf7/K5uUb
                                                                                                                                                                        MD5:C548A5F1FB5753408E44F3F011588594
                                                                                                                                                                        SHA1:E064AB403972036DAD1B35ABE9794E95DBE4CC00
                                                                                                                                                                        SHA-256:890F50A57B862F482D367713201E1E559AC778FC3A36322D1DFBBEF2535DD9CB
                                                                                                                                                                        SHA-512:6975E4BB1A90E0906CF6266F79DA6CC4AE32F72A6141943BCFCF9B33F791E9751A9AAFDE9CA537F33F6BA8E4D697125FBC2EC4FFD3BC35851F406567DAE7E631
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:........m...h.<...i.M...j.Y...k.h...l.s...n.{...o.....p.....r.....s.....t.....v.....w.....y.....z.....|.....}...............................!.....(...../.....6.....7.....8.....=.................=.....}......................./.....A.............................:.......................&.....d.................-.....U.................6.....N.....j.................L.............................4.....C.....F.....d.................4.................e.........................................P.....o...............................................J...........,.....H.....v.................(.....+.....e.......................G.....................................................(...........V...................................H.....`.....................................................c.................e.......................0.....k......... .....".....%._...(.....*.....+.....,.......4.../.l...0.....1.....3.7...4.....5.....6.U...7.....8.....9.....;.O...<.l...=.....>.....?.....@.....A.....C.....D...

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\locales\ko.pak

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\Desktop\ShadowFury.exe
                                                                                                                                                                        File Type:data
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):425545
                                                                                                                                                                        Entropy (8bit):6.081959799252044
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:12288:4Y3l9B6CI1zt8OhrJRFJCqM5T718I8Mtmq7hUoBAA:aZJo5D8GAA
                                                                                                                                                                        MD5:B4FBFF56E4974A7283D564C6FC0365BE
                                                                                                                                                                        SHA1:DE68BD097DEF66D63D5FF04046F3357B7B0E23AC
                                                                                                                                                                        SHA-256:8C9ACDE13EDCD40D5B6EB38AD179CC27AA3677252A9CD47990EBA38AD42833E5
                                                                                                                                                                        SHA-512:0698AA058561BB5A8FE565BB0BEC21548E246DBB9D38F6010E9B0AD9DE0F59BCE9E98841033AD3122A163DD321EE4B11ED191277CDCB8E0B455D725593A88AA5
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:............h.z...i.....j.....k.....l.....m.....o.....p.....r.....s.....t.....y.....z.....|.....}.......$.....).....1.....<.....D.....S.....X....._.....f.....h.....m...........................................................e.....u.....w.....{...............................................'.....F.....S.....f.....z...............................................$.....*.....3.....F.....Y....._.....b.....h.........................................8.....O.....U.....].....d.....m.....z................................... .....-.....W.....t.........................................,...../.....<.....L.....Y.....r.....................................................".......................s.................................................................=.....T...................................!.....'.....=.....O.....\... ._...".i...%.....(.....*.....+.....,.+.....A.../.^...0.j...1.....3.....4.....5.....6.=...7.S...8.j...9.z...;.....<.....=.....>.....?.....@.....A.....C.6...D.F...E.g...F.~...G...

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\locales\lt.pak

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\Desktop\ShadowFury.exe
                                                                                                                                                                        File Type:data
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):457220
                                                                                                                                                                        Entropy (8bit):5.634955727013476
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:6144:Ca5OlSk7unX4nkokvgneIVUoCb1DD7U5R3zv9dFaL8tx9e2lJ2I96S2:Ca5Olrpgme2UoC9c59zv9fx9eoP6S2
                                                                                                                                                                        MD5:980C27FD74CC3560B296FE8E7C77D51F
                                                                                                                                                                        SHA1:F581EFA1B15261F654588E53E709A2692D8BB8A3
                                                                                                                                                                        SHA-256:41E0F3619CDA3B00ABBBF07B9CD64EC7E4785ED4C8A784C928E582C3B6B8B7DB
                                                                                                                                                                        SHA-512:51196F6F633667E849EF20532D57EC81C5F63BAB46555CEA8FAB2963A078ACDFA84843EDED85C3B30F49EF3CEB8BE9E4EF8237E214EF9ECFF6373A84D395B407
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:........U...h.....i.....j.)...k.8...l.C...n.K...o.P...p.]...r.c...s.t...t.}...v.....w.....y.....z.....|.....}.........................................................................8.....F.....S.....g.....r.....................................................5.....T.....m.....v...............................................!.....6.....=.....F.....S.....a.....u.....................................................&.....<.....Z.....w.............................5.....>.....F.....M.....X.....j.....................................................-.....T.....m.....{.................................................................H.....O.....R.....S.....].....h.....o.....y.................).....x.............................G.....X.....v...............................................B.....d...............................................)... .>...".N...%.m...(.....*.....+.....,.........../.!...0.$...1.U...3.f...4.....5.....6.....7. ...8.@...9.T...;.b...<.s...=.....>.....?.....@.....A.....C.:.

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\locales\lv.pak

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\Desktop\ShadowFury.exe
                                                                                                                                                                        File Type:data
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):455871
                                                                                                                                                                        Entropy (8bit):5.635474464056208
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:6144:GOQDGtu4e+D8NHtVFHTPq7K4vHo4q3sb3755ZanXDEG9Aarl4zxmEA5QXls14:GOQUZ2Gu4vTqw75KEGGmEs14
                                                                                                                                                                        MD5:E4F7D9E385CB525E762ECE1AA243E818
                                                                                                                                                                        SHA1:689D784379BAC189742B74CD8700C687FEEEDED1
                                                                                                                                                                        SHA-256:523D141E59095DA71A41C14AEC8FE9EE667AE4B868E0477A46DD18A80B2007EF
                                                                                                                                                                        SHA-512:E4796134048CD12056D746F6B8F76D9EA743C61FEE5993167F607959F11FD3B496429C3E61ED5464551FD1931DE4878AB06F23A3788EE34BB56F53DB25BCB6DF
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:........e...h.,...i.=...j.I...k.X...l.c...n.k...o.p...p.}...r.....s.....t.....v.....w.....y.....z.....|.....}.................................................&.....'.....(.....*.....O.....b.....u.....................................................!.....%.....M.....].....s.....z...............................................!.....2.....8.....>.....Q.....e.....{...........................................................%.....7.....I.....g.....}...........................................................3.....7.....P.........................................+.....<.....O.....d.....v...........................................................".....#.....-.....8.....@.....G.....Y.................-.....8...................................%.....,.....;.....>.....I....._.............................#.....T.....i.....p.....y..................... .....".....%.....(.....*.....+.1...,.O.....r.../.....0.....1.....3.....4.....5.!...6.\...7.|...8.....9.....<.....=.....>.....?.....@.....A.9...C.X...D.e.

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\locales\ml.pak

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\Desktop\ShadowFury.exe
                                                                                                                                                                        File Type:data
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):1056673
                                                                                                                                                                        Entropy (8bit):4.264965642462621
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:12288:AYtrLnsoR47/R7nUwmoMmWDcZubSA/d+8di3ethK5d/7dxOt3ab:lt0oNwMi3eG5d/7Ot3c
                                                                                                                                                                        MD5:8B38C65FC30210C7AF9B6FA0424266F4
                                                                                                                                                                        SHA1:116413710FFCF94FBFA38CB97A47731E43A306F5
                                                                                                                                                                        SHA-256:E8DF9A74417C5839C531D7CCAB63884A80AFB731CC62CBBB3FD141779086AC7D
                                                                                                                                                                        SHA-512:0FD349C644AC1A2E7ED0247E40900D3A9957F5BEF1351B872710D02687C934A8E63D3A7585E91F7DF78054AEFF8F7ABD8C93A94FCD20C799779A64278BAB2097
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:........j...h.6...i.G...j.S...k.b...l.m...n.u...o.z...p.....r.....s.....t.....v.....w.....y.....z.....|.....}.....................................".....).....0.....1.....2.....7.................".....b.....}.......................N...........3.....5.....9.....a.......................M.....{.................@.....n...........!.....e.............................'.......................C.....}.............................H.................=.................P.....~.........................................v.................I.....j.........................................b...................................q.......................b.....i.....l.....n.............................1...........q.....'.....E...........N...........(.....`...................................;.............................Y.....4.............................;.....k... .....".....%.n...(.....*.....+.....,.M........./.....0.....1.}...3.....4.....5.>...6.....7.....8.....9.....;.....<.8...=.X...>.....?.....@.....A.....C...

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\locales\mr.pak

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\Desktop\ShadowFury.exe
                                                                                                                                                                        File Type:data
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):863911
                                                                                                                                                                        Entropy (8bit):4.295071040310227
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:3072:OVDue+/Ti/eFcDX6WRAWXXspvidz0F5MU9G3GRe3RQR3K5/knxi4nou4bmHwIZus:eueAi2FZW2bo26lp70Kte5zGpGiBs
                                                                                                                                                                        MD5:C0EF1866167D926FB351E9F9BF13F067
                                                                                                                                                                        SHA1:6092D04EF3CE62BE44C29DA5D0D3A04985E2BC04
                                                                                                                                                                        SHA-256:88DF231CF2E506DB3453F90A797194662A5F85E23BBAC2ED3169D91A145D2091
                                                                                                                                                                        SHA-512:9E2B90F3AC1AE5744C22C2442FBCD86A8496AFC2C58F6CA060D6DBB08AF6F7411EF910A7C8CA5AEDEE99B5443D4DFF709C7935E8322CB32F8B071EE59CAEE733
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:........(...h.....i.....j.....k.....l.....n.....o.....p.....r.....s.#...t.,...v.A...w.N...y.T...z.c...|.i...}.{.......................................................................9.....[.....}...................................!...................................).....\.............................?.......................&.....E.....a.....w.......................[...............................................4.....^.......................L...................................&.....2.....U.....n.......................i.....................................................;.....X.........................................:.....m.....t.....w.....y.........................................7...................................-.....F.....f.....o.............................".....v.................O.............................?.....t......... .....".....%.,...(.b...*.....+.....,.........../.?...0.L...1.....3.....4.....5.P...6.....7.....8.:...9.b...;.....<.....=.....>.....?.....@.I...A.}...C...

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\locales\ms.pak

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\Desktop\ShadowFury.exe
                                                                                                                                                                        File Type:data
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):390303
                                                                                                                                                                        Entropy (8bit):5.258177538585681
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:6144:zCsFFfyrvxoQuXkulRopY/5BI8T5sHAVHMM/k3y:tQxoNlR6K5v5vVsMZ
                                                                                                                                                                        MD5:9B3E2F3C49897228D51A324AB625EB45
                                                                                                                                                                        SHA1:8F3DAEC46E9A99C3B33E3D0E56C03402CCC52B9D
                                                                                                                                                                        SHA-256:61A3DAAE72558662851B49175C402E9FE6FD1B279E7B9028E49506D9444855C5
                                                                                                                                                                        SHA-512:409681829A861CD4E53069D54C80315E0C8B97E5DB4CD74985D06238BE434A0F0C387392E3F80916164898AF247D17E8747C6538F08C0EF1C5E92A7D1B14F539
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:........c...h.(...i.0...j.<...k.K...l.V...n.^...o.c...p.p...r.v...s.....t.....v.....w.....y.....z.....|.....}................................................................... .....J.....].....q.................................................................<.....R.....r.....{.......................................................................+.....;.....J.....y.............................................................................6.....S.....w.............................................................................:.....S....._.................................................................0.....I.....`.....s.....z.....}.....~.....................................................M.....T.................................................................2.....N.....f.....................................................,.....:... .=...".I...%.u...(.....*.....+.....,.........../.....0.....1.....3.;...4.Z...5.m...6.....7.....8.....9.....;.....<.....=.....>.:...?.B...@.W...A...

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\locales\nb.pak

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\Desktop\ShadowFury.exe
                                                                                                                                                                        File Type:data
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):383011
                                                                                                                                                                        Entropy (8bit):5.424530593988954
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:6144:rmRAsByIhGvbSqOp7f21zg2mKP7s4Uzwn5el4nYHOp1D:rmRGxvbSqOp7f21vs4kM5el4Jp1D
                                                                                                                                                                        MD5:AF0FD9179417BA1D7FCCA3CC5BEE1532
                                                                                                                                                                        SHA1:F746077BBF6A73C6DE272D5855D4F1CA5C3AF086
                                                                                                                                                                        SHA-256:E900F6D0DD9D5A05B5297618F1FE1600C189313DA931A9CB390EE42383EB070F
                                                                                                                                                                        SHA-512:C94791D6B84200B302073B09357ABD2A1D7576B068BAE01DCCDA7BC154A6487145C83C9133848CCF4CB9E6DC6C5A9D4BE9D818E5A0C8F440A4E04AE8EABD4A29
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:........S...h.....i.....j.+...k.:...l.E...n.M...o.R...p._...r.e...s.v...t.....v.....w.....y.....z.....|.....}.........................................................................3.....>.....M.....`.....h.....r.....................................................$.....<.....A.....P.....a.....h.....t...........................................................).....\.....o.....v.....{...........................................................).....A.....Z.....e.....i.....q.....x.....~...........................................................5.....X.....n.....w.........................................................................................!.....).....4.....;.....F.....v.......................>.....X.....p...........................................................&.....?.....W................................................... .....".....%. ...(.@...*.c...+.f...,.........../.....0.....1.....3.....4.....5.....6.L...7.c...8.....9.....;.....<.....=.....>.....?.....@.....A.....C.".

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\locales\nl.pak

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\Desktop\ShadowFury.exe
                                                                                                                                                                        File Type:data
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):395064
                                                                                                                                                                        Entropy (8bit):5.365550895872654
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:6144:9V01rV7gSsX5SEHDpaQe3D+qnRVd5qYx1Gp7KhaPW:96NFgSsX5S1V7d5qYx1Gp7KcPW
                                                                                                                                                                        MD5:181D2A0ECE4B67281D9D2323E9B9824D
                                                                                                                                                                        SHA1:E8BDC53757E96C12F3CD256C7812532DD524A0EA
                                                                                                                                                                        SHA-256:6629E68C457806621ED23AA53B3675336C3E643F911F8485118A412EF9ED14CE
                                                                                                                                                                        SHA-512:10D8CC9411CA475C9B659A2CC88D365E811217D957C82D9C144D94843BC7C7A254EE2451A6F485E92385A660FA01577CFFA0D64B6E9E658A87BEF8FCCBBEAF7E
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:........E...h.....i.....j.....k.....l.#...n.+...o.0...p.=...r.C...s.T...t.]...v.r...w.....y.....z.....|.....}...............................................................................$.....4.....E.....N.....W.....r.....z.....................................................'.....7.....I.....V.....c...........................................................!.....`.....u.....z...........................................................+.....G.....f.......................................................................9.....E.....].....v.....................................................2.....F.....Y.....t.................................................................'.....a...................................<.....I.....Y.....a.....j.....n.....r...................................".....O.....d.....m.....x..................... .....".....%.....(.....*.....+.....,.!.....2.../.I...0.S...1.....3.....4.....5.....6.....7.....8.;...9.J...;.Z...<.h...=.v...>.....?.....@.....A.....C.....D...

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\locales\pl.pak

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\Desktop\ShadowFury.exe
                                                                                                                                                                        File Type:data
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):439920
                                                                                                                                                                        Entropy (8bit):5.766175831058526
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:12288:f2jujSo9/D+Xgv3iWGb1vPiCUdhUo3Ymhz1QhjAB5cUE447e:Sc3N1Qhw5me
                                                                                                                                                                        MD5:18D49D5376237BB8A25413B55751A833
                                                                                                                                                                        SHA1:0B47A7381DE61742AC2184850822C5FA2AFA559E
                                                                                                                                                                        SHA-256:1729AA5C8A7E24A0DB98FEBCC91DF8B7B5C16F9B6BB13A2B0795038F2A14B981
                                                                                                                                                                        SHA-512:45344A533CC35C8CE05CF29B11DA6C0F97D8854DAE46CF45EF7D090558EF95C3BD5FDC284D9A7809F0B2BF30985002BE2AA6A4749C0D9AE9BDFF4AD13DE4E570
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:........T...h.....i.....j.%...k.4...l.?...n.G...o.L...p.Y...r._...s.p...t.y...v.....w.....y.....z.....|.....}.........................................................................6.....E.....S.....h.....q...........................................................3.....M.....S.....g.....|.................................................................).....;.....n.............................................................................2.....N.....i.....{.................................................................+.....6.....V.....c...........................................................(.....7.....M.....d.....{...........................................................T.............................,.....i.....r.....................................................7.....V.....r............................................. .....".)...%.K...(.c...*.....+.....,.........../.....0.....1.....3.,...4.K...5.i...6.....7.....8.....9.....;.....<.....=.....>.....?.$...@.7...A.{...C...

