Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
EasyWay.exe

Overview

General Information

Sample name:EasyWay.exe
Analysis ID:1632998
MD5:c126b002c65e7cac9125b42ed946fb46
SHA1:d58c2ec7ecd3823afcde4f9f32d8d44fee253247
SHA256:38d0913c2700b23f2e7f8196d570b3112ecc205651cab4f079e53a93b81be5f3
Tags:exeuser-TornadoAV_dev
Infos:

Detection

LummaC Stealer
Score:100
Range:0 - 100
Confidence:100%

Signatures

Antivirus detection for URL or domain
Multi AV Scanner detection for submitted file
Yara detected LummaC Stealer
Contains functionality to inject code into remote processes
Found many strings related to Crypto-Wallets (likely being stolen)
Injects a PE file into a foreign processes
Joe Sandbox ML detected suspicious sample
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Query firmware table information (likely to detect VMs)
Sample uses string decryption to hide its real strings
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
AV process strings found (often used to terminate AV products)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to modify clipboard data
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to record screenshots
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Searches for user specific document files
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer

Classification

Process Tree

  • System is w10x64
  • EasyWay.exe (PID: 8620 cmdline: "C:\Users\user\Desktop\EasyWay.exe" MD5: C126B002C65E7CAC9125B42ED946FB46)
    • conhost.exe (PID: 8632 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • EasyWay.exe (PID: 8676 cmdline: "C:\Users\user\Desktop\EasyWay.exe" MD5: C126B002C65E7CAC9125B42ED946FB46)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000002.00000003.2391723882.000000000146F000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
    00000002.00000003.2244122202.000000000145F000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
      00000002.00000003.2318388888.000000000145F000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        00000002.00000003.2280734084.000000000145F000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          00000002.00000003.2319117549.000000000145F000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            Click to see the 10 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            2.2.EasyWay.exe.400000.0.raw.unpackJoeSecurity_LummaCStealer_4Yara detected LummaC StealerJoe Security
              2.2.EasyWay.exe.400000.0.unpackJoeSecurity_LummaCStealer_4Yara detected LummaC StealerJoe Security

                Sigma Signatures

                No Sigma rule has matched

                Suricata Signatures

                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2025-03-09T15:33:14.296017+010020283713Unknown Traffic192.168.2.549710149.154.167.99443TCP
                2025-03-09T15:33:19.240689+010020283713Unknown Traffic192.168.2.549711172.67.205.192443TCP
                2025-03-09T15:33:32.249369+010020283713Unknown Traffic192.168.2.549716172.67.205.192443TCP
                2025-03-09T15:33:36.607605+010020283713Unknown Traffic192.168.2.549719188.114.97.3443TCP
                2025-03-09T15:33:44.719390+010020283713Unknown Traffic192.168.2.549724104.21.64.1443TCP
                2025-03-09T15:33:53.008721+010020283713Unknown Traffic192.168.2.549727188.114.97.3443TCP
                2025-03-09T15:34:01.637925+010020283713Unknown Traffic192.168.2.549730188.114.97.3443TCP
                2025-03-09T15:34:09.990125+010020283713Unknown Traffic192.168.2.549733104.21.80.1443TCP
                2025-03-09T15:34:18.558736+010020283713Unknown Traffic192.168.2.549737104.21.112.1443TCP
                2025-03-09T15:34:26.910812+010020283713Unknown Traffic192.168.2.549740104.21.112.1443TCP
                2025-03-09T15:34:33.510276+010020283713Unknown Traffic192.168.2.54974323.197.127.21443TCP
                2025-03-09T15:34:36.855284+010020283713Unknown Traffic192.168.2.549744188.114.96.3443TCP
                2025-03-09T15:34:40.467825+010020283713Unknown Traffic192.168.2.54974523.197.127.21443TCP
                2025-03-09T15:34:43.987147+010020283713Unknown Traffic192.168.2.549746188.114.96.3443TCP
                2025-03-09T15:34:47.609075+010020283713Unknown Traffic192.168.2.54974723.197.127.21443TCP
                2025-03-09T15:34:50.882478+010020283713Unknown Traffic192.168.2.549748188.114.96.3443TCP
                2025-03-09T15:34:55.172383+010020283713Unknown Traffic192.168.2.54974923.197.127.21443TCP
                2025-03-09T15:34:58.427510+010020283713Unknown Traffic192.168.2.549750188.114.96.3443TCP
                2025-03-09T15:35:03.269083+010020283713Unknown Traffic192.168.2.54975123.197.127.21443TCP
                2025-03-09T15:35:06.565860+010020283713Unknown Traffic192.168.2.549752188.114.96.3443TCP
                2025-03-09T15:35:10.723080+010020283713Unknown Traffic192.168.2.54975323.197.127.21443TCP
                2025-03-09T15:35:13.997193+010020283713Unknown Traffic192.168.2.549754188.114.96.3443TCP
                2025-03-09T15:35:19.018803+010020283713Unknown Traffic192.168.2.54975523.192.247.89443TCP
                2025-03-09T15:35:22.568098+010020283713Unknown Traffic192.168.2.549756188.114.96.3443TCP