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\locales\pt-BR.pak

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\Desktop\ShadowFury.exe
                                                                                                                                                                        File Type:data
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):415447
                                                                                                                                                                        Entropy (8bit):5.426006792591415
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:6144:Bm1HqF4Znh9GzBtNBXBLd1OUDcpryHF55NJND0bsRzlb2:UHrnhMzX5PJB4sRxC
                                                                                                                                                                        MD5:0D9DEA9E24645C2A3F58E4511C564A36
                                                                                                                                                                        SHA1:DCD2620A1935C667737EEA46CA7BB2BDCB31F3A6
                                                                                                                                                                        SHA-256:CA7B880391FCD319E976FCC9B5780EA71DE655492C4A52448C51AB2170EEEF3B
                                                                                                                                                                        SHA-512:8FCF871F8BE7727E2368DF74C05CA927C5F0BC3484C4934F83C0ABC98ECAF774AD7ABA56E1BF17C92B1076C0B8EB9C076CC949CD5427EFCADE9DDF14F6B56BC5
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:........j...h.6...i.G...j.S...k.b...l.m...n.u...o.z...p.....r.....s.....t.....v.....w.....y.....z.....|.....}.....................................".....).....0.....1.....2.....7....._.....q.....................................................#.....%.....).....T.....c.....|...................................................../.....F.....P.....X.....h.....y...........................................................%.....:.....H.....Y.....r.................................................................+.....5.....F.....~...............................................).....;.....S.....V.....g.....y.............................................................................=.....y............................. .....H.....R.....i.....p.....z...............................................3.....f....................................... .....".....%.....(.....*.(...+.+...,.I.....Z.../.n...0.w...1.....3.....4.....5.....6.-...7.A...8.Y...9.l...;.|...<.....=.....>.....?.....@.....A.....C.!...D.+.

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\locales\pt-PT.pak

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\Desktop\ShadowFury.exe
                                                                                                                                                                        File Type:data
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):416977
                                                                                                                                                                        Entropy (8bit):5.401132911995885
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:6144:isWkrPyGJeOMqieJVJJxhlOlxLu3ov5xKqSR0B:X3PBxj8zv5xKqSRW
                                                                                                                                                                        MD5:6A7232F316358D8376A1667426782796
                                                                                                                                                                        SHA1:8B70FE0F3AB2D73428F19ECD376C5DEBA4A0BB6C
                                                                                                                                                                        SHA-256:6A526CD5268B80DF24104A7F40F55E4F1068185FEBBBB5876BA2CB7F78410F84
                                                                                                                                                                        SHA-512:40D24B3D01E20AE150083B00BB6E10BCA81737C48219BCE22FA88FAAAD85BDC8C56AC9B1EB01854173B0ED792E34BDFBAC26D3605B6A35C14CF2824C000D0DA1
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:........s...h.H...i.Y...j.e...k.t...l.....n.....o.....p.....r.....s.....t.....v.....w.....y.....z.....|.....}.........................%.....-.....4.....;.....B.....C.....D.....I.....r...........................................................&.....(.....,.....W.....f...........................................................!.....9.....C.....K.....\.....n.................................................................%.....3.....D.....b.................................................................#.....+.....<.....t.....~...............................................(.....:.....T.....W.....h.....|.............................................................................N...................................0.....X.....b.....|.....................................................;.....^............................................. .....".....%.....(.3...*.P...+.S...,.q........./.....0.....1.....3.....4.....5.8...6.....7.....8.....9.....;.....<.....=.....>.....?.....@.+...A.a...C...

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\locales\ro.pak

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\Desktop\ShadowFury.exe
                                                                                                                                                                        File Type:data
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):430191
                                                                                                                                                                        Entropy (8bit):5.460617985170646
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:6144:pqgw32K4aoFt3GgnSYn0vLi5OU6ois2a/7ulqr:pqgVzFt3GgnSY0vLi5OXo3/5r
                                                                                                                                                                        MD5:99EAA3D101354088379771FD85159DE1
                                                                                                                                                                        SHA1:A32DB810115D6DCF83A887E71D5B061B5EEFE41F
                                                                                                                                                                        SHA-256:33F4C20F7910BC3E636BC3BEC78F4807685153242DD4BC77648049772CF47423
                                                                                                                                                                        SHA-512:C6F87DA1B5C156AA206DC21A9DA3132CBFB0E12E10DA7DC3B60363089DE9E0124BBAD00A233E61325348223FC5953D4F23E46FE47EC8E7CA07702AC73F3FD2E9
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:........L...h.....i.....j.....k.$...l./...n.7...o.<...p.I...r.O...s.`...t.i...v.~...w.....y.....z.....|.....}.........................................................................1.....@.....L.....Z.....e.....p...........................................................<.....E.....^.....n.....y...............................................+.....?.....T.................................................................M.....n...................................#.....+.....2.....8.....G.....Y.....n.....u...............................................T.....b.....t.....................................................,.....@.....G.....J.....K.....W.....c.....p.....y.................).....r.....z.............................9.....S.....d.....l.....r.....x.............................3.....V............................................. .....".....%.<...(.S...*.k...+.n...,.........../.....0.....1.....3.....4.'...5.G...6.....7.....8.....9.....;.....<.....=.....>.....?.....@.&...A._...C.....D...

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\locales\ru.pak

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\Desktop\ShadowFury.exe
                                                                                                                                                                        File Type:data
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):703696
                                                                                                                                                                        Entropy (8bit):4.836890612319527
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:12288:ckXRY5eXN2hHO3j/jHXzvMBsiA2kkce8P/XyFGGJGswfaZ/LeUFCcYWIkHWajf+F:ck5LZ5w6pF
                                                                                                                                                                        MD5:AB9902025DCF7D5408BF6377B046272B
                                                                                                                                                                        SHA1:C9496E5AF3E2A43377290A4883C0555E27B1F10F
                                                                                                                                                                        SHA-256:983B15DCC31D0E9A3DA78CD6021E5ADD2A3C2247322ADED9454A5D148D127AAE
                                                                                                                                                                        SHA-512:D255D5F5B6B09AF2CDEC7B9C171EEBB1DE1094CC5B4DDF43A3D4310F8F5F223AC48B8DA97A07764D1B44F1D4A14FE3A0C92A0CE6FE9A4AE9A6B4A342E038F842
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:..........S.h.....i.....j.....k.....l.....n.#...o.(...p.5...r.;...s.L...t.U...v.j...w.w...y.}...z.....|.....}.........................................................................:.....W.....t.........................................E.....l.....n.....r...................................(.....A.....K.............................3.....?.....b.......................+.....5.....F.....[.....v.........................................8.....f.........................................*.....K.....e...................................H.....i.............................7.....t.....w...................................B.....I.....L.....M.....].....q...................................>.....J.................#.....e.........................................6.....t.................:.......................#.....7.....G.....w......... .....".....%.....(.....*.....+.....,.........../.....0.....1.]...3.t...4.....5.....6.N...7.r...8.....9.....;.....<.....=.....>.8...?.G...@.f...A.....C.!...D.2...E.j...F...

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\locales\sk.pak

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\Desktop\ShadowFury.exe
                                                                                                                                                                        File Type:data
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):443094
                                                                                                                                                                        Entropy (8bit):5.818852266406701
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:6144:vQt/WMWyqiLJcPXPk5ELALWaQlKDEmLFGR:vQYfyqiWPXM5ELALWaQlwdLE
                                                                                                                                                                        MD5:C6C7396DBFB989F034D50BD053503366
                                                                                                                                                                        SHA1:089F176B88235CCE5BCA7ABFCC78254E93296D61
                                                                                                                                                                        SHA-256:439F7D6C23217C965179898754EDCEF8FD1248BDD9B436703BF1FF710701117A
                                                                                                                                                                        SHA-512:1476963F47B45D2D26536706B7EEBA34CFAE124A3087F7727C4EFE0F19610F94393012CDA462060B1A654827E41F463D7226AFA977654DCD85B27B7F8D1528EB
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:........U...h.....i. ...j.,...k.;...l.F...n.N...o.S...p.`...r.f...s.w...t.....v.....w.....y.....z.....|.....}.........................................................................A.....U.....].....o.....z.....................................................9.....R.....q.....w...............................................!.....0.....6.....>.....N....._.....s.....................................................$.....:.....L.....h.......................................................................".....=.....|...............................................*.....9.....a.....d.....v...................................................................................d.......................t.........................................%.....0.....9.....P.....x.............................U.....r.....z........................... .....".....%.....(.....*.6...+.9...,.W.....h.../.....0.....1.....3.....4.....5.....6.D...7.Y...8.p...9.....;.....<.....=.....>.....?.....@.....A.(...C.I...D.T...E.t.

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\locales\sl.pak

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\Desktop\ShadowFury.exe
                                                                                                                                                                        File Type:data
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):427791
                                                                                                                                                                        Entropy (8bit):5.48540289392965
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:12288:iyCeC3SMQRB21BPDwY5oEcAVOlJgi/fzxzqg:iTJ6kDwY5oEc0i/fzxt
                                                                                                                                                                        MD5:D4BD9F20FD29519D6B017067E659442C
                                                                                                                                                                        SHA1:782283B65102DE4A0A61B901DEA4E52AB6998F22
                                                                                                                                                                        SHA-256:F33AFA6B8DF235B09B84377FC3C90403C159C87EDD8CD8004B7F6EDD65C85CE6
                                                                                                                                                                        SHA-512:ADF8D8EC17E8B05771F47B19E8027F88237AD61BCA42995F424C1F5BD6EFA92B23C69D363264714C1550B9CD0D03F66A7CFB792C3FBF9D5C173175B0A8C039DC
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:........A...h.....i.....j.....k.....l.....n.!...o.&...p.3...r.9...s.J...t.S...v.h...w.u...y.{...z.....|.....}.....................................................................................*.....:.....B.....R.....y...............................................,.....D.....N.....X.....b.....m.....{.................................................................M.....c.....h.....o...........................................................%.....C.....d.................................................................3.....=.....L.....c.....v.....................................................-.....@.....P.....e.....|.................................................................Y.............................2.....m.....z.....................................................2.....H.....o............................................. .....".....%.....(.P...*.t...+.w...,.........../.....0.....1.....3. ...4.<...5.Q...6.....7.....8.....9.....;.....<.....=.....>.....?.....@.,...A.....C...

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\locales\sr.pak

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\Desktop\ShadowFury.exe
                                                                                                                                                                        File Type:data
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):660194
                                                                                                                                                                        Entropy (8bit):4.761695251077794
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:12288:oLNvoUKEuNI0I4Ki1eg82ATs+Hc549x4moW037LJzk/k/N:xrnqJc5Axjw
                                                                                                                                                                        MD5:CBB817A58999D754F99582B72E1AE491
                                                                                                                                                                        SHA1:6EC3FD06DEE0B1FE5002CB0A4FE8EC533A51F9FD
                                                                                                                                                                        SHA-256:4BD7E466CB5F5B0A451E1192AA1ABAAF9526855A86D655F94C9CE2183EC80C25
                                                                                                                                                                        SHA-512:EFEF29CEDB7B08D37F9DF1705D36613F423E994A041B137D5C94D2555319FFB068BB311884C9D4269B0066746DACD508A7D01DF40A8561590461D5F02CB52F8B
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:........e...h.,...i.=...j.I...k.X...l.c...n.k...o.p...p.}...r.....s.....t.....v.....w.....y.....z.....|.....}.................................................&.....'.....(.....*.....y............................. .....b.........................................?.....c.........................................?.....V.....o...................................3.....R...................................'.....1.....A.....M.....l.............................J.....................................................4.....@.....c.............................-.....l...................................P.....S.....n.....................................................%.....1.....J.....Y.....o.......................).................&.....n...............................................g.......................H...................................0.....E... .Y...".....%.....(.....*.....+."...,.@.....h.../.....0.....1.....3.....4.R...5.....6.....7.....8.B...9.v...;.....<.....=.....>.....?.....@.....A.....C...

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\locales\sv.pak

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\Desktop\ShadowFury.exe
                                                                                                                                                                        File Type:data
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):385361
                                                                                                                                                                        Entropy (8bit):5.543491670458518
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:6144:M4pITVzssdlJ9EAjiws8cB7xjpZ/4LLXru9M9SOxDE/xUDvZv5pB5mEgb7:BpIXzJ9V2B1q5/5mz
                                                                                                                                                                        MD5:502E4A8B3301253ABE27C4FD790FBE90
                                                                                                                                                                        SHA1:17ABCD7A84DA5F01D12697E0DFFC753FFB49991A
                                                                                                                                                                        SHA-256:7D72E3ADB35E13EC90F2F4271AD2A9B817A2734DA423D972517F3CFF299165FD
                                                                                                                                                                        SHA-512:BD270ABAF9344C96B0F63FC8CEC04F0D0AC9FC343AB5A80F5B47E4B13B8B1C0C4B68F19550573A1D965BB18A27EDF29F5DD592944D754B80EA9684DBCEDEA822
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:........0...h.....i.....j.....k.....l.....n.....o.....p.....r.....s.*...t.3...v.H...w.U...y.[...z.j...|.p...}...........................................................................................!.....).....2.....M.....U.....`...........................................................&.....-.....:.....c.....t.........................................................../.....;.....C.....U.....e.....i.....s.....z...................................%.....H.....S.....Y.....a.....h.....n.....{.....................................................).....R.....q.....y.................................................................$.....+.........../.....7.....?.....J.....R.....].................".....).....u.................................................................'.....?.....k...............................................".....*... ./...".9...%.[...(.x...*.....+.....,.........../.....0.....1.....3.)...4.P...5.e...6.....7.....8.....9.....;.....<.....=.....>.....?.....@.%...A.Q...C.p.

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\locales\sw.pak

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\Desktop\ShadowFury.exe
                                                                                                                                                                        File Type:data
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):404460
                                                                                                                                                                        Entropy (8bit):5.342349721117576
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:12288:icM47G565vqimUwbQuBndO8gJGgnATm5A1vZcsToe4t2ht:iy7GsP5Ar
                                                                                                                                                                        MD5:39277AE2D91FDC1BD38BEA892B388485
                                                                                                                                                                        SHA1:FF787FB0156C40478D778B2A6856AD7B469BD7CB
                                                                                                                                                                        SHA-256:6D6D095A1B39C38C273BE35CD09EB1914BD3A53F05180A3B3EB41A81AE31D5D3
                                                                                                                                                                        SHA-512:BE2D8FBEDAA957F0C0823E7BEB80DE570EDD0B8E7599CF8F2991DC671BDCBBBE618C15B36705D83BE7B6E9A0D32EC00F519FC8543B548422CA8DCF07C0548AB4
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:........Y...h.....i.....j.+...k.:...l.E...n.M...o.R...p._...r.e...s.v...t.....v.....w.....y.....z.....|.....}.........................................................................3.....E.....U.....i.....u...........................................................+.....H.....N.....Z.....m.....z.....................................................$.....8.....E.....p.......................................................................8.....W.....{................................................................. .....[.....m.....{...................................(.....4.....K.....x.....{.........................................................................................+.....\...................................+.....P.....Z.....r.....x...............................................-.....L............................................. .....".....%.....(.7...*.S...+.V...,.t........./.....0.....1.....3.....4.....5.1...6.i...7.....8.....9.....;.....<.....=.....>.....?.....@.....A.9.

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\locales\ta.pak

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\Desktop\ShadowFury.exe
                                                                                                                                                                        File Type:data
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):1043803
                                                                                                                                                                        Entropy (8bit):4.044068430611977
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:6144:LXNxfy+orMVjLn1ExBlhfg5yzntRMcA2i:rffyrrMFL1cB3g5yzMcA2i
                                                                                                                                                                        MD5:7006691481966109CCE413F48A349FF2
                                                                                                                                                                        SHA1:6BD243D753CF66074359ABE28CFAE75BCEDD2D23
                                                                                                                                                                        SHA-256:24EA4028DA66A293A43D27102012235198F42A1E271FE568C7FD78490A3EE647
                                                                                                                                                                        SHA-512:E12C0D1792A28BF4885E77185C2A0C5386438F142275B8F77317EB8A5CEE994B3241BB264D9502D60BFBCE9CF8B3B9F605C798D67819259F501719D054083BEA
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:........(...h.....i.....j.....k.....l.....n.....o.....p.....r.....s.....t.#...v.8...w.E...y.K...z.Z...|.`...}.r.....z.................................................................M.....{.............................v.......................n.....p.....t.................E.....c.......................;.......................0.....m...............................................$.....`...................................0.....y.................9.............................!.....(.....F.....n.......................3.............................F...........;.....`.......................7.....:.....n.................$.....Z.....................................................E.....#.......................Q.................c.............................#...../.....s.............................B.................*.....?.....d............... .....".....%.}...(.....*.O...+.R...,.p........./.....0.....1.u...3.....4.....5.....6.....7.]...8.....9.....;.'...<.G...=.j...>.....?.....@.....A.9...C...