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Antivirus detection for URL or domain
                Source: https://sterpickced.digital/plSOz9FAvira URL Cloud: Label: malware
                Source: https://sterpickced.digital/Avira URL Cloud: Label: malware
                Multi AV Scanner detection for submitted file
                Source: EasyWay.exeVirustotal: Detection: 34%Perma Link
                Source: EasyWay.exeReversingLabs: Detection: 39%
                Joe Sandbox ML detected suspicious sample
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.2% probability
                Sample uses string decryption to hide its real strings
                Source: 00000000.00000002.1310600652.0000000000C7A000.00000004.00000020.00020000.00000000.sdmpString decryptor: astralconnec.icu/DPowko
                Source: 00000000.00000002.1310600652.0000000000C7A000.00000004.00000020.00020000.00000000.sdmpString decryptor: begindecafer.world/QwdZdf
                Source: 00000000.00000002.1310600652.0000000000C7A000.00000004.00000020.00020000.00000000.sdmpString decryptor: garagedrootz.top/oPsoJAN
                Source: 00000000.00000002.1310600652.0000000000C7A000.00000004.00000020.00020000.00000000.sdmpString decryptor: modelshiverd.icu/bJhnsj
                Source: 00000000.00000002.1310600652.0000000000C7A000.00000004.00000020.00020000.00000000.sdmpString decryptor: arisechairedd.shop/JnsHY
                Source: 00000000.00000002.1310600652.0000000000C7A000.00000004.00000020.00020000.00000000.sdmpString decryptor: catterjur.run/boSnzhu
                Source: 00000000.00000002.1310600652.0000000000C7A000.00000004.00000020.00020000.00000000.sdmpString decryptor: orangemyther.live/IozZ
                Source: 00000000.00000002.1310600652.0000000000C7A000.00000004.00000020.00020000.00000000.sdmpString decryptor: fostinjec.today/LksNAz
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_0041F853 CryptUnprotectData,2_2_0041F853
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_0041EB15 CryptUnprotectData,2_2_0041EB15
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_00420409 CryptUnprotectData,2_2_00420409
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_0041EB15 CryptUnprotectData,2_2_0041EB15
                Source: EasyWay.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: unknownHTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.5:49710 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 23.197.127.21:443 -> 192.168.2.5:49743 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:49744 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 23.197.127.21:443 -> 192.168.2.5:49745 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:49746 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 23.197.127.21:443 -> 192.168.2.5:49747 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:49748 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 23.197.127.21:443 -> 192.168.2.5:49749 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:49750 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 23.197.127.21:443 -> 192.168.2.5:49751 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:49752 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 23.197.127.21:443 -> 192.168.2.5:49753 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:49754 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 23.192.247.89:443 -> 192.168.2.5:49755 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:49756 version: TLS 1.2
                Source: EasyWay.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_0057AA8E FindFirstFileExW,0_2_0057AA8E
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_0057AB3F FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_0057AB3F
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_0057AA8E FindFirstFileExW,2_2_0057AA8E
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_0057AB3F FindFirstFileExW,FindNextFileW,FindClose,FindClose,2_2_0057AB3F
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 4x nop then cmp word ptr [edi+ebx], 0000h2_2_0044D050
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 4x nop then mov edx, dword ptr [ecx+esi+3Ch]2_2_00448810
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx]2_2_0044E270
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx-41150A26h]2_2_0040DA90
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], 93A82FD1h2_2_0041EB15
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 4x nop then mov edi, eax2_2_00420409
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 4x nop then lea eax, dword ptr [edi+04h]2_2_00420409
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 4x nop then mov byte ptr [ebx], al2_2_00437C3B
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 4x nop then cmp dword ptr [ebp+ebx*8+00h], 5F115B3Dh2_2_0044DCE0
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+50h]2_2_00444C80
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 4x nop then movzx eax, byte ptr [esp+ecx+50h]2_2_00444C80
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 4x nop then movzx ecx, byte ptr [esp+ebp+4Ch]2_2_0040F560
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax-475591A2h]2_2_00430560
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax-66954A28h]2_2_00430560
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx+7Ch]2_2_00438510
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax-002B3584h]2_2_0041AD30
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax-63AEBA9Ch]2_2_00421670
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax-63AEBAACh]2_2_00421670
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 4x nop then mov word ptr [edi], cx2_2_0042A850
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 4x nop then mov byte ptr [ebx], al2_2_00438055
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 4x nop then mov byte ptr [ebx], al2_2_0043806B
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+34h]2_2_00433810
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax-3C0FFEB8h]2_2_004468A0
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 4x nop then mov byte ptr [eax], cl2_2_0041B949
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 4x nop then movzx ecx, byte ptr [esi+eax-63AEBA9Ch]2_2_0041B949
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 4x nop then mov word ptr [edx], cx2_2_0041B949
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 93A82FD1h2_2_0043215F
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax-669549ECh]2_2_0043215F
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 4x nop then mov ecx, dword ptr [edx+eax]2_2_0043215F
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 4x nop then movzx eax, byte ptr [esp+edx-04A90FF0h]2_2_00445960
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax-2196A972h]2_2_00449130
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax-0424B4BAh]2_2_004379C1
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], 93A82FD1h2_2_0041EB15
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 4x nop then mov eax, dword ptr [edi+0Ch]2_2_004019E0
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax+24h]2_2_004309F0
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 4x nop then mov esi, ecx2_2_00424980
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 4x nop then movzx ecx, byte ptr [esi+eax-63AEBA9Ch]2_2_0041D19D
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 93A82FD1h2_2_004321AE
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax-669549ECh]2_2_004321AE
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], 93A82FD1h2_2_0041F9BA
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 4x nop then mov edx, ecx2_2_00423A40
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 4x nop then mov edx, ecx2_2_00423A40
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 4x nop then mov ebp, eax2_2_00408A70
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 4x nop then movzx ecx, byte ptr [esi+eax-63AEBA9Ch]2_2_0041D27A
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 4x nop then movzx ebx, byte ptr [ecx+edx]2_2_00426A30
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 4x nop then add eax, dword ptr [esp+ecx*4+24h]2_2_0040A2F0
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 4x nop then movzx ecx, word ptr [edi+esi*4]2_2_0040A2F0
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 93A82FD1h2_2_00432288
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax-669549ECh]2_2_00432288
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 4x nop then jmp eax2_2_00432297
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax+1Ch]2_2_0042A370
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 4x nop then mov dword ptr [esp], edx2_2_00436300
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 4x nop then jmp eax2_2_0041E333
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax-0424B4BAh]2_2_004379BC
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+34h]2_2_00433810
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 4x nop then movzx ecx, byte ptr [esi+eax-63AEBA9Ch]2_2_004203F9
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 4x nop then movsx eax, byte ptr [esi+ecx]2_2_0041AC70
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 4x nop then mov word ptr [eax], cx2_2_00433400
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 4x nop then cmp dword ptr [edx+ecx*8], B7070F87h2_2_004124CB
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 4x nop then push eax2_2_00445CD0
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 4x nop then mov eax, dword ptr [esp+08h]2_2_0042DCF2
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 4x nop then movzx ecx, byte ptr [ebp+eax-66954A54h]2_2_0042FC8D
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 4x nop then movzx ecx, byte ptr [ebp+eax-66954A54h]2_2_0042FC8D
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 4x nop then mov dword ptr [esi+08h], ecx2_2_0041C4B2
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 4x nop then cmp word ptr [edi+eax+02h], 0000h2_2_00429D30
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 4x nop then mov word ptr [ebp+00h], cx2_2_00429D30
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 4x nop then mov byte ptr [ecx], al2_2_004375F5
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 4x nop then cmp dword ptr [edx+ebx*8], 744E5843h2_2_00448D90
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 4x nop then jmp ecx2_2_00412D99
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 4x nop then movzx esi, byte ptr [esp+edx-2196A97Ah]2_2_0040C630
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx+08h]2_2_0040C630
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 4x nop then mov byte ptr [eax], cl2_2_0040C630
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax]2_2_0044E6C0
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 4x nop then movzx eax, ax2_2_0040BED0
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 4x nop then cmp word ptr [eax+ecx+02h], 0000h2_2_004206D3
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 4x nop then movzx ecx, byte ptr [ebp+eax-66954AA0h]2_2_004336E0
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 4x nop then movzx esi, byte ptr [esp+eax+6E8E4488h]2_2_00428680
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 4x nop then mov word ptr [eax], dx2_2_00428680
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 4x nop then movzx ecx, byte ptr [esi+eax-63AEBA9Ch]2_2_0041D6BE
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 4x nop then movzx ecx, byte ptr [esi+eax-63AEBA9Ch]2_2_0041D6BE
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 4x nop then movzx ecx, byte ptr [esi+eax-63AEBA9Ch]2_2_0041D6BE
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 4x nop then movzx ecx, byte ptr [esi+eax-63AEBA9Ch]2_2_0041D6BE
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 4x nop then push eax2_2_00432742
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 4x nop then jmp ecx2_2_00412F58