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\locales\te.pak

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\Desktop\ShadowFury.exe
                                                                                                                                                                        File Type:data
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):965006
                                                                                                                                                                        Entropy (8bit):4.295544641165274
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:12288:wM9fKUyABW3p1F9SviTlw2cfgvNFOJgr/p54JVQJMwKpaJC28+58XoX0Doq9OyUk:wM9fKU6225jM9h
                                                                                                                                                                        MD5:F809BF5184935C74C8E7086D34EA306C
                                                                                                                                                                        SHA1:709AB3DECFF033CF2FA433ECC5892A7AC2E3752E
                                                                                                                                                                        SHA-256:9BBFA7A9F2116281BF0AF1E8FFB279D1AA97AC3ED9EBC80C3ADE19E922D7E2D4
                                                                                                                                                                        SHA-512:DE4B14DD6018FDBDF5033ABDA4DA2CB9F5FCF26493788E35D88C07A538B84FDD663EE20255DFD9C1AAC201F0CCE846050D2925C55BF42D4029CB78B057930ACD
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:........o...h.@...i.Z...j.f...k.u...l.....n.....o.....p.....r.....s.....t.....v.....w.....y.....z.....|.....}.........................&...........5.....<.....C.....D.....E.....J.................5.....r.............................#.............................8.....~.......................T.....v.......................x...........#.....A.....c.......................s.......................=...................................V.................v...........>.....s.........................................h.....}.................L.....g.................n.......................:.....c.............................".....R.........................................%.....L.....s.................k...................................1.............................A.....V.....e...........".....r...........P...........>.............................U.....|... .....".....%.....(.q...*.....+.....,.........../.n...0.....1.#...3.F...4.....5.....6.O...7.....8.....9.$...;.Q...<.n...=.....>.....?.....@.....A.Z.

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\locales\th.pak

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\Desktop\ShadowFury.exe
                                                                                                                                                                        File Type:data
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):811437
                                                                                                                                                                        Entropy (8bit):4.342029978594925
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:12288:1Jf31Mkgs3s5UWgHLRflsjj8cKGXdlogG0EeuLADh7Kle9dKj753ohP09XAyFHyJ:1Qzt5/5l
                                                                                                                                                                        MD5:2C41616DFE7FCDB4913CFAFE5D097F95
                                                                                                                                                                        SHA1:CF7D9E8AD3AA47D683E47F116528C0E4A9A159B0
                                                                                                                                                                        SHA-256:F11041C48831C93AA11BBF885D330739A33A42DB211DACCF80192668E2186ED3
                                                                                                                                                                        SHA-512:97329717E11BC63456C56022A7B7F5DA730DA133E3FC7B2CC660D63A955B1A639C556B857C039A004F92E5F35BE61BF33C035155BE0A361E3CD6D87B549DF811
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:..........y.h.....i.....j.....k.....l.....o.....p.....r.....s.....t.....v.....w.....y.....z.,...|.2...}.D.....L.....Q.....Y.....d.....l.....q.....y.............................................................................(.....7................................... .....Y.....k.............................=.....\.....z.............................^.................d.....................................................J.....w.......................F.....y...............................................,.....J.....t.................".....y.................E.....c...................................&.....G.....d.....................................................;...........P.................n.................j.........................................9.......................C.....{...........5.....>.....S..................... .....".....%.?...(.....*.....+.....,.........../.U...0.h...1.....3.....4.V...5.....6.)...7.J...8.....9.....;.....<.....=.....>.X...?.....@.....A.....C. ...D.<...E.o.

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\locales\tr.pak

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\Desktop\ShadowFury.exe
                                                                                                                                                                        File Type:data
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):411446
                                                                                                                                                                        Entropy (8bit):5.6133974766805546
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:6144:y1MAG26Pl1kY1bkQq/7I5NsA7WGgeh5X/0+gi1ZavXEAQwiBvVGI:9j2Yle66s5775X/R
                                                                                                                                                                        MD5:3A858619502C68D5F7DE599060F96DB9
                                                                                                                                                                        SHA1:80A66D9B5F1E04CDA19493FFC4A2F070200E0B62
                                                                                                                                                                        SHA-256:D81F28F69DA0036F9D77242B2A58B4A76F0D5C54B3E26EE96872AC54D7ABB841
                                                                                                                                                                        SHA-512:39A7EC0DFE62BCB3F69CE40100E952517B5123F70C70B77B4C9BE3D98296772F10D3083276BC43E1DB66ED4D9BFA385A458E829CA2A7D570825D7A69E8FBB5F4
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:........}...h.\...i.m...j.w...k.....l.....n.....o.....p.....r.....s.....t.....v.....w.....y.....z.....|.....}.......".....'...../.....7.....?.....F.....M.....T.....U.....V.....X...........................................................L.....f.....h.....l.....................................................:.....O.....[.....~............................................... .....$.....,.....9.....N.....P.....S.....Z.....q.....................................................!.....(...../.....D.....X.....{.........................................3.....V.....e.....q.....|.............................................................................).....2.....9.....D.....L.....[.................!.....'.....o.................................................................9.....X.........................................!.....0.....G.....M... .X...".m...%.....(.....*.....+.....,.........../.....0.%...1.Z...3.g...4.}...5.....6.....7.....8.....9.2...;.B...<.M...=.Z...>.m...?.v...@.....A.....C...

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\locales\uk.pak

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\Desktop\ShadowFury.exe
                                                                                                                                                                        File Type:data
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):705061
                                                                                                                                                                        Entropy (8bit):4.868598768447113
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:12288:wrccq9nty/KiDswU1nbx05kB3IjUUmEg5KuoLNiXElqnOyh:HGX35EEK
                                                                                                                                                                        MD5:EE70E9F3557B9C8C67BFB8DFCB51384D
                                                                                                                                                                        SHA1:FC4DFC35CDE1A00F97EEFE5E0A2B9B9C0149751E
                                                                                                                                                                        SHA-256:54324671A161F6D67C790BFD29349DB2E2D21F5012DC97E891F8F5268BDF7E22
                                                                                                                                                                        SHA-512:F4E1DA71CB0485851E8EBCD5D5CF971961737AD238353453DB938B4A82A68A6BBAF3DE7553F0FF1F915A0E6640A3E54F5368D9154B0A4AD38E439F5808C05B9F
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:............h.....i.....j.....k.....l.....n.....o.....p.....r.....s.....t.....v.....w.....y.....z.,...|.2...}.D.....L.....Q.....Y.....a.....i.....p.....w.....~...................................!.....K.....d.....m.............................P.....R.....V.....~...................................%.....F.........................................1.....S.....y.............................!.....8.....Q.....[.....k.....{.............................A.....n.........................................(.....H.....l.....x.......................&.....=.........................................A.....D.....i.............................'...........1.....2.....B.....T.....f.....y.............................+.................$.....~...................................$.....R.......................<.....w.............................E.....u......... .....".....%.....(.....*.{...+.~...,.........../.....0. ...1.....3.....4.....5.....6.Z...7.}...8.....9.....;.....<.....=.....>.I...?.X...@.y...A.....C.1...D.J.

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\locales\ur.pak

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\Desktop\ShadowFury.exe
                                                                                                                                                                        File Type:data
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):617109
                                                                                                                                                                        Entropy (8bit):5.143761316646653
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:12288:LbeI8PzGSEiyqkAXsA5rzTExbWW7mQYrjuUco/9NjjFpvIx:LbDwz5qWK
                                                                                                                                                                        MD5:FF0A23974AEF88AFC86ECC806DBF1D60
                                                                                                                                                                        SHA1:E7BAE97CBB8692A0D106644DFAA9B7D7EA6FCEF0
                                                                                                                                                                        SHA-256:F245AB242AAFEEF37DB736C780476534FAD0706AA66DCB8B6B8CD181B4778385
                                                                                                                                                                        SHA-512:AABE8160FAC7E0EB8E8EB80963FE995FA4A802147D1B8F605BC0FE3F8E2474463C1D313471C11C85EB5578112232FDC8E89B8A6D43DBE38A328538FF30A78D08
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:........S...h.....i.....j.....k.+...l.6...n.>...o.C...p.P...r.V...s.g...t.p...v.....w.....y.....z.....|.....}.........................................................................v...............................................!.....c...............................................3.....Z.....g.............................:.....a.....k.....~.......................+.....\.....f.....y.........................................(.....J.....x.......................7.....F.....N.....U.....i...................................P.....c.....}.................(.....X.....g...............................................!.....?.....].....~.....................................................W.................C.............................!.....=.....C.....Q.....e.....k.......................^.......................+.....7.....L.....e............... .....".....%.....(.....*.K...+.N...,.l........./.....0.....1.....3.1...4.^...5.....6.....7.....8.S...9.l...;.....<.....=.....>.....?.....@.....A.....C.W.

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\locales\vi.pak

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\Desktop\ShadowFury.exe
                                                                                                                                                                        File Type:data
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):488196
                                                                                                                                                                        Entropy (8bit):5.7988900625034185
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:12288:gzLBn6cDgszBm0JXbwS1LcxzIJj758+UIi0+UELbzi830l:gpdDgsz00JrwSNizS5Hti0+UUvi830l
                                                                                                                                                                        MD5:3FE6F90F1F990AED508DEDA3810CE8C2
                                                                                                                                                                        SHA1:3B86F00666D55E984B4ACA1A5E8319FFA8F411FF
                                                                                                                                                                        SHA-256:5EEBB23221AEBCF0BE01BFC2695F7DD35B17F6769BE1E28E5610D35C9717854B
                                                                                                                                                                        SHA-512:9AA9D55F112C8B32AA636086CFD2161D97EA313CAC1A44101014128124A03504C992AC8EFD265ABA4E91787AEF7134A14507A600F5EC96FF82DF950A8883828C
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:............h.j...i.....j.....k.....l.....n.....o.....p.....r.....s.....t.....v.....w.....y.....z.....|.!...}.3.....;.....@.....H.....P.....X....._.....f.....m.....n.....o.....q...............................................(.....2.....Y.....x.....z.....~................................... .....+.....D.....t...........................................................5.....L.....V.....a.....r...........................................................T.....q.................................................................o...................................<.....P.....[.....i.....|.........................................#.....:.....A.....D.....E.....N.....W.....c.....m.......................4.....C.....................................................2.....=....._.............................4.....i....................................... .....".....%.....(.E...*.j...+.m...,.........../.....0.....1.....3.....4.*...5.?...6.y...7.....8.....9.....;.....<.....=.....>.....?.'...@.I...A.u...C...

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\locales\zh-CN.pak

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\Desktop\ShadowFury.exe
                                                                                                                                                                        File Type:data
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):354097
                                                                                                                                                                        Entropy (8bit):6.680890808929274
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:6144:gchsAAfyrtJw99jEaZx79+vKK4/+kTme5zBNCJ7GAmlv:gAAfyrtJAoaZ+vKK4/ye5zBNCJ7C
                                                                                                                                                                        MD5:20F315D38E3B2EDC5832931E7770B62A
                                                                                                                                                                        SHA1:2390BD585DEC1E884873454BB98B6F1467DCF7BB
                                                                                                                                                                        SHA-256:53A803724BBF2E7F40AAB860325C348F786EECA1EA5CA39A76B4C4A616E3233F
                                                                                                                                                                        SHA-512:C338E241DE3561707C7C275B7D6E0FB16185A8CD7112057C08B74FFCE122148EF693FE310C839FF93F102726A78E61DE3E68C8E324F445A07A98EE9C4FDD4E13
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:..........?.h.....i.....j.....k.&...l.-...m.5...o.;...p.@...r.F...s.W...t.`...v.u...w.....|.....}...............................................................................%.....1.....C.....I.....\.....s.....y.....................................................#...../.....G.....S....._.................................................................+.....:.....@.....I.....[.....m.....s.....y...............................................$.....0.....6.....>.....E.....Q.....].....i............................................... .....D.....b.....q.....w............................................................................. .....5.....>.....G.....M.....W.....a.............................K.....].....o.................................................................,.....>.....g............................................. .....".....%.....(.)...*.>...+.A...,.n........./.....0.....1.....3.....4.....5.....6.N...7.c...8.x...9.....;.....<.....=.....>.....?.....@.....A.P...C.w...D...

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\locales\zh-TW.pak

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\Desktop\ShadowFury.exe
                                                                                                                                                                        File Type:data
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):350032
                                                                                                                                                                        Entropy (8bit):6.69437398216595
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:6144:BiwxICJkrCU2JLuRyMD+4qz5MHzCtMkZ/9ybT1:BiyS0pMD+4qz5MHzd6/o
                                                                                                                                                                        MD5:524711882CBFB5B95A63EF48F884CFF0
                                                                                                                                                                        SHA1:1078037687CFC5D038EEB8B63D295239E0EDC47A
                                                                                                                                                                        SHA-256:9E16499CD96A155D410C8DF4C812C52FF2A750F8C4DB87FD891C1E58C1428C78
                                                                                                                                                                        SHA-512:16D45A81F7F4606EDA9D12A8B1DA06E3C866B11BDC0C92A4022BFB8D02B885D8F028457CF23E3F7589DFD191ED7F7FBC68C81B6E1411834EDFCBC9CC85E0DC4D
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:..........\.h.....i.....j.....k.....l.....n.....o.....p.....r.....s.-...t.6...v.K...w.X...y.^...z.m...|.s...}..................................................................................... .....8.....N.....Z.....m...........................................................!.....*.....6.....S.....`.....l.....~.......................................................................#.....)...../.....5.....M.....\.....k.....}.............................................................................'.....T.....`.....l.....................................................,...../.....;.....M....._.....s.............................................................................I.....v.....|...............................................!.....'.....-.....?.....i.....................................................$.....8.....A... .M..."._...%.z...(.....*.....+.....,.........../.....0.....1.@...3.Q...4.i...5.....6.....7.....8.....9.....;.....<.....=.-...>.F...?.P...@.e...A.....C.....D...

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\resources.pak

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\Desktop\ShadowFury.exe
                                                                                                                                                                        File Type:data
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):5245458
                                                                                                                                                                        Entropy (8bit):7.995476669559971
                                                                                                                                                                        Encrypted:true
                                                                                                                                                                        SSDEEP:98304:HLYxfQVcnNWz49PDq2AwpmqdhBh1Dd42cjrwrbHw4o0DPelwG3RC:H0pQGcMButuBhpd4jkrU4oeelrRC
                                                                                                                                                                        MD5:7D5065ECBA284ED704040FCA1C821922
                                                                                                                                                                        SHA1:095FCC890154A52AD1998B4B1E318F99B3E5D6B8
                                                                                                                                                                        SHA-256:A10C3D236246E001CB9D434A65FC3E8AA7ACDDDDD9608008DB5C5C73DEE0BA1F
                                                                                                                                                                        SHA-512:521B2266E3257ADAA775014F77B0D512FF91B087C2572359D68FFE633B57A423227E3D5AF8EE4494538F1D09AA45FFA1FE8E979814178512C37F7088DDD7995D
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:............f.......P'....$*.....-...43@...4.H...4XK...4i]...4.f...4.m...4?p...4.v...4.x...4.z...4.~...4....4.....4?....4.....4....4.....4=....4z....4a....4....4....4.....4.....4.....43....4.....4.....4J....4J....4.....4.....4#....4j....4J....5.....5....v5.:..w5.;..x5.<..y5.>..z5a?...5.?...5.D...5.E...5dJ...5.O...5.V...5.f...5.w...5.x...5.|..n<&...x<....y<....z<....{<....|<....<+....<r....<8....</....<....V@....W@....X@x...Y@d...Z@....[@2...\@O...]@....^@...._@hh..`@....<A....=A.....P.~...Pe....PX....P.....P.....Pt....P.....P3....Q.....QF....Q.....Q.....Q.....Q[....QA....Q.....Q.....QW....Q.....Qv....Q9!...Q.'...QF....Q.1..,Q.F..-QsL...QLN../Q.P..0Q.U..1Q.i..2Q.j..3Q.k..4QEm..5Q.o..6Q.r..7Q~t..8QEw..9Q!x..:Q.z..;Ql...<Q)...=Q....>Q ...?Q"....R....Ry....}.....}. ...}._...}%a...}[h...}.h...}[j...}Lo...}....}.&...}.....}.6...}4;...}.=...}&B...}mG...~.O...~.d...~.q...~.t...~.|...~.}..!~...."~....#~...$~|...&~....'~A...(~....)~....*~t$..+~.4..,~.6..-~V8...~.;../~i<..0~|=..1~iA..2~.H

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\resources\app.asar

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\Desktop\ShadowFury.exe
                                                                                                                                                                        File Type:data
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):47065574
                                                                                                                                                                        Entropy (8bit):6.227439719454162
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:786432:x/WyMZYSu7PNAZKRP4QDM0WyIzANtP6ChuVc:VuZWGdzANtP6ChuVc
                                                                                                                                                                        MD5:7EE146452B3A44DAD419D9E8FBAEED1E
                                                                                                                                                                        SHA1:3EEE03919925951CE50A8DD10133825CA31CBF2C
                                                                                                                                                                        SHA-256:52CF6C92F9EDA76A95BE1B6218BABC24137C9D94FF2594B4C388BB480ACBD29B
                                                                                                                                                                        SHA-512:BEA2A809AF42ECEDA731202C8CADEE74403415BF7EEA218CFE016B50888372D6AB848056B291C1D53A6C15D5E39E95082ED5F874C28AB96F75ACB40F6E3EC1D4
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:....X...T...N...{"files":{"app.js":{"size":400829,"integrity":{"algorithm":"SHA256","hash":"41930f1b80ff6a7b200b017b784a24f3ac889bc6d38f98dfeb6e461ea06048b6","blockSize":4194304,"blocks":["41930f1b80ff6a7b200b017b784a24f3ac889bc6d38f98dfeb6e461ea06048b6"]},"offset":"0"},"package.json":{"size":312,"integrity":{"algorithm":"SHA256","hash":"2817d86f2afa85d5f48a912fdfee8ce181926da19fbf168b21f852675c4fc17d","blockSize":4194304,"blocks":["2817d86f2afa85d5f48a912fdfee8ce181926da19fbf168b21f852675c4fc17d"]},"offset":"400829"},"node_modules":{"files":{"agent-base":{"files":{"package.json":{"size":1198,"integrity":{"algorithm":"SHA256","hash":"1c22afa50ae7fedb6d51d34394cccb31fc4ed27163271d3060355b044a5b5777","blockSize":4194304,"blocks":["1c22afa50ae7fedb6d51d34394cccb31fc4ed27163271d3060355b044a5b5777"]},"offset":"2015156"},"src":{"files":{"index.ts":{"size":9018,"integrity":{"algorithm":"SHA256","hash":"63b9c52366354393361bbbd40158a3051d39a6e2db4ce564418e01e4ecd1bc64","blockSize":4194304,"bloc

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\resources\elevate.exe

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\Desktop\ShadowFury.exe
                                                                                                                                                                        File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):107520
                                                                                                                                                                        Entropy (8bit):6.442687067441468
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:3072:1bLnrwQoRDtdMMgSXiFJWcIgUVCfRjV/GrWl:1PrwRhte1XsE1l
                                                                                                                                                                        MD5:792B92C8AD13C46F27C7CED0810694DF
                                                                                                                                                                        SHA1:D8D449B92DE20A57DF722DF46435BA4553ECC802
                                                                                                                                                                        SHA-256:9B1FBF0C11C520AE714AF8AA9AF12CFD48503EEDECD7398D8992EE94D1B4DC37
                                                                                                                                                                        SHA-512:6C247254DC18ED81213A978CCE2E321D6692848C64307097D2C43432A42F4F4F6D3CF22FB92610DFA8B7B16A5F1D94E9017CF64F88F2D08E79C0FE71A9121E40
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......B..O..............h.......j.q.....k.....e......e......e.......zR........._...h......h.f.............h......Rich....................PE..L......W............................l........0....@.......................................@....................................P.......x.......................T.......p...............................@............0..$............................text............................... ..`.rdata...k...0...l..................@..@.data...............................@....gfids..............................@..@.rsrc...x...........................@..@.reloc..T...........................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\snapshot_blob.bin

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\Desktop\ShadowFury.exe
                                                                                                                                                                        File Type:data
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):220112
                                                                                                                                                                        Entropy (8bit):3.855980291560132
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:3072:PCwB4XM5LZsfo0p7SnaCCz3wqTYLmN6hdSajAvDGc/dH4WBlkwHvwi0UQn1nWIa3:KwNsf5PBt
                                                                                                                                                                        MD5:916127734BC7C5B0DB478191A37FC19A
                                                                                                                                                                        SHA1:F9D868C2578F14513FCB95E109AEC795C98DBBA3
                                                                                                                                                                        SHA-256:E19ED7FB96E19BB5BFE791DF03561D654EA5D52021C3403A2652F439A8D77801
                                                                                                                                                                        SHA-512:D291B26568572D5777B036577DDF30C1B6C6C41E9D53EF2D8AF735DB001EA5C568371F3907FBFFC02FEEE628F0F29AFB718AE5DEB32FF245A37947A7B1B9C297
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:..........j)11.2.214.9-electron.0...........................................D......L...........`....`....`....`b...`....`..........Y.D......`$.........D......`$.......D......`$.......m.D......`$.........D......`D.........D......`$.......1.D......`$.......D......`$.......D......`$.........D......`$.......D......`$......ID......`$.......D......`$.......D......`$....(Jb....I.....@..F^......`.....(Jb....M.....@..F^..`.....H...IDa........D`....D`....D`.......D`.....D]D....D`......WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa............L.........................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\v8_context_snapshot.bin

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\Desktop\ShadowFury.exe
                                                                                                                                                                        File Type:data
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):523336
                                                                                                                                                                        Entropy (8bit):5.1733870178138
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:6144:51ZU4IFZ/X+KBIViMMg8zYOK8B4UnK83ItBaUHK:nZaZ/OiY2BnrUAF
                                                                                                                                                                        MD5:4F4D00247758C684C295243DDEDD2948
                                                                                                                                                                        SHA1:F8E8FC6C22FDE9DF1D60C329E38B38A85F96BB69
                                                                                                                                                                        SHA-256:4EA84C4465EEA20B46E6DED30F711F1E0D61E15574D861B0210819ABD5E895E5
                                                                                                                                                                        SHA-512:2C335672979114BD68FF6F1B1B94235FBF072FE8642CAD1F7D61855B92741F0633FA0CCB77CD520BE560DB2D3AC75F9BE08E22806487BF5D3045781E3903AD45
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:........r4u.11.2.214.9-electron.0................................................C..`...l...............`....`....`T...`b...`....`..........Y.D......`$.........D......`$.......D......`$.......m.D......`$.........D......`D.........D......`$.......1.D......`$.......D......`$.......D......`$.........D......`$.......D......`$......ID......`$.......D......`$.......D......`$....(Jb....I.....@..F^......`.....(Jb....M.....@..F^..`.....H...IDa........D`....D`....D`.......D`.....D]D....D`......WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa............L.................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\vk_swiftshader.dll

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\Desktop\ShadowFury.exe
                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):4691456
                                                                                                                                                                        Entropy (8bit):6.674054781171017
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:98304:x2GmsucG1vUTM3SFhCrHglx7LQDCwchuW6ugI:cuuF4XhCGLQDCaI
                                                                                                                                                                        MD5:65A5705D95A0820740B3396851FF1751
                                                                                                                                                                        SHA1:A692A80BAFC41BA1B29EF19890F8465B3FB20DCB
                                                                                                                                                                        SHA-256:4C4B935CBB320033F504A89B1EB0A4BCB176BBD46A5981153CB1F54DEB146A1C
                                                                                                                                                                        SHA-512:0C5DF23B96EAF952C4A498FF6D854DF2B62E7631B16C2855ED37DDBADFFBA3DD52E7450F2E06CF094BEC2E0D70D14C87A652150766D90EC8662E03123DF5942D
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...)<#d.........."!.....N9..D.......4.......................................H...........@A.........................C.~...f.C.P....pF.......................F..6...:C.....................0:C......`9..............C..............................text....L9......N9................. ..`.rdata......`9......R9.............@..@.data...8T....C..z....C.............@....00cfg.......PF......TE.............@..@.tls....1....`F......VE.............@....rsrc........pF......XE.............@..@.reloc...6....F..8...^E.............@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\vk_swiftshader_icd.json

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\Desktop\ShadowFury.exe
                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):106
                                                                                                                                                                        Entropy (8bit):4.724752649036734
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:3:YD96WyV18tzsmyXLVi1rTVWSCwW2TJHzeZ18rY:Y8WyV18tAZLVmCwXFiZ18rY
                                                                                                                                                                        MD5:8642DD3A87E2DE6E991FAE08458E302B
                                                                                                                                                                        SHA1:9C06735C31CEC00600FD763A92F8112D085BD12A
                                                                                                                                                                        SHA-256:32D83FF113FEF532A9F97E0D2831F8656628AB1C99E9060F0332B1532839AFD9
                                                                                                                                                                        SHA-512:F5D37D1B45B006161E4CEFEEBBA1E33AF879A3A51D16EE3FF8C3968C0C36BBAFAE379BF9124C13310B77774C9CBB4FA53114E83F5B48B5314132736E5BB4496F
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:{"file_format_version": "1.0.0", "ICD": {"library_path": ".\\vk_swiftshader.dll", "api_version": "1.0.5"}}

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\7z-out\vulkan-1.dll

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\Desktop\ShadowFury.exe
                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):804864
                                                                                                                                                                        Entropy (8bit):6.7728821881501
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:24576:cJObHhG7TEnCGlrpZpjL4TB46Z5WODYsHh6g3P0zAk722:c0c7TECgpZpju46Z5WODYsHh6g3P0zA+
                                                                                                                                                                        MD5:A947C5D8FEC95A0F24B4143CED301209
                                                                                                                                                                        SHA1:EBF3089985377A58B8431A14E22A814857287AAF
                                                                                                                                                                        SHA-256:29CB256921A1B0F222C82650469D534CCDF038D1F395B3AAA9F1086918F5D3FA
                                                                                                                                                                        SHA-512:75F5E055F4422B5558FC1CB3EA84FB7CBEAAE6F71C786CC06C295D4AB51C0B1C84E28A7C89FE544F007DBE8E612BED4059139F1575934FE4BAC8E538C674EBD3
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...)<#d.........."!.....H...........8....................................................@A........................._..<!..L...P.... .......................0.......=.......................<.......`..............x................................text....F.......H.................. ..`.rdata..<U...`...V...L..............@..@.data...`5..........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc.......0......................@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\SpiderBanner.dll

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\Desktop\ShadowFury.exe
                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):9216
                                                                                                                                                                        Entropy (8bit):5.5347224014600345
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:192:5lkE3uqRI1y7/xcfK4PRef6gQzJyY1rpKlVrw:5lkMBI1y7UKcef6XzJrpKY
                                                                                                                                                                        MD5:17309E33B596BA3A5693B4D3E85CF8D7
                                                                                                                                                                        SHA1:7D361836CF53DF42021C7F2B148AEC9458818C01
                                                                                                                                                                        SHA-256:996A259E53CA18B89EC36D038C40148957C978C0FD600A268497D4C92F882A93
                                                                                                                                                                        SHA-512:1ABAC3CE4F2D5E4A635162E16CF9125E059BA1539F70086C2D71CD00D41A6E2A54D468E6F37792E55A822D7082FB388B8DFECC79B59226BBB047B7D28D44D298
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........N.../../../..Wy./../../....../..Wi./..Wx./..W~./..W{./..Rich./..................PE..L...T{mW...........!................p!.......0...............................p............@..........................5..o...l1..P....P.......................`.......................................................0...............................text............................... ..`.rdata.......0......................@..@.data........@......................@....rsrc........P......................@..@.reloc..d....`....... ..............@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\StdUtils.dll

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\Desktop\ShadowFury.exe
                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):102400
                                                                                                                                                                        Entropy (8bit):6.729923587623207
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v
                                                                                                                                                                        MD5:C6A6E03F77C313B267498515488C5740
                                                                                                                                                                        SHA1:3D49FC2784B9450962ED6B82B46E9C3C957D7C15
                                                                                                                                                                        SHA-256:B72E9013A6204E9F01076DC38DABBF30870D44DFC66962ADBF73619D4331601E
                                                                                                                                                                        SHA-512:9870C5879F7B72836805088079AD5BBAFCB59FC3D9127F2160D4EC3D6E88D3CC8EBE5A9F5D20A4720FE6407C1336EF10F33B2B9621BC587E930D4CBACF337803
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q....C...C...C...C...C...C...C...C...C...C...C...C...C.[.C...C.[.C...C.[.C...C.[.C...CRich...C........................PE..L...I..[...........!.....*...b...............@.......................................+....@..........................}..d....t..........X............................................................................@...............................text....).......*.................. ..`.rdata..TC...@...D..................@..@.data...l............r..............@....rsrc...X............x..............@..@.reloc..j............~..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\System.dll

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\Desktop\ShadowFury.exe
                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):12288
                                                                                                                                                                        Entropy (8bit):5.719859767584478
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6
                                                                                                                                                                        MD5:0D7AD4F45DC6F5AA87F606D0331C6901
                                                                                                                                                                        SHA1:48DF0911F0484CBE2A8CDD5362140B63C41EE457
                                                                                                                                                                        SHA-256:3EB38AE99653A7DBC724132EE240F6E5C4AF4BFE7C01D31D23FAF373F9F2EACA
                                                                                                                                                                        SHA-512:C07DE7308CB54205E8BD703001A7FE4FD7796C9AC1B4BB330C77C872BF712B093645F40B80CE7127531FE6746A5B66E18EA073AB6A644934ABED9BB64126FEA9
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......qr*.5.D.5.D.5.D...J.2.D.5.E.!.D.....2.D.a0t.1.D.V1n.4.D..3@.4.D.Rich5.D.........PE..L....~.\...........!....."...........).......@...............................p............@..........................B.......@..P............................`.......................................................@..X............................text.... .......".................. ..`.rdata..c....@.......&..............@..@.data...x....P.......*..............@....reloc.......`.......,..............@..B................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\app-32.7z

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\Desktop\ShadowFury.exe
                                                                                                                                                                        File Type:7-zip archive data, version 0.4
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):77525074
                                                                                                                                                                        Entropy (8bit):7.999994689912784
                                                                                                                                                                        Encrypted:true
                                                                                                                                                                        SSDEEP:1572864:16LBYHVOX88i6YQi2JrydyHM/gJnsI0SNcucgzxTMWIyrA8xM:gucsmR3rEysYJnsqN0QMWVA5
                                                                                                                                                                        MD5:6B3CE4218942339696BB76C27F0EB4AB
                                                                                                                                                                        SHA1:A7ABD67F19A98913566CD8FF25F9B2260EE09F5B
                                                                                                                                                                        SHA-256:720CD9E1E0157AA81CF32E61A1449C9985D0427D0B5C82FEECB965B1802F3868
                                                                                                                                                                        SHA-512:369ED5D540B3F398F5318C1F002386A69BDE0CAAA71DCF338C5FFFC9B871BB4497AA018D5CE9BF49FE06218A1074CF3507BB688E8F827A2DEDD8F7F48844D227
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:7z..'...$ADE.......%..........e..R..]...6...#k.![y.`.Gr#.f..F......./.t..C..8.^..k .....@..........ih..w*.`.c...I...;.R.A`../_.Q:..yn........6...a {.f_.....>..`..Nu.....q/..H...hsIhA.5..... .9.[...L./.(.^.+Vz@.Dt7OZI.z.N...~;].rW..k......s...^<i ...w.`3.}............T.Z.v.m..W8..m...........k..8..w+.8..9N.C......._; ..u.J........i43.d.......`....r."O.E...'.{h....'....$.M.$..Y....&.+.r|T....aF.T.9...&..sh....I..;.qP.Y..........V..^..P.:...D.."..@Cw...%8.h.5....6V/0..]....%7.Z.P..w..J..].....M..^......+..BMZ..&..}.6l..hT..t).?2....1...F..H..+...0.s.}.S.-x;...f.b}....8.R.@.....r.....Ib......$(/^XdI..46G..Q....`......h..H.U......p..[.Sa-Q@G.......h!....Z....2$.^.IqZ...~~CUB..#.nAp5.k..K....O".G.(......N...>`.k.....;.~A.X.e.mzUq.L...o..PH..WxfRH..z..dT!."d.W.4...Tx... ..Y<..1.P.#.W..Z7.f.z.R...u6.......C.+?.....p.d........".<.../h.Y..`u<m.y.u.Lh.Fz...#...F).,..G.~..'..Mx.s:3..V..m..[%.B.V[...V.Id_.~i6..$...H.ywyg.D.lA.`.H..+..X..@H....