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 4x nop then mov edx, ecx2_2_00423F60
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 4x nop then movzx ecx, byte ptr [esi+eax-63AEBA9Ch]2_2_0041CF02
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 4x nop then movzx ebx, byte ptr [edx]2_2_00441F00
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 4x nop then mov ebx, dword ptr [edi+04h]2_2_00434720
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 4x nop then mov edx, ecx2_2_004237C0
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx+7ED98958h]2_2_0042D790
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 4x nop then movzx edi, byte ptr [ecx+esi]2_2_004027A0
                Source: global trafficHTTP traffic detected: GET /asdawfq HTTP/1.1Connection: Keep-AliveHost: t.me
                Source: global trafficHTTP traffic detected: GET /profiles/76561199822375128 HTTP/1.1Connection: Keep-AliveHost: steamcommunity.com
                Source: global trafficHTTP traffic detected: GET /profiles/76561199822375128 HTTP/1.1Connection: Keep-AliveHost: steamcommunity.com
                Source: global trafficHTTP traffic detected: GET /profiles/76561199822375128 HTTP/1.1Connection: Keep-AliveHost: steamcommunity.com
                Source: global trafficHTTP traffic detected: GET /profiles/76561199822375128 HTTP/1.1Connection: Keep-AliveHost: steamcommunity.com
                Source: global trafficHTTP traffic detected: GET /profiles/76561199822375128 HTTP/1.1Connection: Keep-AliveHost: steamcommunity.com
                Source: global trafficHTTP traffic detected: GET /profiles/76561199822375128 HTTP/1.1Connection: Keep-AliveHost: steamcommunity.com
                Source: global trafficHTTP traffic detected: GET /profiles/76561199822375128 HTTP/1.1Connection: Keep-AliveHost: steamcommunity.com
                Source: Joe Sandbox ViewIP Address: 104.21.112.1 104.21.112.1
                Source: Joe Sandbox ViewIP Address: 104.21.112.1 104.21.112.1
                Source: Joe Sandbox ViewIP Address: 188.114.97.3 188.114.97.3
                Source: Joe Sandbox ViewIP Address: 188.114.97.3 188.114.97.3
                Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
                Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49710 -> 149.154.167.99:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49711 -> 172.67.205.192:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49724 -> 104.21.64.1:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49745 -> 23.197.127.21:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49744 -> 188.114.96.3:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49727 -> 188.114.97.3:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49719 -> 188.114.97.3:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49737 -> 104.21.112.1:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49743 -> 23.197.127.21:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49753 -> 23.197.127.21:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49749 -> 23.197.127.21:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49747 -> 23.197.127.21:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49746 -> 188.114.96.3:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49730 -> 188.114.97.3:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49754 -> 188.114.96.3:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49716 -> 172.67.205.192:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49750 -> 188.114.96.3:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49756 -> 188.114.96.3:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49752 -> 188.114.96.3:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49740 -> 104.21.112.1:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49755 -> 23.192.247.89:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49733 -> 104.21.80.1:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49751 -> 23.197.127.21:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49748 -> 188.114.96.3:443
                Source: global trafficHTTP traffic detected: POST /aRIsjI HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 65Host: areawannte.bet
                Source: global trafficHTTP traffic detected: POST /aRIsjI HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=vI5WlF4cP8g5sUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 14912Host: areawannte.bet
                Source: global trafficHTTP traffic detected: POST /aRIsjI HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=1HX2NovEODNy4XUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 15066Host: areawannte.bet
                Source: global trafficHTTP traffic detected: POST /aRIsjI HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=Eh77gmM42M5mhUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 20550Host: areawannte.bet
                Source: global trafficHTTP traffic detected: POST /aRIsjI HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=F5P0Gdv2o4FOgVYvD3wUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 2658Host: areawannte.bet
                Source: global trafficHTTP traffic detected: POST /aRIsjI HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=ldI9wjWM0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 571908Host: areawannte.bet
                Source: global trafficHTTP traffic detected: POST /aRIsjI HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 103Host: areawannte.bet
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: global trafficHTTP traffic detected: GET /asdawfq HTTP/1.1Connection: Keep-AliveHost: t.me
                Source: global trafficHTTP traffic detected: GET /profiles/76561199822375128 HTTP/1.1Connection: Keep-AliveHost: steamcommunity.com
                Source: global trafficHTTP traffic detected: GET /profiles/76561199822375128 HTTP/1.1Connection: Keep-AliveHost: steamcommunity.com
                Source: global trafficHTTP traffic detected: GET /profiles/76561199822375128 HTTP/1.1Connection: Keep-AliveHost: steamcommunity.com
                Source: global trafficHTTP traffic detected: GET /profiles/76561199822375128 HTTP/1.1Connection: Keep-AliveHost: steamcommunity.com
                Source: global trafficHTTP traffic detected: GET /profiles/76561199822375128 HTTP/1.1Connection: Keep-AliveHost: steamcommunity.com
                Source: global trafficHTTP traffic detected: GET /profiles/76561199822375128 HTTP/1.1Connection: Keep-AliveHost: steamcommunity.com
                Source: global trafficHTTP traffic detected: GET /profiles/76561199822375128 HTTP/1.1Connection: Keep-AliveHost: steamcommunity.com
                Source: EasyWay.exe, 00000002.00000003.2140006021.000000000146E000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2139928687.000000000146E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowe equals www.youtube.com (Youtube)
                Source: EasyWay.exe, 00000002.00000003.2211280843.0000000001497000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://steamloopback.host https://store.steampowered.com/; equals www.youtube.com (Youtube)
                Source: EasyWay.exe, 00000002.00000003.2211263215.000000000148F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policydefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://steamloopback.host https://store.steampowered.com/;X-Frame-OptionsSAMEORIGINPersistent-AuthWWW-AuthenticateVarysteamCountry=US%7Ce6ae402fcc5ba873ae1c25a90f9e6af3; path=/; secure; HttpOnly; SameSite=Nonesessionid=339c1351618778c4c8c284b5; Path=/; Secure; SameSite=NoneSet-CookienginxServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedMon, 26 Jul 1997 05:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset=UTF-8Content-Type35725Content-LengthAllowWarningViaUpgradeTransfer-EncodingTrailerPragmaKeep-AliveSun, 09 Mar 2025 14:34:41 GMTDateProxy-ConnectioncloseConnectionno-cacheCache-Controlq equals www.youtube.com (Youtube)
                Source: EasyWay.exe, 00000002.00000003.2139928687.0000000001469000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policydefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://steamloopback.host https://store.steampowered.com/;X-Frame-OptionsSAMEORIGINPersistent-AuthWWW-AuthenticateVarysteamCountry=US%7Ce6ae402fcc5ba873ae1c25a90f9e6af3; path=/; secure; HttpOnly; SameSite=Nonesessionid=3485a03b47f472a9a8e61c96; Path=/; Secure; SameSite=NoneSet-CookienginxServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedMon, 26 Jul 1997 05:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset=UTF-8Content-Type35725Content-LengthAllowWarningViaUpgradeTransfer-EncodingTrailerPragmaKeep-AliveSun, 09 Mar 2025 14:34:34 GMTDateProxy-ConnectioncloseConnectionno-cacheCache-Control equals www.youtube.com (Youtube)
                Source: EasyWay.exe, 00000002.00000003.2437118508.0000000001487000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policydefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://steamloopback.host https://store.steampowered.com/;X-Frame-OptionsSAMEORIGINPersistent-AuthWWW-AuthenticateVarysteamCountry=US%7Ce6ae402fcc5ba873ae1c25a90f9e6af3; path=/; secure; HttpOnly; SameSite=Nonesessionid=502368dd9202727faf80563c; Path=/; Secure; SameSite=NoneSet-CookienginxServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedMon, 26 Jul 1997 05:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset=UTF-8Content-Type35725Content-LengthAllowWarningViaUpgradeTransfer-EncodingTrailerPragmaKeep-AliveSun, 09 Mar 2025 14:35:03 GMTDateProxy-ConnectioncloseConnectionno-cacheCache-Control equals www.youtube.com (Youtube)
                Source: EasyWay.exe, 00000002.00000003.2595945495.0000000001476000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policydefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://steamloopback.host https://store.steampowered.com/;X-Frame-OptionsSAMEORIGINPersistent-AuthWWW-AuthenticateVarysteamCountry=US%7Ce6ae402fcc5ba873ae1c25a90f9e6af3; path=/; secure; HttpOnly; SameSite=Nonesessionid=cde167da8b780190946932d8; Path=/; Secure; SameSite=NoneSet-CookienginxServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedMon, 26 Jul 1997 05:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset=UTF-8Content-Type35725Content-LengthAllowWarningViaUpgradeTransfer-EncodingTrailerPragmaKeep-AliveSun, 09 Mar 2025 14:35:19 GMTDateProxy-ConnectioncloseConnectionno-cacheCache-Control2 equals www.youtube.com (Youtube)
                Source: EasyWay.exe, 00000002.00000002.3164103304.0000000003B91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://steamloopback.host https://store.steampowered.com/; equals www.youtube.com (Youtube)
                Source: EasyWay.exe, 00000002.00000003.2139928687.0000000001469000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://steamloopback.host https://store.steampowered.com/; equals www.youtube.com (Youtube)
                Source: EasyWay.exe, 00000002.00000003.2139858898.000000000146F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: red.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://steamloopback.host https://store.steampowered.com/; equals www.youtube.com (Youtube)
                Source: EasyWay.exe, 00000002.00000003.2280655634.0000000001497000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://steamloopback.host https://store.steampowered.com/; equals www.youtube.com (Youtube)
                Source: EasyWay.exe, 00000002.00000003.2242222927.000000000148F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: teampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal. equals www.youtube.com (Youtube)
                Source: global trafficDNS traffic detected: DNS query: t.me
                Source: global trafficDNS traffic detected: DNS query: astralconnec.icu
                Source: global trafficDNS traffic detected: DNS query: begindecafer.world
                Source: global trafficDNS traffic detected: DNS query: garagedrootz.top
                Source: global trafficDNS traffic detected: DNS query: modelshiverd.icu