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsqECAB.tmp\nsis7z.dll

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\Desktop\ShadowFury.exe
                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):434176
                                                                                                                                                                        Entropy (8bit):6.584811966667578
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:6144:aUWQQ5O3fz0NG3ucDaEUTWfk+ZA0NrCL/k+uyoyBOX1okfW7w+Pfzqibckl:an5QEG39fPAkrE4yrBOXDfaNbck
                                                                                                                                                                        MD5:80E44CE4895304C6A3A831310FBF8CD0
                                                                                                                                                                        SHA1:36BD49AE21C460BE5753A904B4501F1ABCA53508
                                                                                                                                                                        SHA-256:B393F05E8FF919EF071181050E1873C9A776E1A0AE8329AEFFF7007D0CADF592
                                                                                                                                                                        SHA-512:C8BA7B1F9113EAD23E993E74A48C4427AE3562C1F6D9910B2BBE6806C9107CF7D94BC7D204613E4743D0CD869E00DAFD4FB54AAD1E8ADB69C553F3B9E5BC64DF
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......L.6a..X2..X2..X2m.[3..X2m.]3..X2Z.]3+.X2Z.\3..X2Z.[3..X2m.\3..X2m.Y3..X2..Y2..X2..\3#.X2..]3..X2..X3..X2...2..X2...2..X2..Z3..X2Rich..X2........PE..L.....\...........!......................... ...............................@............@..........................6.......7..d................................E.....................................@............ ...............................text............................... ..`.rdata..8"... ...$..................@..@.data........P... ...6..............@....rsrc................V..............@..@.reloc...E.......F...Z..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Roaming\ShadowFury\4d92a671-e7a3-4c89-bc91-bed1c44b947d.tmp

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exe
                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                        Category:modified
                                                                                                                                                                        Size (bytes):389
                                                                                                                                                                        Entropy (8bit):5.635852814689077
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:12:YKWSg99rrt+JzGAwTVro6MdsNytxIE7Ll1:YKWfrrt8zGbTV86MZIi
                                                                                                                                                                        MD5:28F6A2A3F9140036CEE3E232FE615C2C
                                                                                                                                                                        SHA1:76B6B5435879ED1B898F65AEDEAB3CA070883989
                                                                                                                                                                        SHA-256:97F4485AC188C7410E56696526AAA215672D97E8E222218C2909AB239DC06D3E
                                                                                                                                                                        SHA-512:11E1F96A6E315190043DDF8A6BC13CFEBF479D45B0C9488A6DF7447BA48AB1DADC59CF2029F1B0A7206EDF984FC0C6AA3F6FB25ED8E3944081159082C399827A
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:{"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABPfBCMf1XfSZ8Dz9/MKWe5AAAAAAIAAAAAABBmAAAAAQAAIAAAAB1JRjarqm3T/pk+tu+gcHoajICMHJmbI3su0io1nSjoAAAAAA6AAAAAAgAAIAAAAJybsYcPI+E4OKewH2bR1gC+JBYVwlDZXNn5rBjnIcgIMAAAAKRtTWp/ytkJLNlSnxERYaRCtD6R2pprztnzbJLKZMZyaI1mak+NYms+ENp9HusiNEAAAAC6yhgTNPYczyR6TOhOOLl/F5+Gxwe7AQ+TvRPfZZNzvqD7JPVTk9+VgaG85IiVe9ifEO795BUUtlSATR6iWcti"}}

                                                                                                                                                                        C:\Users\user\AppData\Roaming\ShadowFury\Local State (copy)

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exe
                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):389
                                                                                                                                                                        Entropy (8bit):5.635852814689077
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:12:YKWSg99rrt+JzGAwTVro6MdsNytxIE7Ll1:YKWfrrt8zGbTV86MZIi
                                                                                                                                                                        MD5:28F6A2A3F9140036CEE3E232FE615C2C
                                                                                                                                                                        SHA1:76B6B5435879ED1B898F65AEDEAB3CA070883989
                                                                                                                                                                        SHA-256:97F4485AC188C7410E56696526AAA215672D97E8E222218C2909AB239DC06D3E
                                                                                                                                                                        SHA-512:11E1F96A6E315190043DDF8A6BC13CFEBF479D45B0C9488A6DF7447BA48AB1DADC59CF2029F1B0A7206EDF984FC0C6AA3F6FB25ED8E3944081159082C399827A
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:{"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABPfBCMf1XfSZ8Dz9/MKWe5AAAAAAIAAAAAABBmAAAAAQAAIAAAAB1JRjarqm3T/pk+tu+gcHoajICMHJmbI3su0io1nSjoAAAAAA6AAAAAAgAAIAAAAJybsYcPI+E4OKewH2bR1gC+JBYVwlDZXNn5rBjnIcgIMAAAAKRtTWp/ytkJLNlSnxERYaRCtD6R2pprztnzbJLKZMZyaI1mak+NYms+ENp9HusiNEAAAAC6yhgTNPYczyR6TOhOOLl/F5+Gxwe7AQ+TvRPfZZNzvqD7JPVTk9+VgaG85IiVe9ifEO795BUUtlSATR6iWcti"}}

                                                                                                                                                                        C:\Users\user\AppData\Roaming\ShadowFury\Local State~RF41a1b2.TMP (copy)

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exe
                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):389
                                                                                                                                                                        Entropy (8bit):5.635852814689077
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:12:YKWSg99rrt+JzGAwTVro6MdsNytxIE7Ll1:YKWfrrt8zGbTV86MZIi
                                                                                                                                                                        MD5:28F6A2A3F9140036CEE3E232FE615C2C
                                                                                                                                                                        SHA1:76B6B5435879ED1B898F65AEDEAB3CA070883989
                                                                                                                                                                        SHA-256:97F4485AC188C7410E56696526AAA215672D97E8E222218C2909AB239DC06D3E
                                                                                                                                                                        SHA-512:11E1F96A6E315190043DDF8A6BC13CFEBF479D45B0C9488A6DF7447BA48AB1DADC59CF2029F1B0A7206EDF984FC0C6AA3F6FB25ED8E3944081159082C399827A
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:{"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABPfBCMf1XfSZ8Dz9/MKWe5AAAAAAIAAAAAABBmAAAAAQAAIAAAAB1JRjarqm3T/pk+tu+gcHoajICMHJmbI3su0io1nSjoAAAAAA6AAAAAAgAAIAAAAJybsYcPI+E4OKewH2bR1gC+JBYVwlDZXNn5rBjnIcgIMAAAAKRtTWp/ytkJLNlSnxERYaRCtD6R2pprztnzbJLKZMZyaI1mak+NYms+ENp9HusiNEAAAAC6yhgTNPYczyR6TOhOOLl/F5+Gxwe7AQ+TvRPfZZNzvqD7JPVTk9+VgaG85IiVe9ifEO795BUUtlSATR6iWcti"}}

                                                                                                                                                                        C:\Users\user\AppData\Roaming\ShadowFury\e90be693-0797-4479-93e1-bf26b23be5af.tmp

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exe
                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                        Category:modified
                                                                                                                                                                        Size (bytes):389
                                                                                                                                                                        Entropy (8bit):5.610943741341332
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:12:YKWSg99rrt+JzCPbzpYfzZ6kNheUl1maY:YKWfrrt8zCP8NheUJY
                                                                                                                                                                        MD5:28445A9D3BCC265CB7B45D2144ABE752
                                                                                                                                                                        SHA1:5B8F3BAFE5A57A8C5AE681B069DFCAD979D4F40C
                                                                                                                                                                        SHA-256:6B8B6D64313BACEED871BB4B03D955B1F1684C35D59803D37BE72E20FA00CA1C
                                                                                                                                                                        SHA-512:6578C9B2FC8FC323813092DB226BA77AF5F74ECE406A28D443B4CAD0AD6900AFFEC13AA30FD57578E6C9CCB3F14953DA56D339C2BDB0DF996527A1CB67471077
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:{"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABPfBCMf1XfSZ8Dz9/MKWe5AAAAAAIAAAAAABBmAAAAAQAAIAAAAOBHLHno+N7ApCAff/ebRHHEztebLO9xOQSolWqGIrLNAAAAAA6AAAAAAgAAIAAAAN/p+F8oHqwL3JFbDKeq2RLsWpxUxQtfuIrMPi2MqccyMAAAAMoaff5te3JoQqhnEDaHDGjCzu1I9lrT444JMhezQW+GSjyiJQ/25MVY7f6IP2UaZkAAAADcUyGNct03QDDOS8CGGiR1MMxsKJgQHF3azOe+QOqgKZ58Rjg0QY34X7mMVcw2bq3CoLxgbLoQQeJcuf01eByq"}}

                                                                                                                                                                        Static File Info

                                                                                                                                                                        General

                                                                                                                                                                        File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                                                        Entropy (8bit):7.9999788477775065
                                                                                                                                                                        TrID:
                                                                                                                                                                        • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                        • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                        • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                        File name:ShadowFury.exe
                                                                                                                                                                        File size:78'038'194 bytes
                                                                                                                                                                        MD5:ab51093cc7ee1f15124b3e33c5b29ff0
                                                                                                                                                                        SHA1:3edb90f6654e68eed56acfb14e8af51cca9c293c
                                                                                                                                                                        SHA256:c0010bd39bdd04aee00a67a73c839c05c8972e473075a2a22213351efa818ff5
                                                                                                                                                                        SHA512:a84e9fa513757257e1ac4c1f4ae1bb2c5600ce5f7fd9e8d8ba79cb7404b6466920bbbadc8d5d14630ee4974d730b480ef072b5a1e188033d55c4809f92d4fc48
                                                                                                                                                                        SSDEEP:1572864:YCV6LBYHVOX88i6YQi2JrydyHM/gJnsI0SNcucgzxTMWIyrA8x:YCAucsmR3rEysYJnsqN0QMWVA
                                                                                                                                                                        TLSH:DF0833AC6FD1FC81E0DC3FBA985E7DBBBB2365482D80AD52316865C25832C476D0E52D
                                                                                                                                                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf..sV..Pf..V`..Pf.Rich.Pf.........................PE..L......\.................h...8...@.

                                                                                                                                                                        File Icon

                                                                                                                                                                        Icon Hash:0771ccf8d84d2907

                                                                                                                                                                        Static PE Info

                                                                                                                                                                        General

                                                                                                                                                                        Entrypoint:0x40338f
                                                                                                                                                                        Entrypoint Section:.text
                                                                                                                                                                        Digitally signed:true
                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                        Subsystem:windows gui
                                                                                                                                                                        Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                                                                                                                        DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                                                        Time Stamp:0x5C157F86 [Sat Dec 15 22:26:14 2018 UTC]
                                                                                                                                                                        TLS Callbacks:
                                                                                                                                                                        CLR (.Net) Version:
                                                                                                                                                                        OS Version Major:4
                                                                                                                                                                        OS Version Minor:0
                                                                                                                                                                        File Version Major:4
                                                                                                                                                                        File Version Minor:0
                                                                                                                                                                        Subsystem Version Major:4
                                                                                                                                                                        Subsystem Version Minor:0
                                                                                                                                                                        Import Hash:b34f154ec913d2d2c435cbd644e91687

                                                                                                                                                                        Authenticode Signature

                                                                                                                                                                        Signature Valid:false
                                                                                                                                                                        Signature Issuer:CN=Microsoft Code Signing PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
                                                                                                                                                                        Signature Validation Error:The digital signature of the object did not verify
                                                                                                                                                                        Error Number:-2146869232
                                                                                                                                                                        Not Before, Not After
                                                                                                                                                                        • 12/05/2022 21:45:59 11/05/2023 21:45:59
                                                                                                                                                                        Subject Chain
                                                                                                                                                                        • CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
                                                                                                                                                                        Version:3
                                                                                                                                                                        Thumbprint MD5:EAF99B1CDFF361CB066EC1CDB5FD68ED
                                                                                                                                                                        Thumbprint SHA-1:F372C27F6E052A6BE8BAB3112B465C692196CD6F
                                                                                                                                                                        Thumbprint SHA-256:6DFB94C073BA075667FCC19AB327AE679D84F2A2BCF76CC21ABFC9B93FEE61A5
                                                                                                                                                                        Serial:33000002CBB77539FB027142360000000002CB

                                                                                                                                                                        Entrypoint Preview

                                                                                                                                                                        Instruction
                                                                                                                                                                        sub esp, 000002D4h
                                                                                                                                                                        push ebx
                                                                                                                                                                        push esi
                                                                                                                                                                        push edi
                                                                                                                                                                        push 00000020h
                                                                                                                                                                        pop edi
                                                                                                                                                                        xor ebx, ebx
                                                                                                                                                                        push 00008001h
                                                                                                                                                                        mov dword ptr [esp+14h], ebx
                                                                                                                                                                        mov dword ptr [esp+10h], 0040A2E0h
                                                                                                                                                                        mov dword ptr [esp+1Ch], ebx
                                                                                                                                                                        call dword ptr [004080A8h]
                                                                                                                                                                        call dword ptr [004080A4h]
                                                                                                                                                                        and eax, BFFFFFFFh
                                                                                                                                                                        cmp ax, 00000006h
                                                                                                                                                                        mov dword ptr [0047AEECh], eax
                                                                                                                                                                        je 00007F7A18AD2493h
                                                                                                                                                                        push ebx
                                                                                                                                                                        call 00007F7A18AD5745h
                                                                                                                                                                        cmp eax, ebx
                                                                                                                                                                        je 00007F7A18AD2489h
                                                                                                                                                                        push 00000C00h
                                                                                                                                                                        call eax
                                                                                                                                                                        mov esi, 004082B0h
                                                                                                                                                                        push esi
                                                                                                                                                                        call 00007F7A18AD56BFh
                                                                                                                                                                        push esi
                                                                                                                                                                        call dword ptr [00408150h]
                                                                                                                                                                        lea esi, dword ptr [esi+eax+01h]
                                                                                                                                                                        cmp byte ptr [esi], 00000000h
                                                                                                                                                                        jne 00007F7A18AD246Ch
                                                                                                                                                                        push 0000000Ah
                                                                                                                                                                        call 00007F7A18AD5718h
                                                                                                                                                                        push 00000008h
                                                                                                                                                                        call 00007F7A18AD5711h
                                                                                                                                                                        push 00000006h
                                                                                                                                                                        mov dword ptr [0047AEE4h], eax
                                                                                                                                                                        call 00007F7A18AD5705h
                                                                                                                                                                        cmp eax, ebx
                                                                                                                                                                        je 00007F7A18AD2491h
                                                                                                                                                                        push 0000001Eh
                                                                                                                                                                        call eax
                                                                                                                                                                        test eax, eax
                                                                                                                                                                        je 00007F7A18AD2489h
                                                                                                                                                                        or byte ptr [0047AEEFh], 00000040h
                                                                                                                                                                        push ebp
                                                                                                                                                                        call dword ptr [00408044h]
                                                                                                                                                                        push ebx
                                                                                                                                                                        call dword ptr [004082A0h]
                                                                                                                                                                        mov dword ptr [0047AFB8h], eax
                                                                                                                                                                        push ebx
                                                                                                                                                                        lea eax, dword ptr [esp+34h]
                                                                                                                                                                        push 000002B4h
                                                                                                                                                                        push eax
                                                                                                                                                                        push ebx
                                                                                                                                                                        push 00440208h
                                                                                                                                                                        call dword ptr [00408188h]
                                                                                                                                                                        push 0040A2C8h

                                                                                                                                                                        Rich Headers

                                                                                                                                                                        Programming Language:
                                                                                                                                                                        • [EXP] VC++ 6.0 SP5 build 8804

                                                                                                                                                                        Data Directories

                                                                                                                                                                        NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x86100xa0.rdata
                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x19b0000x5958.rsrc
                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x4a69cfa0x27b8
                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IAT0x80000x2b0.rdata
                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                        Sections

                                                                                                                                                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                        .text0x10000x66270x68007618d4c0cd8bb67ea9595b4266b3a91fFalse0.6646259014423077data6.450282348506287IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                        .rdata0x80000x14a20x1600eecac1fed9cc6b447d50940d178404d8False0.4405184659090909data5.025178929113415IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                        .data0xa0000x70ff80x600db8f31a08a2242d80c29e1f9500c6527False0.5182291666666666data4.037117731448378IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                        .ndata0x7b0000x1200000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                        .rsrc0x19b0000x59580x5a009bf0d586e66a5720de001190e246aae7False0.49466145833333336data5.4483294178311805IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                                                        Resources

                                                                                                                                                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                        RT_ICON0x19b5c80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States0.7213883677298312
                                                                                                                                                                        RT_ICON0x19c6700xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2688, 256 important colorsEnglishUnited States0.6751066098081023
                                                                                                                                                                        RT_ICON0x19d5180x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1152, 256 important colorsEnglishUnited States0.7851985559566786
                                                                                                                                                                        RT_ICON0x19ddc00x568Device independent bitmap graphic, 16 x 32 x 8, image size 320, 256 important colorsEnglishUnited States0.6560693641618497
                                                                                                                                                                        RT_ICON0x19e3280x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.8031914893617021
                                                                                                                                                                        RT_ICON0x19e7900x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 640EnglishUnited States0.3118279569892473
                                                                                                                                                                        RT_ICON0x19ea780x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishUnited States0.36824324324324326
                                                                                                                                                                        RT_DIALOG0x19eba00x202dataEnglishUnited States0.4085603112840467
                                                                                                                                                                        RT_DIALOG0x19eda80xf8dataEnglishUnited States0.6290322580645161
                                                                                                                                                                        RT_DIALOG0x19eea00xeedataEnglishUnited States0.6260504201680672
                                                                                                                                                                        RT_DIALOG0x19ef900x1fadataEnglishUnited States0.40118577075098816
                                                                                                                                                                        RT_DIALOG0x19f1900xf0dataEnglishUnited States0.6666666666666666
                                                                                                                                                                        RT_DIALOG0x19f2800xe6dataEnglishUnited States0.6565217391304348
                                                                                                                                                                        RT_DIALOG0x19f3680x1eedataEnglishUnited States0.38866396761133604
                                                                                                                                                                        RT_DIALOG0x19f5580xe4dataEnglishUnited States0.6447368421052632
                                                                                                                                                                        RT_DIALOG0x19f6400xdadataEnglishUnited States0.6422018348623854
                                                                                                                                                                        RT_DIALOG0x19f7200x1eedataEnglishUnited States0.3866396761133603
                                                                                                                                                                        RT_DIALOG0x19f9100xe4dataEnglishUnited States0.6359649122807017
                                                                                                                                                                        RT_DIALOG0x19f9f80xdadataEnglishUnited States0.6376146788990825
                                                                                                                                                                        RT_DIALOG0x19fad80x1f2dataEnglishUnited States0.39759036144578314
                                                                                                                                                                        RT_DIALOG0x19fcd00xe8dataEnglishUnited States0.6508620689655172
                                                                                                                                                                        RT_DIALOG0x19fdb80xdedataEnglishUnited States0.6486486486486487
                                                                                                                                                                        RT_DIALOG0x19fe980x202dataEnglishUnited States0.42217898832684825
                                                                                                                                                                        RT_DIALOG0x1a00a00xf8dataEnglishUnited States0.6653225806451613
                                                                                                                                                                        RT_DIALOG0x1a01980xeedataEnglishUnited States0.6512605042016807
                                                                                                                                                                        RT_GROUP_ICON0x1a02880x68dataEnglishUnited States0.6634615384615384
                                                                                                                                                                        RT_VERSION0x1a02f00x240dataEnglishUnited States0.4791666666666667
                                                                                                                                                                        RT_MANIFEST0x1a05300x423XML 1.0 document, ASCII text, with very long lines (1059), with no line terminatorsEnglishUnited States0.5127478753541076

                                                                                                                                                                        Imports

                                                                                                                                                                        DLLImport
                                                                                                                                                                        KERNEL32.dllSetEnvironmentVariableW, SetFileAttributesW, Sleep, GetTickCount, GetFileSize, GetModuleFileNameW, GetCurrentProcess, CopyFileW, SetCurrentDirectoryW, GetFileAttributesW, GetWindowsDirectoryW, GetTempPathW, GetCommandLineW, GetVersion, SetErrorMode, lstrlenW, lstrcpynW, GetDiskFreeSpaceW, ExitProcess, GetShortPathNameW, CreateThread, GetLastError, CreateDirectoryW, CreateProcessW, RemoveDirectoryW, lstrcmpiA, CreateFileW, GetTempFileNameW, WriteFile, lstrcpyA, MoveFileExW, lstrcatW, GetSystemDirectoryW, GetProcAddress, GetModuleHandleA, GetExitCodeProcess, WaitForSingleObject, lstrcmpiW, MoveFileW, GetFullPathNameW, SetFileTime, SearchPathW, CompareFileTime, lstrcmpW, CloseHandle, ExpandEnvironmentStringsW, GlobalFree, GlobalLock, GlobalUnlock, GlobalAlloc, FindFirstFileW, FindNextFileW, DeleteFileW, SetFilePointer, ReadFile, FindClose, lstrlenA, MulDiv, MultiByteToWideChar, WideCharToMultiByte, GetPrivateProfileStringW, WritePrivateProfileStringW, FreeLibrary, LoadLibraryExW, GetModuleHandleW
                                                                                                                                                                        USER32.dllGetSystemMenu, SetClassLongW, EnableMenuItem, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongW, SetCursor, LoadCursorW, CheckDlgButton, GetMessagePos, LoadBitmapW, CallWindowProcW, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, ScreenToClient, GetWindowRect, GetDlgItem, GetSystemMetrics, SetDlgItemTextW, GetDlgItemTextW, MessageBoxIndirectW, CharPrevW, CharNextA, wsprintfA, DispatchMessageW, PeekMessageW, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, EndDialog, RegisterClassW, SystemParametersInfoW, CreateWindowExW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, GetDC, SetTimer, SetWindowTextW, LoadImageW, SetForegroundWindow, ShowWindow, IsWindow, SetWindowLongW, FindWindowExW, TrackPopupMenu, AppendMenuW, CreatePopupMenu, EndPaint, CreateDialogParamW, SendMessageTimeoutW, wsprintfW, PostQuitMessage
                                                                                                                                                                        GDI32.dllSelectObject, SetBkMode, CreateFontIndirectW, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor
                                                                                                                                                                        SHELL32.dllSHGetSpecialFolderLocation, ShellExecuteExW, SHGetPathFromIDListW, SHBrowseForFolderW, SHGetFileInfoW, SHFileOperationW
                                                                                                                                                                        ADVAPI32.dllAdjustTokenPrivileges, RegCreateKeyExW, RegOpenKeyExW, SetFileSecurityW, OpenProcessToken, LookupPrivilegeValueW, RegEnumValueW, RegDeleteKeyW, RegDeleteValueW, RegCloseKey, RegSetValueExW, RegQueryValueExW, RegEnumKeyW
                                                                                                                                                                        COMCTL32.dllImageList_Create, ImageList_AddMasked, ImageList_Destroy
                                                                                                                                                                        ole32.dllOleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance

                                                                                                                                                                        Possible Origin

                                                                                                                                                                        Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                        EnglishUnited States

                                                                                                                                                                        Network Behavior

                                                                                                                                                                        Snort IDS Alerts

                                                                                                                                                                        TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                                                                                        04/23/24-08:29:13.619521UDP2018316ET TROJAN Possible Zeus GameOver/FluBot Related DGA NXDOMAIN Responses53526761.1.1.1192.168.2.6
                                                                                                                                                                        04/23/24-08:31:15.600449UDP2018316ET TROJAN Possible Zeus GameOver/FluBot Related DGA NXDOMAIN Responses53580471.1.1.1192.168.2.6

                                                                                                                                                                        Network Port Distribution

                                                                                                                                                                        TCP Packets

                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                        Apr 23, 2024 08:43:11.657710075 CEST49741443192.168.2.434.117.186.192
                                                                                                                                                                        Apr 23, 2024 08:43:11.657756090 CEST4434974134.117.186.192192.168.2.4
                                                                                                                                                                        Apr 23, 2024 08:43:11.657866001 CEST49741443192.168.2.434.117.186.192
                                                                                                                                                                        Apr 23, 2024 08:43:11.658544064 CEST49741443192.168.2.434.117.186.192
                                                                                                                                                                        Apr 23, 2024 08:43:11.658565998 CEST4434974134.117.186.192192.168.2.4
                                                                                                                                                                        Apr 23, 2024 08:43:11.920350075 CEST4434974134.117.186.192192.168.2.4
                                                                                                                                                                        Apr 23, 2024 08:43:11.921000004 CEST49741443192.168.2.434.117.186.192
                                                                                                                                                                        Apr 23, 2024 08:43:11.921025038 CEST4434974134.117.186.192192.168.2.4
                                                                                                                                                                        Apr 23, 2024 08:43:11.922090054 CEST4434974134.117.186.192192.168.2.4
                                                                                                                                                                        Apr 23, 2024 08:43:11.922147989 CEST49741443192.168.2.434.117.186.192
                                                                                                                                                                        Apr 23, 2024 08:43:11.925604105 CEST49741443192.168.2.434.117.186.192
                                                                                                                                                                        Apr 23, 2024 08:43:11.925681114 CEST4434974134.117.186.192192.168.2.4
                                                                                                                                                                        Apr 23, 2024 08:43:11.925856113 CEST4434974134.117.186.192192.168.2.4
                                                                                                                                                                        Apr 23, 2024 08:43:11.925905943 CEST49741443192.168.2.434.117.186.192
                                                                                                                                                                        Apr 23, 2024 08:43:11.925924063 CEST49741443192.168.2.434.117.186.192
                                                                                                                                                                        Apr 23, 2024 08:43:12.204175949 CEST49742443192.168.2.4162.159.61.3
                                                                                                                                                                        Apr 23, 2024 08:43:12.204272032 CEST44349742162.159.61.3192.168.2.4
                                                                                                                                                                        Apr 23, 2024 08:43:12.204359055 CEST49742443192.168.2.4162.159.61.3
                                                                                                                                                                        Apr 23, 2024 08:43:12.204818964 CEST49742443192.168.2.4162.159.61.3
                                                                                                                                                                        Apr 23, 2024 08:43:12.204853058 CEST44349742162.159.61.3192.168.2.4
                                                                                                                                                                        Apr 23, 2024 08:43:12.398813009 CEST44349742162.159.61.3192.168.2.4
                                                                                                                                                                        Apr 23, 2024 08:43:12.399425983 CEST49742443192.168.2.4162.159.61.3
                                                                                                                                                                        Apr 23, 2024 08:43:12.399446964 CEST44349742162.159.61.3192.168.2.4
                                                                                                                                                                        Apr 23, 2024 08:43:12.400424004 CEST44349742162.159.61.3192.168.2.4
                                                                                                                                                                        Apr 23, 2024 08:43:12.400494099 CEST49742443192.168.2.4162.159.61.3
                                                                                                                                                                        Apr 23, 2024 08:43:12.404036045 CEST49742443192.168.2.4162.159.61.3
                                                                                                                                                                        Apr 23, 2024 08:43:12.404103041 CEST44349742162.159.61.3192.168.2.4
                                                                                                                                                                        Apr 23, 2024 08:43:12.404278040 CEST49742443192.168.2.4162.159.61.3
                                                                                                                                                                        Apr 23, 2024 08:43:12.404290915 CEST44349742162.159.61.3192.168.2.4
                                                                                                                                                                        Apr 23, 2024 08:43:12.557025909 CEST49742443192.168.2.4162.159.61.3
                                                                                                                                                                        Apr 23, 2024 08:43:12.604921103 CEST44349742162.159.61.3192.168.2.4
                                                                                                                                                                        Apr 23, 2024 08:43:12.604988098 CEST44349742162.159.61.3192.168.2.4
                                                                                                                                                                        Apr 23, 2024 08:43:12.605052948 CEST49742443192.168.2.4162.159.61.3
                                                                                                                                                                        Apr 23, 2024 08:43:12.616796970 CEST49742443192.168.2.4162.159.61.3
                                                                                                                                                                        Apr 23, 2024 08:43:12.616867065 CEST44349742162.159.61.3192.168.2.4
                                                                                                                                                                        Apr 23, 2024 08:43:15.852366924 CEST49743443192.168.2.4162.159.61.3
                                                                                                                                                                        Apr 23, 2024 08:43:15.852415085 CEST44349743162.159.61.3192.168.2.4
                                                                                                                                                                        Apr 23, 2024 08:43:15.852473974 CEST49743443192.168.2.4162.159.61.3
                                                                                                                                                                        Apr 23, 2024 08:43:15.853287935 CEST49743443192.168.2.4162.159.61.3
                                                                                                                                                                        Apr 23, 2024 08:43:15.853301048 CEST44349743162.159.61.3192.168.2.4
                                                                                                                                                                        Apr 23, 2024 08:43:16.038347960 CEST44349743162.159.61.3192.168.2.4
                                                                                                                                                                        Apr 23, 2024 08:43:16.038989067 CEST49743443192.168.2.4162.159.61.3
                                                                                                                                                                        Apr 23, 2024 08:43:16.039009094 CEST44349743162.159.61.3192.168.2.4
                                                                                                                                                                        Apr 23, 2024 08:43:16.039901972 CEST44349743162.159.61.3192.168.2.4
                                                                                                                                                                        Apr 23, 2024 08:43:16.040028095 CEST49743443192.168.2.4162.159.61.3
                                                                                                                                                                        Apr 23, 2024 08:43:16.043570995 CEST49743443192.168.2.4162.159.61.3
                                                                                                                                                                        Apr 23, 2024 08:43:16.043652058 CEST49743443192.168.2.4162.159.61.3
                                                                                                                                                                        Apr 23, 2024 08:43:16.043683052 CEST44349743162.159.61.3192.168.2.4
                                                                                                                                                                        Apr 23, 2024 08:43:16.117935896 CEST49743443192.168.2.4162.159.61.3
                                                                                                                                                                        Apr 23, 2024 08:43:16.117974997 CEST44349743162.159.61.3192.168.2.4
                                                                                                                                                                        Apr 23, 2024 08:43:16.256931067 CEST44349743162.159.61.3192.168.2.4
                                                                                                                                                                        Apr 23, 2024 08:43:16.257158041 CEST49743443192.168.2.4162.159.61.3
                                                                                                                                                                        Apr 23, 2024 08:43:16.330570936 CEST49743443192.168.2.4162.159.61.3
                                                                                                                                                                        Apr 23, 2024 08:43:16.330600023 CEST44349743162.159.61.3192.168.2.4
                                                                                                                                                                        Apr 23, 2024 08:43:20.544013977 CEST49744443192.168.2.434.117.186.192
                                                                                                                                                                        Apr 23, 2024 08:43:20.544080973 CEST4434974434.117.186.192192.168.2.4
                                                                                                                                                                        Apr 23, 2024 08:43:20.544157028 CEST49744443192.168.2.434.117.186.192
                                                                                                                                                                        Apr 23, 2024 08:43:20.545672894 CEST49744443192.168.2.434.117.186.192
                                                                                                                                                                        Apr 23, 2024 08:43:20.545691013 CEST4434974434.117.186.192192.168.2.4
                                                                                                                                                                        Apr 23, 2024 08:43:20.803208113 CEST4434974434.117.186.192192.168.2.4
                                                                                                                                                                        Apr 23, 2024 08:43:20.803941965 CEST49744443192.168.2.434.117.186.192
                                                                                                                                                                        Apr 23, 2024 08:43:20.803972006 CEST4434974434.117.186.192192.168.2.4
                                                                                                                                                                        Apr 23, 2024 08:43:20.805490017 CEST4434974434.117.186.192192.168.2.4
                                                                                                                                                                        Apr 23, 2024 08:43:20.805567980 CEST49744443192.168.2.434.117.186.192
                                                                                                                                                                        Apr 23, 2024 08:43:20.808988094 CEST49744443192.168.2.434.117.186.192
                                                                                                                                                                        Apr 23, 2024 08:43:20.809103012 CEST4434974434.117.186.192192.168.2.4
                                                                                                                                                                        Apr 23, 2024 08:43:20.809181929 CEST49744443192.168.2.434.117.186.192

                                                                                                                                                                        UDP Packets

                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                        Apr 23, 2024 08:43:11.565685987 CEST6407253192.168.2.41.1.1.1
                                                                                                                                                                        Apr 23, 2024 08:43:11.654207945 CEST53640721.1.1.1192.168.2.4
                                                                                                                                                                        Apr 23, 2024 08:43:11.932682991 CEST6195853192.168.2.41.1.1.1
                                                                                                                                                                        Apr 23, 2024 08:43:12.065395117 CEST53619581.1.1.1192.168.2.4
                                                                                                                                                                        Apr 23, 2024 08:43:12.106153011 CEST5420053192.168.2.41.1.1.1
                                                                                                                                                                        Apr 23, 2024 08:43:12.107312918 CEST5592053192.168.2.41.1.1.1
                                                                                                                                                                        Apr 23, 2024 08:43:12.194498062 CEST53542001.1.1.1192.168.2.4
                                                                                                                                                                        Apr 23, 2024 08:43:12.195472956 CEST53559201.1.1.1192.168.2.4
                                                                                                                                                                        Apr 23, 2024 08:43:15.762475967 CEST5670553192.168.2.41.1.1.1
                                                                                                                                                                        Apr 23, 2024 08:43:15.762710094 CEST5804253192.168.2.41.1.1.1
                                                                                                                                                                        Apr 23, 2024 08:43:15.850631952 CEST53567051.1.1.1192.168.2.4
                                                                                                                                                                        Apr 23, 2024 08:43:15.851023912 CEST53580421.1.1.1192.168.2.4
                                                                                                                                                                        Apr 23, 2024 08:43:16.587658882 CEST5943253192.168.2.41.1.1.1
                                                                                                                                                                        Apr 23, 2024 08:43:16.714895964 CEST53594321.1.1.1192.168.2.4
                                                                                                                                                                        Apr 23, 2024 08:43:21.776287079 CEST6379953192.168.2.41.1.1.1
                                                                                                                                                                        Apr 23, 2024 08:43:21.864346981 CEST53637991.1.1.1192.168.2.4
                                                                                                                                                                        Apr 23, 2024 08:43:26.587373018 CEST6376053192.168.2.41.1.1.1
                                                                                                                                                                        Apr 23, 2024 08:43:26.676275015 CEST53637601.1.1.1192.168.2.4
                                                                                                                                                                        Apr 23, 2024 08:43:31.587516069 CEST5773253192.168.2.41.1.1.1
                                                                                                                                                                        Apr 23, 2024 08:43:31.711483955 CEST53577321.1.1.1192.168.2.4
                                                                                                                                                                        Apr 23, 2024 08:43:36.588001966 CEST6235153192.168.2.41.1.1.1
                                                                                                                                                                        Apr 23, 2024 08:43:36.711167097 CEST53623511.1.1.1192.168.2.4
                                                                                                                                                                        Apr 23, 2024 08:43:41.587508917 CEST6295853192.168.2.41.1.1.1
                                                                                                                                                                        Apr 23, 2024 08:43:41.679347038 CEST53629581.1.1.1192.168.2.4
                                                                                                                                                                        Apr 23, 2024 08:43:46.588188887 CEST6433453192.168.2.41.1.1.1
                                                                                                                                                                        Apr 23, 2024 08:43:46.676953077 CEST53643341.1.1.1192.168.2.4
                                                                                                                                                                        Apr 23, 2024 08:43:51.590292931 CEST5067653192.168.2.41.1.1.1
                                                                                                                                                                        Apr 23, 2024 08:43:51.678895950 CEST53506761.1.1.1192.168.2.4
                                                                                                                                                                        Apr 23, 2024 08:43:56.603728056 CEST5239553192.168.2.41.1.1.1
                                                                                                                                                                        Apr 23, 2024 08:43:56.692236900 CEST53523951.1.1.1192.168.2.4
                                                                                                                                                                        Apr 23, 2024 08:44:01.590395927 CEST6104153192.168.2.41.1.1.1
                                                                                                                                                                        Apr 23, 2024 08:44:01.679141998 CEST53610411.1.1.1192.168.2.4
                                                                                                                                                                        Apr 23, 2024 08:44:06.588505983 CEST6430453192.168.2.41.1.1.1
                                                                                                                                                                        Apr 23, 2024 08:44:06.677385092 CEST53643041.1.1.1192.168.2.4
                                                                                                                                                                        Apr 23, 2024 08:44:11.587629080 CEST5338753192.168.2.41.1.1.1
                                                                                                                                                                        Apr 23, 2024 08:44:11.710407019 CEST53533871.1.1.1192.168.2.4
                                                                                                                                                                        Apr 23, 2024 08:44:16.587327957 CEST5996853192.168.2.41.1.1.1
                                                                                                                                                                        Apr 23, 2024 08:44:16.675872087 CEST53599681.1.1.1192.168.2.4
                                                                                                                                                                        Apr 23, 2024 08:44:21.596870899 CEST5227953192.168.2.41.1.1.1
                                                                                                                                                                        Apr 23, 2024 08:44:21.732203960 CEST53522791.1.1.1192.168.2.4
                                                                                                                                                                        Apr 23, 2024 08:44:26.601044893 CEST5684653192.168.2.41.1.1.1
                                                                                                                                                                        Apr 23, 2024 08:44:26.692007065 CEST53568461.1.1.1192.168.2.4
                                                                                                                                                                        Apr 23, 2024 08:44:31.726129055 CEST6469753192.168.2.41.1.1.1
                                                                                                                                                                        Apr 23, 2024 08:44:31.849442005 CEST53646971.1.1.1192.168.2.4
                                                                                                                                                                        Apr 23, 2024 08:44:36.587269068 CEST5885753192.168.2.41.1.1.1
                                                                                                                                                                        Apr 23, 2024 08:44:36.677700043 CEST53588571.1.1.1192.168.2.4
                                                                                                                                                                        Apr 23, 2024 08:44:41.587172985 CEST5717253192.168.2.41.1.1.1
                                                                                                                                                                        Apr 23, 2024 08:44:41.679013014 CEST53571721.1.1.1192.168.2.4
                                                                                                                                                                        Apr 23, 2024 08:44:46.588263035 CEST5057853192.168.2.41.1.1.1
                                                                                                                                                                        Apr 23, 2024 08:44:46.676953077 CEST53505781.1.1.1192.168.2.4
                                                                                                                                                                        Apr 23, 2024 08:44:51.587330103 CEST5071653192.168.2.41.1.1.1
                                                                                                                                                                        Apr 23, 2024 08:44:51.678551912 CEST53507161.1.1.1192.168.2.4
                                                                                                                                                                        Apr 23, 2024 08:44:56.587059975 CEST6531953192.168.2.41.1.1.1
                                                                                                                                                                        Apr 23, 2024 08:44:56.676060915 CEST53653191.1.1.1192.168.2.4
                                                                                                                                                                        Apr 23, 2024 08:45:01.587728024 CEST6455053192.168.2.41.1.1.1
                                                                                                                                                                        Apr 23, 2024 08:45:01.712510109 CEST53645501.1.1.1192.168.2.4
                                                                                                                                                                        Apr 23, 2024 08:45:06.587234020 CEST5923253192.168.2.41.1.1.1
                                                                                                                                                                        Apr 23, 2024 08:45:06.676611900 CEST53592321.1.1.1192.168.2.4
                                                                                                                                                                        Apr 23, 2024 08:45:11.587196112 CEST6294853192.168.2.41.1.1.1
                                                                                                                                                                        Apr 23, 2024 08:45:11.676433086 CEST53629481.1.1.1192.168.2.4
                                                                                                                                                                        Apr 23, 2024 08:45:16.588079929 CEST4944353192.168.2.41.1.1.1
                                                                                                                                                                        Apr 23, 2024 08:45:16.676398039 CEST53494431.1.1.1192.168.2.4
                                                                                                                                                                        Apr 23, 2024 08:45:21.673955917 CEST5792653192.168.2.41.1.1.1
                                                                                                                                                                        Apr 23, 2024 08:45:21.797451019 CEST53579261.1.1.1192.168.2.4
                                                                                                                                                                        Apr 23, 2024 08:45:26.588320971 CEST6455953192.168.2.41.1.1.1
                                                                                                                                                                        Apr 23, 2024 08:45:26.676563025 CEST53645591.1.1.1192.168.2.4
                                                                                                                                                                        Apr 23, 2024 08:45:31.587996960 CEST5045653192.168.2.41.1.1.1
                                                                                                                                                                        Apr 23, 2024 08:45:31.676742077 CEST53504561.1.1.1192.168.2.4
                                                                                                                                                                        Apr 23, 2024 08:45:36.587455988 CEST6060353192.168.2.41.1.1.1
                                                                                                                                                                        Apr 23, 2024 08:45:36.675966024 CEST53606031.1.1.1192.168.2.4