                Source: global trafficDNS traffic detected: DNS query: arisechairedd.shop
                Source: global trafficDNS traffic detected: DNS query: catterjur.run
                Source: global trafficDNS traffic detected: DNS query: orangemyther.live
                Source: global trafficDNS traffic detected: DNS query: fostinjec.today
                Source: global trafficDNS traffic detected: DNS query: sterpickced.digital
                Source: global trafficDNS traffic detected: DNS query: steamcommunity.com
                Source: global trafficDNS traffic detected: DNS query: areawannte.bet
                Source: unknownHTTP traffic detected: POST /aRIsjI HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 65Host: areawannte.bet
                Source: EasyWay.exe, 00000002.00000003.2139928687.0000000001469000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2211280843.0000000001497000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:27060
                Source: EasyWay.exe, 00000002.00000003.2318994577.0000000003BB2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
                Source: EasyWay.exe, 00000002.00000003.2318994577.0000000003BB2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
                Source: EasyWay.exe, 00000002.00000003.2318994577.0000000003BB2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
                Source: EasyWay.exe, 00000002.00000003.2318994577.0000000003BB2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
                Source: EasyWay.exe, 00000002.00000003.2318994577.0000000003BB2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
                Source: EasyWay.exe, 00000002.00000003.2318994577.0000000003BB2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
                Source: EasyWay.exe, 00000002.00000003.2318994577.0000000003BB2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
                Source: EasyWay.exe, 00000002.00000003.2318994577.0000000003BB2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
                Source: EasyWay.exe, 00000002.00000003.2318994577.0000000003BB2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
                Source: EasyWay.exe, 00000002.00000003.2172211143.0000000001489000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2139858898.000000000146F000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2388294137.0000000003B86000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2437054119.0000000001497000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595945495.0000000001473000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2211189984.0000000003B89000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595842450.0000000001471000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280625387.000000000149C000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2211189984.0000000003B90000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2437118508.0000000001473000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2211220870.00000000014A1000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2242006834.0000000003B90000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2437184849.0000000001461000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2140006021.0000000001480000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2596040246.000000000145F000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280700438.0000000003B86000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595651010.0000000003D81000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2139981226.0000000001461000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2596110310.0000000001461000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280534106.0000000003BA5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2139858898.0000000001477000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
                Source: EasyWay.exe, 00000002.00000003.2172211143.0000000001489000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2139858898.000000000146F000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2388294137.0000000003B86000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2437054119.0000000001497000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595945495.0000000001473000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2211189984.0000000003B89000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595842450.0000000001471000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280625387.000000000149C000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2211189984.0000000003B90000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2437118508.0000000001473000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2211220870.00000000014A1000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2242006834.0000000003B90000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2437184849.0000000001461000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2140006021.0000000001480000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2596040246.000000000145F000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280700438.0000000003B86000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595651010.0000000003D81000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2139981226.0000000001461000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2596110310.0000000001461000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280534106.0000000003BA5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2139858898.0000000001477000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/privacy_agreement/
                Source: EasyWay.exe, 00000002.00000003.2172211143.0000000001489000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2139858898.000000000146F000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2388294137.0000000003B86000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2437054119.0000000001497000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595945495.0000000001473000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2211189984.0000000003B89000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595842450.0000000001471000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280625387.000000000149C000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2211189984.0000000003B90000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2437118508.0000000001473000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2211220870.00000000014A1000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2242006834.0000000003B90000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2437184849.0000000001461000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2140006021.0000000001480000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2596040246.000000000145F000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280700438.0000000003B86000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595651010.0000000003D81000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2139981226.0000000001461000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2596110310.0000000001461000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280534106.0000000003BA5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2139858898.0000000001477000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/subscriber_agreement/
                Source: EasyWay.exe, 00000002.00000003.2437054119.0000000001497000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595842450.0000000001467000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2211189984.0000000003B90000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2596014578.000000000146B000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2387703208.0000000003B95000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280589042.0000000003B8A000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2242006834.0000000003B90000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2140006021.0000000001480000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595651010.0000000003D81000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2437096098.0000000003BD5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595827565.0000000003C40000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280534106.0000000003BA5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2139858898.0000000001477000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595707609.0000000003BD5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.valvesoftware.com/legal.htm
                Source: EasyWay.exe, 00000002.00000003.2318994577.0000000003BB2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
                Source: EasyWay.exe, 00000002.00000003.2318994577.0000000003BB2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
                Source: EasyWay.exe, 00000002.00000003.2173754325.0000000003B98000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org?q=
                Source: EasyWay.exe, 00000002.00000003.2211280843.0000000001497000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.steampowered.com/
                Source: EasyWay.exe, 00000002.00000003.2475830131.0000000001478000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://areawannte.bet/
                Source: EasyWay.exe, 00000002.00000003.2388328254.0000000001467000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2242239956.000000000145F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://areawannte.bet/(
                Source: EasyWay.exe, 00000002.00000003.2467783151.0000000001476000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2468954492.0000000001473000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2532823842.0000000001473000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000002.3163776377.0000000001476000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595945495.0000000001476000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2475830131.0000000001478000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://areawannte.bet/5
                Source: EasyWay.exe, 00000002.00000003.2172281593.0000000001407000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://areawannte.bet/Q
                Source: EasyWay.exe, 00000002.00000003.2532823842.0000000001473000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000002.3163776377.0000000001476000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595945495.0000000001476000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://areawannte.bet/V
                Source: EasyWay.exe, 00000002.00000003.2172281593.0000000001407000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2242006834.0000000003BA3000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2318716750.0000000003BA2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://areawannte.bet/aRIsjI
                Source: EasyWay.exe, 00000002.00000003.2387703208.0000000003BA2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://areawannte.bet/aRIsjI2u
                Source: EasyWay.exe, 00000002.00000003.2437244670.0000000003B86000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2318339314.0000000003B88000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2468094641.0000000003B86000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2320649734.0000000003B87000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2387900075.0000000003B87000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://areawannte.bet/aRIsjIAA==dzN;
                Source: EasyWay.exe, 00000002.00000003.2318193528.0000000003B99000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2320603194.0000000003BA2000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2319097741.0000000003BA2000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2318716750.0000000003BA2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://areawannte.bet/aRIsjIP