                                                                                                                                                                        DNS Queries

                                                                                                                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                        Apr 23, 2024 08:43:11.565685987 CEST192.168.2.41.1.1.10x500bStandard query (0)ipinfo.ioA (IP address)IN (0x0001)false
                                                                                                                                                                        Apr 23, 2024 08:43:11.932682991 CEST192.168.2.41.1.1.10xe422Standard query (0)illitluckygirl.comA (IP address)IN (0x0001)false
                                                                                                                                                                        Apr 23, 2024 08:43:12.106153011 CEST192.168.2.41.1.1.10x93a5Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                                                                                        Apr 23, 2024 08:43:12.107312918 CEST192.168.2.41.1.1.10x1312Standard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                        Apr 23, 2024 08:43:15.762475967 CEST192.168.2.41.1.1.10xd20Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                                                                                        Apr 23, 2024 08:43:15.762710094 CEST192.168.2.41.1.1.10xa2e0Standard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                        Apr 23, 2024 08:43:16.587658882 CEST192.168.2.41.1.1.10xf4deStandard query (0)illitluckygirl.comA (IP address)IN (0x0001)false
                                                                                                                                                                        Apr 23, 2024 08:43:21.776287079 CEST192.168.2.41.1.1.10xd0d7Standard query (0)illitluckygirl.comA (IP address)IN (0x0001)false
                                                                                                                                                                        Apr 23, 2024 08:43:26.587373018 CEST192.168.2.41.1.1.10x845Standard query (0)illitluckygirl.comA (IP address)IN (0x0001)false
                                                                                                                                                                        Apr 23, 2024 08:43:31.587516069 CEST192.168.2.41.1.1.10x65e0Standard query (0)illitluckygirl.comA (IP address)IN (0x0001)false
                                                                                                                                                                        Apr 23, 2024 08:43:36.588001966 CEST192.168.2.41.1.1.10x3f61Standard query (0)illitluckygirl.comA (IP address)IN (0x0001)false
                                                                                                                                                                        Apr 23, 2024 08:43:41.587508917 CEST192.168.2.41.1.1.10x1e5bStandard query (0)illitluckygirl.comA (IP address)IN (0x0001)false
                                                                                                                                                                        Apr 23, 2024 08:43:46.588188887 CEST192.168.2.41.1.1.10xf26fStandard query (0)illitluckygirl.comA (IP address)IN (0x0001)false
                                                                                                                                                                        Apr 23, 2024 08:43:51.590292931 CEST192.168.2.41.1.1.10x190cStandard query (0)illitluckygirl.comA (IP address)IN (0x0001)false
                                                                                                                                                                        Apr 23, 2024 08:43:56.603728056 CEST192.168.2.41.1.1.10xb3c7Standard query (0)illitluckygirl.comA (IP address)IN (0x0001)false
                                                                                                                                                                        Apr 23, 2024 08:44:01.590395927 CEST192.168.2.41.1.1.10x6660Standard query (0)illitluckygirl.comA (IP address)IN (0x0001)false
                                                                                                                                                                        Apr 23, 2024 08:44:06.588505983 CEST192.168.2.41.1.1.10x6c04Standard query (0)illitluckygirl.comA (IP address)IN (0x0001)false
                                                                                                                                                                        Apr 23, 2024 08:44:11.587629080 CEST192.168.2.41.1.1.10x407fStandard query (0)illitluckygirl.comA (IP address)IN (0x0001)false
                                                                                                                                                                        Apr 23, 2024 08:44:16.587327957 CEST192.168.2.41.1.1.10xd0b7Standard query (0)illitluckygirl.comA (IP address)IN (0x0001)false
                                                                                                                                                                        Apr 23, 2024 08:44:21.596870899 CEST192.168.2.41.1.1.10x8932Standard query (0)illitluckygirl.comA (IP address)IN (0x0001)false
                                                                                                                                                                        Apr 23, 2024 08:44:26.601044893 CEST192.168.2.41.1.1.10x551eStandard query (0)illitluckygirl.comA (IP address)IN (0x0001)false
                                                                                                                                                                        Apr 23, 2024 08:44:31.726129055 CEST192.168.2.41.1.1.10x8Standard query (0)illitluckygirl.comA (IP address)IN (0x0001)false
                                                                                                                                                                        Apr 23, 2024 08:44:36.587269068 CEST192.168.2.41.1.1.10x1845Standard query (0)illitluckygirl.comA (IP address)IN (0x0001)false
                                                                                                                                                                        Apr 23, 2024 08:44:41.587172985 CEST192.168.2.41.1.1.10x1ad4Standard query (0)illitluckygirl.comA (IP address)IN (0x0001)false
                                                                                                                                                                        Apr 23, 2024 08:44:46.588263035 CEST192.168.2.41.1.1.10xa9f2Standard query (0)illitluckygirl.comA (IP address)IN (0x0001)false
                                                                                                                                                                        Apr 23, 2024 08:44:51.587330103 CEST192.168.2.41.1.1.10x2f6fStandard query (0)illitluckygirl.comA (IP address)IN (0x0001)false
                                                                                                                                                                        Apr 23, 2024 08:44:56.587059975 CEST192.168.2.41.1.1.10x319bStandard query (0)illitluckygirl.comA (IP address)IN (0x0001)false
                                                                                                                                                                        Apr 23, 2024 08:45:01.587728024 CEST192.168.2.41.1.1.10x8fdcStandard query (0)illitluckygirl.comA (IP address)IN (0x0001)false
                                                                                                                                                                        Apr 23, 2024 08:45:06.587234020 CEST192.168.2.41.1.1.10xde2eStandard query (0)illitluckygirl.comA (IP address)IN (0x0001)false
                                                                                                                                                                        Apr 23, 2024 08:45:11.587196112 CEST192.168.2.41.1.1.10x6d76Standard query (0)illitluckygirl.comA (IP address)IN (0x0001)false
                                                                                                                                                                        Apr 23, 2024 08:45:16.588079929 CEST192.168.2.41.1.1.10xeebdStandard query (0)illitluckygirl.comA (IP address)IN (0x0001)false
                                                                                                                                                                        Apr 23, 2024 08:45:21.673955917 CEST192.168.2.41.1.1.10x7982Standard query (0)illitluckygirl.comA (IP address)IN (0x0001)false
                                                                                                                                                                        Apr 23, 2024 08:45:26.588320971 CEST192.168.2.41.1.1.10xeaecStandard query (0)illitluckygirl.comA (IP address)IN (0x0001)false
                                                                                                                                                                        Apr 23, 2024 08:45:31.587996960 CEST192.168.2.41.1.1.10x6c51Standard query (0)illitluckygirl.comA (IP address)IN (0x0001)false
                                                                                                                                                                        Apr 23, 2024 08:45:36.587455988 CEST192.168.2.41.1.1.10xf7a8Standard query (0)illitluckygirl.comA (IP address)IN (0x0001)false

                                                                                                                                                                        DNS Answers

                                                                                                                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                        Apr 23, 2024 08:43:11.654207945 CEST1.1.1.1192.168.2.40x500bNo error (0)ipinfo.io34.117.186.192A (IP address)IN (0x0001)false
                                                                                                                                                                        Apr 23, 2024 08:43:12.065395117 CEST1.1.1.1192.168.2.40xe422Name error (3)illitluckygirl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                        Apr 23, 2024 08:43:12.194498062 CEST1.1.1.1192.168.2.40x93a5No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                                                                                        Apr 23, 2024 08:43:12.194498062 CEST1.1.1.1192.168.2.40x93a5No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                                                                        Apr 23, 2024 08:43:12.195472956 CEST1.1.1.1192.168.2.40x1312No error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                        Apr 23, 2024 08:43:15.850631952 CEST1.1.1.1192.168.2.40xd20No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                                                                                        Apr 23, 2024 08:43:15.850631952 CEST1.1.1.1192.168.2.40xd20No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                                                                        Apr 23, 2024 08:43:15.851023912 CEST1.1.1.1192.168.2.40xa2e0No error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                        Apr 23, 2024 08:43:16.714895964 CEST1.1.1.1192.168.2.40xf4deName error (3)illitluckygirl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                        Apr 23, 2024 08:43:21.864346981 CEST1.1.1.1192.168.2.40xd0d7Name error (3)illitluckygirl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                        Apr 23, 2024 08:43:26.676275015 CEST1.1.1.1192.168.2.40x845Name error (3)illitluckygirl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                        Apr 23, 2024 08:43:31.711483955 CEST1.1.1.1192.168.2.40x65e0Name error (3)illitluckygirl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                        Apr 23, 2024 08:43:36.711167097 CEST1.1.1.1192.168.2.40x3f61Name error (3)illitluckygirl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                        Apr 23, 2024 08:43:41.679347038 CEST1.1.1.1192.168.2.40x1e5bName error (3)illitluckygirl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                        Apr 23, 2024 08:43:46.676953077 CEST1.1.1.1192.168.2.40xf26fName error (3)illitluckygirl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                        Apr 23, 2024 08:43:51.678895950 CEST1.1.1.1192.168.2.40x190cName error (3)illitluckygirl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                        Apr 23, 2024 08:43:56.692236900 CEST1.1.1.1192.168.2.40xb3c7Name error (3)illitluckygirl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                        Apr 23, 2024 08:44:01.679141998 CEST1.1.1.1192.168.2.40x6660Name error (3)illitluckygirl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                        Apr 23, 2024 08:44:06.677385092 CEST1.1.1.1192.168.2.40x6c04Name error (3)illitluckygirl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                        Apr 23, 2024 08:44:11.710407019 CEST1.1.1.1192.168.2.40x407fName error (3)illitluckygirl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                        Apr 23, 2024 08:44:16.675872087 CEST1.1.1.1192.168.2.40xd0b7Name error (3)illitluckygirl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                        Apr 23, 2024 08:44:21.732203960 CEST1.1.1.1192.168.2.40x8932Name error (3)illitluckygirl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                        Apr 23, 2024 08:44:26.692007065 CEST1.1.1.1192.168.2.40x551eName error (3)illitluckygirl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                        Apr 23, 2024 08:44:31.849442005 CEST1.1.1.1192.168.2.40x8Name error (3)illitluckygirl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                        Apr 23, 2024 08:44:36.677700043 CEST1.1.1.1192.168.2.40x1845Name error (3)illitluckygirl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                        Apr 23, 2024 08:44:41.679013014 CEST1.1.1.1192.168.2.40x1ad4Name error (3)illitluckygirl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                        Apr 23, 2024 08:44:46.676953077 CEST1.1.1.1192.168.2.40xa9f2Name error (3)illitluckygirl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                        Apr 23, 2024 08:44:51.678551912 CEST1.1.1.1192.168.2.40x2f6fName error (3)illitluckygirl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                        Apr 23, 2024 08:44:56.676060915 CEST1.1.1.1192.168.2.40x319bName error (3)illitluckygirl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                        Apr 23, 2024 08:45:01.712510109 CEST1.1.1.1192.168.2.40x8fdcName error (3)illitluckygirl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                        Apr 23, 2024 08:45:06.676611900 CEST1.1.1.1192.168.2.40xde2eName error (3)illitluckygirl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                        Apr 23, 2024 08:45:11.676433086 CEST1.1.1.1192.168.2.40x6d76Name error (3)illitluckygirl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                        Apr 23, 2024 08:45:16.676398039 CEST1.1.1.1192.168.2.40xeebdName error (3)illitluckygirl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                        Apr 23, 2024 08:45:21.797451019 CEST1.1.1.1192.168.2.40x7982Name error (3)illitluckygirl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                        Apr 23, 2024 08:45:26.676563025 CEST1.1.1.1192.168.2.40xeaecName error (3)illitluckygirl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                        Apr 23, 2024 08:45:31.676742077 CEST1.1.1.1192.168.2.40x6c51Name error (3)illitluckygirl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                        Apr 23, 2024 08:45:36.675966024 CEST1.1.1.1192.168.2.40xf7a8Name error (3)illitluckygirl.comnonenoneA (IP address)IN (0x0001)false

                                                                                                                                                                        HTTP Request Dependency Graph

                                                                                                                                                                        • chrome.cloudflare-dns.com

                                                                                                                                                                        HTTPS Proxied Packets

                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        0192.168.2.449742162.159.61.34437572C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exe
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        2024-04-23 06:43:12 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                        Host: chrome.cloudflare-dns.com
                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                        Content-Length: 128
                                                                                                                                                                        Accept: application/dns-message
                                                                                                                                                                        Accept-Language: *
                                                                                                                                                                        User-Agent: Chrome
                                                                                                                                                                        Accept-Encoding: identity
                                                                                                                                                                        Content-Type: application/dns-message
                                                                                                                                                                        2024-04-23 06:43:12 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                        Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                        2024-04-23 06:43:12 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                        Date: Tue, 23 Apr 2024 06:43:12 GMT
                                                                                                                                                                        Content-Type: application/dns-message
                                                                                                                                                                        Connection: close
                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                        Content-Length: 468
                                                                                                                                                                        CF-RAY: 878be0c38963727a-EWR
                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                        2024-04-23 06:43:12 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 b9 00 04 8e fb 28 a3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                        Data Ascii: wwwgstaticcom()