                Source: EasyWay.exe, 00000002.00000002.3164103304.0000000003BA3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://areawannte.bet/aRIsjIg
                Source: EasyWay.exe, 00000002.00000002.3163776377.0000000001476000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://areawannte.bet/aRIsjIy
                Source: EasyWay.exe, 00000002.00000003.2242239956.000000000145F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://areawannte.bet/i
                Source: EasyWay.exe, 00000002.00000003.2532823842.0000000001473000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000002.3163776377.0000000001476000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595945495.0000000001476000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://areawannte.bet/m
                Source: EasyWay.exe, 00000002.00000003.2388229630.0000000003BDC000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2387703208.0000000003BD5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2242222927.000000000148F000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2387864509.0000000003BD8000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2467738437.0000000003BDC000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2437096098.0000000003BD5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595707609.0000000003BD5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://areawannte.bet:443/aRIsjI
                Source: EasyWay.exe, 00000002.00000003.2318500219.000000000148F000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2319117549.0000000001490000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2388328254.0000000001487000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2318388888.0000000001487000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://areawannte.bet:443/aRIsjIfiles/76561199822375128
                Source: EasyWay.exe, 00000002.00000003.2467738437.0000000003BDC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://areawannte.bet:443/aRIsjIhv.default-release/key4.dbPK
                Source: EasyWay.exe, 00000002.00000003.2172281593.0000000001407000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://astralconnec.icu/DPowko
                Source: EasyWay.exe, 00000002.00000003.2172281593.0000000001407000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://astralconnec.icu/DPowkoD
                Source: EasyWay.exe, 00000002.00000003.2595707609.0000000003BD5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2532922865.0000000001461000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2387900075.0000000003B87000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://avatars.fastly.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
                Source: EasyWay.exe, 00000002.00000003.2320649734.0000000003B87000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.
                Source: EasyWay.exe, 00000002.00000003.2139928687.0000000001469000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2211280843.0000000001497000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://broadcast.st.dl.eccdnx.com
                Source: EasyWay.exe, 00000002.00000003.2172281593.0000000001407000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://catterjur.run/boSnzhu
                Source: EasyWay.exe, 00000002.00000003.2173754325.0000000003B98000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                Source: EasyWay.exe, 00000002.00000003.2139928687.0000000001469000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2211280843.0000000001497000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/
                Source: EasyWay.exe, 00000002.00000003.2173754325.0000000003B98000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                Source: EasyWay.exe, 00000002.00000003.2173754325.0000000003B98000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                Source: EasyWay.exe, 00000002.00000003.2211280843.0000000001497000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://checkout.steampowered.com/
                Source: EasyWay.exe, 00000002.00000003.2596380157.0000000003BCB000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2596380157.0000000003BCF000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2139858898.000000000146F000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2211189984.0000000003B89000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280625387.000000000149C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fa
                Source: EasyWay.exe, 00000002.00000003.2139858898.0000000001477000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.stea
                Source: EasyWay.exe, 00000002.00000003.2211280843.0000000001497000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/
                Source: EasyWay.exe, 00000002.00000003.2387703208.0000000003BD5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2139858898.000000000146F000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2388294137.0000000003B86000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2437054119.0000000001497000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595945495.0000000001473000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2211189984.0000000003B89000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595842450.0000000001471000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280625387.000000000149C000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2211189984.0000000003B90000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2437118508.0000000001473000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2211220870.00000000014A1000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280589042.0000000003B8A000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2242006834.0000000003B90000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2437184849.0000000001461000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2140006021.0000000001480000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2596040246.000000000145F000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280700438.0000000003B86000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595651010.0000000003D81000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2387864509.0000000003BD8000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2139981226.0000000001461000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2437096098.0000000003BD5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=Gzg8NS4HKwGo&a
                Source: EasyWay.exe, 00000002.00000003.2596380157.0000000003BCB000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2596380157.0000000003BCF000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2387703208.0000000003BD5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280685347.0000000003B87000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2139858898.000000000146F000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2437054119.0000000001497000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000002.3164332487.0000000003C3F000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2211189984.0000000003B89000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280625387.000000000149C000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595842450.0000000001467000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2388229630.0000000003BD5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2211189984.0000000003B90000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2596014578.000000000146B000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2387703208.0000000003B95000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2242006834.0000000003B90000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2140006021.0000000001480000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2437096098.0000000003BD5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280534106.0000000003BA5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2139858898.0000000001477000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595707609.0000000003BD5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/globalv2.css?v=GlKQ1cghJWE2&l=english&_c
                Source: EasyWay.exe, 00000002.00000003.2596380157.0000000003BCB000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2596380157.0000000003BCF000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2387703208.0000000003BD5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2139858898.000000000146F000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2437054119.0000000001497000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000002.3164332487.0000000003C3F000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2211189984.0000000003B89000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280625387.000000000149C000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595842450.0000000001467000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2388229630.0000000003BD5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2211189984.0000000003B90000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2596014578.000000000146B000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2387703208.0000000003B95000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280589042.0000000003B8A000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2242006834.0000000003B90000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2140006021.0000000001480000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2437096098.0000000003BD5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280534106.0000000003BA5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2139858898.0000000001477000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595707609.0000000003BD5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/promo/summer2017/stickers.css?v=Ncr6N09yZIap&amp
                Source: EasyWay.exe, 00000002.00000003.2596380157.0000000003BCB000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2596380157.0000000003BCF000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2387703208.0000000003BD5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2139858898.000000000146F000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2437054119.0000000001497000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000002.3164332487.0000000003C3F000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2211189984.0000000003B89000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280625387.000000000149C000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595842450.0000000001467000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2388229630.0000000003BD5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2211189984.0000000003B90000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2596014578.000000000146B000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2387703208.0000000003B95000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280589042.0000000003B8A000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2242006834.0000000003B90000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2140006021.0000000001480000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2437096098.0000000003BD5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280534106.0000000003BA5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2139858898.0000000001477000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595707609.0000000003BD5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&l=english&a
                Source: EasyWay.exe, 00000002.00000003.2596380157.0000000003BCB000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2596380157.0000000003BCF000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2387703208.0000000003BD5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280685347.0000000003B87000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2139858898.000000000146F000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2437054119.0000000001497000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000002.3164332487.0000000003C3F000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2211189984.0000000003B89000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280625387.000000000149C000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595842450.0000000001467000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2388229630.0000000003BD5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2211189984.0000000003B90000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2596014578.000000000146B000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2387703208.0000000003B95000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2242006834.0000000003B90000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2140006021.0000000001480000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2437096098.0000000003BD5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280534106.0000000003BA5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2139858898.0000000001477000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595707609.0000000003BD5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/modalContent.css?v=WXAusLHclDIt&l=eng
                Source: EasyWay.exe, 00000002.00000003.2596380157.0000000003BCB000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2596380157.0000000003BCF000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2387703208.0000000003BD5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280685347.0000000003B87000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2139858898.000000000146F000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2437054119.0000000001497000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000002.3164332487.0000000003C3F000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2211189984.0000000003B89000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280625387.000000000149C000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595842450.0000000001467000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2388229630.0000000003BD5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2211189984.0000000003B90000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2596014578.000000000146B000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2387703208.0000000003B95000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2242006834.0000000003B90000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2140006021.0000000001480000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2437096098.0000000003BD5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280534106.0000000003BA5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2139858898.0000000001477000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595707609.0000000003BD5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/profilev2.css?v=fe66ET2uI50l&l=englis
                Source: EasyWay.exe, 00000002.00000003.2388229630.0000000003BDC000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2387703208.0000000003BD5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280685347.0000000003B87000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2139858898.000000000146F000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2437054119.0000000001497000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595945495.0000000001473000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2211189984.0000000003B89000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595842450.0000000001471000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280625387.000000000149C000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2387703208.0000000003B92000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2211189984.0000000003B90000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2437118508.0000000001473000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2211220870.00000000014A1000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280589042.0000000003B8A000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2242006834.0000000003B90000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2437184849.0000000001461000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2140006021.0000000001480000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2596040246.000000000145F000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595651010.0000000003D81000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2387864509.0000000003BD8000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2467738437.0000000003BDC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
                Source: EasyWay.exe, 00000002.00000003.2172211143.0000000001489000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2139858898.000000000146F000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2388294137.0000000003B86000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2437054119.0000000001497000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595945495.0000000001473000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2211189984.0000000003B89000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595842450.0000000001471000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280625387.000000000149C000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2211189984.0000000003B90000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2437118508.0000000001473000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2211220870.00000000014A1000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2242006834.0000000003B90000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2437184849.0000000001461000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2140006021.0000000001480000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2596040246.000000000145F000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280700438.0000000003B86000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595651010.0000000003D81000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2139981226.0000000001461000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2596110310.0000000001461000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280534106.0000000003BA5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2139858898.0000000001477000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
                Source: EasyWay.exe, 00000002.00000003.2387703208.0000000003BD5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280685347.0000000003B87000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2139858898.000000000146F000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2437054119.0000000001497000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595945495.0000000001473000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2211189984.0000000003B89000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595842450.0000000001471000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280625387.000000000149C000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2211189984.0000000003B90000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2437118508.0000000001473000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2211220870.00000000014A1000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280589042.0000000003B8A000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2242006834.0000000003B90000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2437184849.0000000001461000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2140006021.0000000001480000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2596040246.000000000145F000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595651010.0000000003D81000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2387864509.0000000003BD8000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2139981226.0000000001461000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2437096098.0000000003BD5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2596110310.0000000001461000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
                Source: EasyWay.exe, 00000002.00000003.2387703208.0000000003BD5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280685347.0000000003B87000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2139858898.000000000146F000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2437054119.0000000001497000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595945495.0000000001473000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2211189984.0000000003B89000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595842450.0000000001471000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280625387.000000000149C000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2211189984.0000000003B90000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2437118508.0000000001473000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2211220870.00000000014A1000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280589042.0000000003B8A000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2242006834.0000000003B90000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2437184849.0000000001461000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2140006021.0000000001480000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2596040246.000000000145F000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595651010.0000000003D81000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2387864509.0000000003BD8000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2139981226.0000000001461000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2437096098.0000000003BD5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2596110310.0000000001461000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/main.js?v=1VeaVEsE
                Source: EasyWay.exe, 00000002.00000003.2387703208.0000000003BD5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280685347.0000000003B87000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2139858898.000000000146F000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2437054119.0000000001497000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595945495.0000000001473000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2211189984.0000000003B89000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595842450.0000000001471000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280625387.000000000149C000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2211189984.0000000003B90000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2437118508.0000000001473000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2211220870.00000000014A1000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280589042.0000000003B8A000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2242006834.0000000003B90000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2437184849.0000000001461000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2140006021.0000000001480000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2596040246.000000000145F000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595651010.0000000003D81000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2387864509.0000000003BD8000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2139981226.0000000001461000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2437096098.0000000003BD5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2596110310.0000000001461000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=Bdoh