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        1192.168.2.449743162.159.61.34434088C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exe
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        2024-04-23 06:43:16 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                        Host: chrome.cloudflare-dns.com
                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                        Content-Length: 128
                                                                                                                                                                        Accept: application/dns-message
                                                                                                                                                                        Accept-Language: *
                                                                                                                                                                        User-Agent: Chrome
                                                                                                                                                                        Accept-Encoding: identity
                                                                                                                                                                        Content-Type: application/dns-message
                                                                                                                                                                        2024-04-23 06:43:16 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                        Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                        2024-04-23 06:43:16 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                        Date: Tue, 23 Apr 2024 06:43:16 GMT
                                                                                                                                                                        Content-Type: application/dns-message
                                                                                                                                                                        Connection: close
                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                        Content-Length: 468
                                                                                                                                                                        CF-RAY: 878be0da5983c32d-EWR
                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                        2024-04-23 06:43:16 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 fb 00 04 8e fa 51 e3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                        Data Ascii: wwwgstaticcomQ)


                                                                                                                                                                        Statistics

                                                                                                                                                                        CPU Usage

                                                                                                                                                                        Click to jump to process

                                                                                                                                                                        Memory Usage

                                                                                                                                                                        Click to jump to process

                                                                                                                                                                        High Level Behavior Distribution

                                                                                                                                                                        Click to dive into process behavior distribution

                                                                                                                                                                        Behavior

                                                                                                                                                                        Click to jump to process

                                                                                                                                                                        System Behavior

                                                                                                                                                                        General

                                                                                                                                                                        Target ID:0
                                                                                                                                                                        Start time:08:42:30
                                                                                                                                                                        Start date:23/04/2024
                                                                                                                                                                        Path:C:\Users\user\Desktop\ShadowFury.exe
                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                        Commandline:"C:\Users\user\Desktop\ShadowFury.exe"
                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                        File size:78'038'194 bytes
                                                                                                                                                                        MD5 hash:AB51093CC7EE1F15124B3E33C5B29FF0
                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                        Reputation:low
                                                                                                                                                                        Has exited:true

                                                                                                                                                                        General

                                                                                                                                                                        Target ID:4
                                                                                                                                                                        Start time:08:42:55
                                                                                                                                                                        Start date:23/04/2024
                                                                                                                                                                        Path:C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exe
                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                        Commandline:"C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exe"
                                                                                                                                                                        Imagebase:0x1b0000
                                                                                                                                                                        File size:138'321'408 bytes
                                                                                                                                                                        MD5 hash:40C4CD50211B681DD8FB792E61C1528A
                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                        Antivirus matches:
                                                                                                                                                                        • Detection: 3%, Virustotal, Browse
                                                                                                                                                                        • Detection: 0%, ReversingLabs
                                                                                                                                                                        Reputation:low
                                                                                                                                                                        Has exited:false

                                                                                                                                                                        General

                                                                                                                                                                        Target ID:7
                                                                                                                                                                        Start time:08:42:58
                                                                                                                                                                        Start date:23/04/2024
                                                                                                                                                                        Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /d /s /c "chcp"
                                                                                                                                                                        Imagebase:0x240000
                                                                                                                                                                        File size:236'544 bytes
                                                                                                                                                                        MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                        Reputation:high
                                                                                                                                                                        Has exited:true

                                                                                                                                                                        General

                                                                                                                                                                        Target ID:8
                                                                                                                                                                        Start time:08:42:58
                                                                                                                                                                        Start date:23/04/2024
                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                        Imagebase:0xce0000
                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                        Reputation:high
                                                                                                                                                                        Has exited:true

                                                                                                                                                                        General

                                                                                                                                                                        Target ID:9
                                                                                                                                                                        Start time:08:42:58
                                                                                                                                                                        Start date:23/04/2024
                                                                                                                                                                        Path:C:\Windows\SysWOW64\chcp.com
                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                        Commandline:chcp
                                                                                                                                                                        Imagebase:0x30000
                                                                                                                                                                        File size:12'800 bytes
                                                                                                                                                                        MD5 hash:20A59FB950D8A191F7D35C4CA7DA9CAF
                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                        Reputation:moderate
                                                                                                                                                                        Has exited:true

                                                                                                                                                                        General

                                                                                                                                                                        Target ID:10
                                                                                                                                                                        Start time:08:42:58
                                                                                                                                                                        Start date:23/04/2024
                                                                                                                                                                        Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /d /s /c "echo %COMPUTERNAME%.%USERDNSDOMAIN%"
                                                                                                                                                                        Imagebase:0x240000
                                                                                                                                                                        File size:236'544 bytes
                                                                                                                                                                        MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                        Reputation:high
                                                                                                                                                                        Has exited:true

                                                                                                                                                                        General

                                                                                                                                                                        Target ID:11
                                                                                                                                                                        Start time:08:42:58
                                                                                                                                                                        Start date:23/04/2024
                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                        Reputation:high
                                                                                                                                                                        Has exited:true

                                                                                                                                                                        General

                                                                                                                                                                        Target ID:12
                                                                                                                                                                        Start time:08:42:58
                                                                                                                                                                        Start date:23/04/2024
                                                                                                                                                                        Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                        Commandline:powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
                                                                                                                                                                        Imagebase:0xfb0000
                                                                                                                                                                        File size:433'152 bytes
                                                                                                                                                                        MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                        Reputation:high
                                                                                                                                                                        Has exited:true

                                                                                                                                                                        General

                                                                                                                                                                        Target ID:13
                                                                                                                                                                        Start time:08:42:58
                                                                                                                                                                        Start date:23/04/2024
                                                                                                                                                                        Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                        Commandline:powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
                                                                                                                                                                        Imagebase:0xfb0000
                                                                                                                                                                        File size:433'152 bytes
                                                                                                                                                                        MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                        Reputation:high
                                                                                                                                                                        Has exited:true

                                                                                                                                                                        General

                                                                                                                                                                        Target ID:14
                                                                                                                                                                        Start time:08:42:58
                                                                                                                                                                        Start date:23/04/2024
                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                        Reputation:high
                                                                                                                                                                        Has exited:true

                                                                                                                                                                        General

                                                                                                                                                                        Target ID:15
                                                                                                                                                                        Start time:08:42:58
                                                                                                                                                                        Start date:23/04/2024
                                                                                                                                                                        Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                        Commandline:powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
                                                                                                                                                                        Imagebase:0xfb0000
                                                                                                                                                                        File size:433'152 bytes
                                                                                                                                                                        MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                        Reputation:high
                                                                                                                                                                        Has exited:true

                                                                                                                                                                        General

                                                                                                                                                                        Target ID:16
                                                                                                                                                                        Start time:08:42:58
                                                                                                                                                                        Start date:23/04/2024
                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                        Reputation:high
                                                                                                                                                                        Has exited:true

                                                                                                                                                                        General

                                                                                                                                                                        Target ID:17
                                                                                                                                                                        Start time:08:42:58
                                                                                                                                                                        Start date:23/04/2024
                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                        Reputation:high
                                                                                                                                                                        Has exited:true

                                                                                                                                                                        General

                                                                                                                                                                        Target ID:18
                                                                                                                                                                        Start time:08:43:00
                                                                                                                                                                        Start date:23/04/2024
                                                                                                                                                                        Path:C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exe
                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                        Commandline:"C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\ShadowFury" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1972 --field-trial-handle=1976,i,5983286272222929098,2111862597278059386,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
                                                                                                                                                                        Imagebase:0x1b0000
                                                                                                                                                                        File size:138'321'408 bytes
                                                                                                                                                                        MD5 hash:40C4CD50211B681DD8FB792E61C1528A
                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                        Has exited:false

                                                                                                                                                                        General

                                                                                                                                                                        Target ID:19
                                                                                                                                                                        Start time:08:43:05
                                                                                                                                                                        Start date:23/04/2024
                                                                                                                                                                        Path:C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exe
                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                        Commandline:"C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\ShadowFury" --mojo-platform-channel-handle=2136 --field-trial-handle=1976,i,5983286272222929098,2111862597278059386,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
                                                                                                                                                                        Imagebase:0x1b0000
                                                                                                                                                                        File size:138'321'408 bytes
                                                                                                                                                                        MD5 hash:40C4CD50211B681DD8FB792E61C1528A
                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                        Has exited:false

                                                                                                                                                                        General

                                                                                                                                                                        Target ID:20
                                                                                                                                                                        Start time:08:43:05
                                                                                                                                                                        Start date:23/04/2024
                                                                                                                                                                        Path:C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exe
                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                        Commandline:"C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exe"
                                                                                                                                                                        Imagebase:0x1b0000
                                                                                                                                                                        File size:138'321'408 bytes
                                                                                                                                                                        MD5 hash:40C4CD50211B681DD8FB792E61C1528A
                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                        Has exited:false

                                                                                                                                                                        General

                                                                                                                                                                        Target ID:21
                                                                                                                                                                        Start time:08:43:07
                                                                                                                                                                        Start date:23/04/2024
                                                                                                                                                                        Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /d /s /c "chcp"
                                                                                                                                                                        Imagebase:0x240000
                                                                                                                                                                        File size:236'544 bytes
                                                                                                                                                                        MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                        Has exited:true

                                                                                                                                                                        General

                                                                                                                                                                        Target ID:22
                                                                                                                                                                        Start time:08:43:07
                                                                                                                                                                        Start date:23/04/2024
                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                        Has exited:true

                                                                                                                                                                        General

                                                                                                                                                                        Target ID:23
                                                                                                                                                                        Start time:08:43:07
                                                                                                                                                                        Start date:23/04/2024
                                                                                                                                                                        Path:C:\Windows\SysWOW64\chcp.com
                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                        Commandline:chcp
                                                                                                                                                                        Imagebase:0x30000
                                                                                                                                                                        File size:12'800 bytes
                                                                                                                                                                        MD5 hash:20A59FB950D8A191F7D35C4CA7DA9CAF
                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                        Has exited:true

                                                                                                                                                                        General

                                                                                                                                                                        Target ID:24
                                                                                                                                                                        Start time:08:43:07
                                                                                                                                                                        Start date:23/04/2024
                                                                                                                                                                        Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /d /s /c "echo %COMPUTERNAME%.%USERDNSDOMAIN%"
                                                                                                                                                                        Imagebase:0x240000
                                                                                                                                                                        File size:236'544 bytes
                                                                                                                                                                        MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                        Has exited:true

                                                                                                                                                                        General

                                                                                                                                                                        Target ID:25
                                                                                                                                                                        Start time:08:43:07
                                                                                                                                                                        Start date:23/04/2024
                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                        Has exited:true

                                                                                                                                                                        General

                                                                                                                                                                        Target ID:26
                                                                                                                                                                        Start time:08:43:07
                                                                                                                                                                        Start date:23/04/2024
                                                                                                                                                                        Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                        Commandline:powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
                                                                                                                                                                        Imagebase:0xfb0000
                                                                                                                                                                        File size:433'152 bytes
                                                                                                                                                                        MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                        Has exited:true

                                                                                                                                                                        General

                                                                                                                                                                        Target ID:27
                                                                                                                                                                        Start time:08:43:07
                                                                                                                                                                        Start date:23/04/2024
                                                                                                                                                                        Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                        Commandline:powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
                                                                                                                                                                        Imagebase:0xfb0000
                                                                                                                                                                        File size:433'152 bytes
                                                                                                                                                                        MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                        Has exited:true

                                                                                                                                                                        General

                                                                                                                                                                        Target ID:28
                                                                                                                                                                        Start time:08:43:07
                                                                                                                                                                        Start date:23/04/2024
                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                        Has exited:true

                                                                                                                                                                        General

                                                                                                                                                                        Target ID:29
                                                                                                                                                                        Start time:08:43:07
                                                                                                                                                                        Start date:23/04/2024
                                                                                                                                                                        Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                        Commandline:powershell.exe -NoProfile -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -
                                                                                                                                                                        Imagebase:0xfb0000
                                                                                                                                                                        File size:433'152 bytes
                                                                                                                                                                        MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                        Has exited:true

                                                                                                                                                                        General

                                                                                                                                                                        Target ID:30
                                                                                                                                                                        Start time:08:43:07
                                                                                                                                                                        Start date:23/04/2024
                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                        Has exited:true

                                                                                                                                                                        General

                                                                                                                                                                        Target ID:31
                                                                                                                                                                        Start time:08:43:07
                                                                                                                                                                        Start date:23/04/2024
                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                        Has exited:true

                                                                                                                                                                        General

                                                                                                                                                                        Target ID:32
                                                                                                                                                                        Start time:08:43:08
                                                                                                                                                                        Start date:23/04/2024
                                                                                                                                                                        Path:C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exe
                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                        Commandline:"C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\ShadowFury" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1968 --field-trial-handle=1972,i,18180359127166526210,17872614602038801051,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
                                                                                                                                                                        Imagebase:0x1b0000
                                                                                                                                                                        File size:138'321'408 bytes
                                                                                                                                                                        MD5 hash:40C4CD50211B681DD8FB792E61C1528A
                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                        Has exited:false

                                                                                                                                                                        General

                                                                                                                                                                        Target ID:33
                                                                                                                                                                        Start time:08:43:09
                                                                                                                                                                        Start date:23/04/2024
                                                                                                                                                                        Path:C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exe
                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                        Commandline:"C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\ShadowFury" --mojo-platform-channel-handle=2164 --field-trial-handle=1972,i,18180359127166526210,17872614602038801051,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
                                                                                                                                                                        Imagebase:0x1b0000
                                                                                                                                                                        File size:138'321'408 bytes
                                                                                                                                                                        MD5 hash:40C4CD50211B681DD8FB792E61C1528A
                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                        Has exited:false

                                                                                                                                                                        General

                                                                                                                                                                        Target ID:34
                                                                                                                                                                        Start time:08:43:10
                                                                                                                                                                        Start date:23/04/2024
                                                                                                                                                                        Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /d /s /c "findstr /C:"Detected boot environment" "%windir%\Panther\setupact.log""
                                                                                                                                                                        Imagebase:0x240000
                                                                                                                                                                        File size:236'544 bytes
                                                                                                                                                                        MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                        Has exited:true

                                                                                                                                                                        General

                                                                                                                                                                        Target ID:35
                                                                                                                                                                        Start time:08:43:10
                                                                                                                                                                        Start date:23/04/2024
                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                        Has exited:true

                                                                                                                                                                        General

                                                                                                                                                                        Target ID:36
                                                                                                                                                                        Start time:08:43:10
                                                                                                                                                                        Start date:23/04/2024
                                                                                                                                                                        Path:C:\Windows\SysWOW64\findstr.exe
                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                        Commandline:findstr /C:"Detected boot environment" "C:\Windows\Panther\setupact.log"
                                                                                                                                                                        Imagebase:0xe0000
                                                                                                                                                                        File size:29'696 bytes
                                                                                                                                                                        MD5 hash:F1D4BE0E99EC734376FDE474A8D4EA3E
                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                        Has exited:true

                                                                                                                                                                        General

                                                                                                                                                                        Target ID:37
                                                                                                                                                                        Start time:08:43:19
                                                                                                                                                                        Start date:23/04/2024
                                                                                                                                                                        Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /d /s /c "findstr /C:"Detected boot environment" "%windir%\Panther\setupact.log""
                                                                                                                                                                        Imagebase:0x240000
                                                                                                                                                                        File size:236'544 bytes
                                                                                                                                                                        MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                        Has exited:true

                                                                                                                                                                        General

                                                                                                                                                                        Target ID:38
                                                                                                                                                                        Start time:08:43:19
                                                                                                                                                                        Start date:23/04/2024
                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                        Has exited:true

                                                                                                                                                                        General

                                                                                                                                                                        Target ID:39
                                                                                                                                                                        Start time:08:43:19
                                                                                                                                                                        Start date:23/04/2024
                                                                                                                                                                        Path:C:\Windows\SysWOW64\findstr.exe
                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                        Commandline:findstr /C:"Detected boot environment" "C:\Windows\Panther\setupact.log"
                                                                                                                                                                        Imagebase:0xe0000
                                                                                                                                                                        File size:29'696 bytes
                                                                                                                                                                        MD5 hash:F1D4BE0E99EC734376FDE474A8D4EA3E
                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                        Has exited:true

                                                                                                                                                                        General

                                                                                                                                                                        Target ID:41
                                                                                                                                                                        Start time:08:45:00
                                                                                                                                                                        Start date:23/04/2024
                                                                                                                                                                        Path:C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exe
                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                        Commandline:"C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\user\AppData\Roaming\ShadowFury" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1808 --field-trial-handle=1976,i,5983286272222929098,2111862597278059386,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
                                                                                                                                                                        Imagebase:0x1b0000
                                                                                                                                                                        File size:138'321'408 bytes
                                                                                                                                                                        MD5 hash:40C4CD50211B681DD8FB792E61C1528A
                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                        Has exited:true

                                                                                                                                                                        General

                                                                                                                                                                        Target ID:42
                                                                                                                                                                        Start time:08:45:08
                                                                                                                                                                        Start date:23/04/2024
                                                                                                                                                                        Path:C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exe
                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                        Commandline:"C:\Users\user\AppData\Local\Programs\ShadowFury\ShadowFury.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\user\AppData\Roaming\ShadowFury" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1444 --field-trial-handle=1972,i,18180359127166526210,17872614602038801051,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
                                                                                                                                                                        Imagebase:0x1b0000
                                                                                                                                                                        File size:138'321'408 bytes
                                                                                                                                                                        MD5 hash:40C4CD50211B681DD8FB792E61C1528A
                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                        Has exited:true

                                                                                                                                                                        Disassembly

                                                                                                                                                                        No disassembly