                Source: EasyWay.exe, 00000002.00000003.2596380157.0000000003BCB000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2596380157.0000000003BCF000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2387703208.0000000003BD5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2139858898.000000000146F000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2437054119.0000000001497000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2211189984.0000000003B89000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280625387.000000000149C000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595842450.0000000001467000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2388229630.0000000003BD5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2211189984.0000000003B90000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2596014578.000000000146B000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2387703208.0000000003B95000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280589042.0000000003B8A000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2242006834.0000000003B90000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2140006021.0000000001480000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595651010.0000000003D81000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2437096098.0000000003BD5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595827565.0000000003C40000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280534106.0000000003BA5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2139858898.0000000001477000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595707609.0000000003BD5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/global.js?v=cMt-H-zOgNUp&l=english&am
                Source: EasyWay.exe, 00000002.00000003.2596380157.0000000003BCB000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2596380157.0000000003BCF000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2387703208.0000000003BD5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2139858898.000000000146F000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2437054119.0000000001497000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2211189984.0000000003B89000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280625387.000000000149C000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595842450.0000000001467000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2388229630.0000000003BD5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2211189984.0000000003B90000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2596014578.000000000146B000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2387703208.0000000003B95000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280589042.0000000003B8A000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2242006834.0000000003B90000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2140006021.0000000001480000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595651010.0000000003D81000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2437096098.0000000003BD5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595827565.0000000003C40000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280534106.0000000003BA5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2139858898.0000000001477000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595707609.0000000003BD5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=gQHVlrK4-jX-&l
                Source: EasyWay.exe, 00000002.00000003.2596380157.0000000003BCB000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2596380157.0000000003BCF000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2387703208.0000000003BD5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2139858898.000000000146F000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2437054119.0000000001497000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2211189984.0000000003B89000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280625387.000000000149C000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595842450.0000000001467000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2388229630.0000000003BD5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2211189984.0000000003B90000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2596014578.000000000146B000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2387703208.0000000003B95000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280589042.0000000003B8A000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2242006834.0000000003B90000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2140006021.0000000001480000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595651010.0000000003D81000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2437096098.0000000003BD5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595827565.0000000003C40000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280534106.0000000003BA5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2139858898.0000000001477000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595707609.0000000003BD5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/modalContent.js?v=uqf5ttWTRe7l&l=engl
                Source: EasyWay.exe, 00000002.00000003.2596380157.0000000003BCB000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2596380157.0000000003BCF000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2387703208.0000000003BD5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2139858898.000000000146F000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2437054119.0000000001497000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2211189984.0000000003B89000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280625387.000000000149C000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595842450.0000000001467000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2388229630.0000000003BD5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2211189984.0000000003B90000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2596014578.000000000146B000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2387703208.0000000003B95000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280589042.0000000003B8A000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2242006834.0000000003B90000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2140006021.0000000001480000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595651010.0000000003D81000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2437096098.0000000003BD5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595827565.0000000003C40000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280534106.0000000003BA5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2139858898.0000000001477000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595707609.0000000003BD5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/modalv2.js?v=zBXEuexVQ0FZ&l=english&a
                Source: EasyWay.exe, 00000002.00000003.2596380157.0000000003BCB000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2596380157.0000000003BCF000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2387703208.0000000003BD5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2139858898.000000000146F000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2437054119.0000000001497000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2211189984.0000000003B89000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280625387.000000000149C000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595842450.0000000001467000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2388229630.0000000003BD5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2211189984.0000000003B90000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2596014578.000000000146B000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2387703208.0000000003B95000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280589042.0000000003B8A000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2242006834.0000000003B90000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2140006021.0000000001480000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595651010.0000000003D81000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2437096098.0000000003BD5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595827565.0000000003C40000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280534106.0000000003BA5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2139858898.0000000001477000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595707609.0000000003BD5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/profile.js?v=GeQ6v03mWpAc&l=english&a
                Source: EasyWay.exe, 00000002.00000003.2387703208.0000000003BD5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2437054119.0000000001497000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595842450.0000000001467000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2388229630.0000000003BD5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2211189984.0000000003B90000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2596014578.000000000146B000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2387703208.0000000003B95000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280589042.0000000003B8A000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2242006834.0000000003B90000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2140006021.0000000001480000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595651010.0000000003D81000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2437096098.0000000003BD5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595827565.0000000003C40000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280534106.0000000003BA5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2139858898.0000000001477000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595707609.0000000003BD5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/promo/stickers.js?v=CcLRHsa04otQ&l=en
                Source: EasyWay.exe, 00000002.00000003.2596380157.0000000003BCB000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2596380157.0000000003BCF000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2387703208.0000000003BD5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2139858898.000000000146F000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2437054119.0000000001497000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000002.3164332487.0000000003C3F000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2211189984.0000000003B89000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280625387.000000000149C000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595842450.0000000001467000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2388229630.0000000003BD5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2211189984.0000000003B90000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2596014578.000000000146B000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2387703208.0000000003B95000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280589042.0000000003B8A000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2242006834.0000000003B90000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2140006021.0000000001480000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2437096098.0000000003BD5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280534106.0000000003BA5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2139858898.0000000001477000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595707609.0000000003BD5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&l=eng
                Source: EasyWay.exe, 00000002.00000003.2387703208.0000000003BD5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2437054119.0000000001497000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595842450.0000000001467000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2388229630.0000000003BD5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2211189984.0000000003B90000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2596014578.000000000146B000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2387703208.0000000003B95000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280589042.0000000003B8A000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2242006834.0000000003B90000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2140006021.0000000001480000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595651010.0000000003D81000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2437096098.0000000003BD5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595827565.0000000003C40000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280534106.0000000003BA5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2139858898.0000000001477000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595707609.0000000003BD5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/reportedcontent.js?v=-lZqrarogJr8&l=e
                Source: EasyWay.exe, 00000002.00000003.2596380157.0000000003BCB000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2596380157.0000000003BCF000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2387703208.0000000003BD5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2139858898.000000000146F000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2437054119.0000000001497000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000002.3164332487.0000000003C3F000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2211189984.0000000003B89000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280625387.000000000149C000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595842450.0000000001467000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2388229630.0000000003BD5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2211189984.0000000003B90000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2596014578.000000000146B000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2387703208.0000000003B95000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280589042.0000000003B8A000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2242006834.0000000003B90000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2140006021.0000000001480000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2437096098.0000000003BD5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280534106.0000000003BA5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2139858898.0000000001477000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595707609.0000000003BD5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbC
                Source: EasyWay.exe, 00000002.00000003.2387703208.0000000003BD5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2437054119.0000000001497000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595842450.0000000001467000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2388229630.0000000003BD5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2211189984.0000000003B90000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2596014578.000000000146B000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2387703208.0000000003B95000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280589042.0000000003B8A000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2242006834.0000000003B90000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2140006021.0000000001480000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595651010.0000000003D81000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2437096098.0000000003BD5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595827565.0000000003C40000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280534106.0000000003BA5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2139858898.0000000001477000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595707609.0000000003BD5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/webui/clientcom.js?v=LrC2xWhJTNZp&l=e
                Source: EasyWay.exe, 00000002.00000003.2596380157.0000000003BCB000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2596380157.0000000003BCF000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2387703208.0000000003BD5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280685347.0000000003B87000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2139858898.000000000146F000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2437054119.0000000001497000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000002.3164332487.0000000003C3F000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2211189984.0000000003B89000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280625387.000000000149C000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595842450.0000000001467000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2388229630.0000000003BD5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2211189984.0000000003B90000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2596014578.000000000146B000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2387703208.0000000003B95000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2140006021.0000000001480000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2437096098.0000000003BD5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280534106.0000000003BA5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2139858898.0000000001477000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595707609.0000000003BD5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&l=english&
                Source: EasyWay.exe, 00000002.00000003.2595707609.0000000003BD5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&l=engl
                Source: EasyWay.exe, 00000002.00000003.2596380157.0000000003BCB000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2596380157.0000000003BCF000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2387703208.0000000003BD5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280685347.0000000003B87000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2139858898.000000000146F000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2437054119.0000000001497000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000002.3164332487.0000000003C3F000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2211189984.0000000003B89000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280625387.000000000149C000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595842450.0000000001467000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2388229630.0000000003BD5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2211189984.0000000003B90000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2596014578.000000000146B000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2387703208.0000000003B95000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2140006021.0000000001480000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2437096098.0000000003BD5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280534106.0000000003BA5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2139858898.0000000001477000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595707609.0000000003BD5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=Eq36AUaEgab8&l=en
                Source: EasyWay.exe, 00000002.00000003.2596380157.0000000003BCB000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2596380157.0000000003BCF000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2387703208.0000000003BD5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2139858898.000000000146F000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2437054119.0000000001497000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000002.3164332487.0000000003C3F000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2211189984.0000000003B89000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280625387.000000000149C000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595842450.0000000001467000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2388229630.0000000003BD5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2211189984.0000000003B90000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2596014578.000000000146B000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2387703208.0000000003B95000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280589042.0000000003B8A000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2242006834.0000000003B90000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2140006021.0000000001480000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2437096098.0000000003BD5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280534106.0000000003BA5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2139858898.0000000001477000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595707609.0000000003BD5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&
                Source: EasyWay.exe, 00000002.00000003.2437054119.0000000001497000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595842450.0000000001467000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2211189984.0000000003B90000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2596014578.000000000146B000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2387703208.0000000003B95000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280589042.0000000003B8A000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2242006834.0000000003B90000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2140006021.0000000001480000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595651010.0000000003D81000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000002.3163745302.0000000001469000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2437096098.0000000003BD5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595827565.0000000003C40000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280534106.0000000003BA5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2139858898.0000000001477000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595707609.0000000003BD5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
                Source: EasyWay.exe, 00000002.00000003.2437054119.0000000001497000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595842450.0000000001467000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2211189984.0000000003B90000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2596014578.000000000146B000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2387703208.0000000003B95000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280589042.0000000003B8A000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2242006834.0000000003B90000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2140006021.0000000001480000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595651010.0000000003D81000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2437096098.0000000003BD5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595827565.0000000003C40000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280534106.0000000003BA5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2139858898.0000000001477000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595707609.0000000003BD5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_logo.png
                Source: EasyWay.exe, 00000002.00000003.2437054119.0000000001497000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595842450.0000000001467000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2211189984.0000000003B90000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2596014578.000000000146B000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2387703208.0000000003B95000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280589042.0000000003B8A000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2242006834.0000000003B90000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2140006021.0000000001480000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595651010.0000000003D81000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2437096098.0000000003BD5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595827565.0000000003C40000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280534106.0000000003BA5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2139858898.0000000001477000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595707609.0000000003BD5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
                Source: EasyWay.exe, 00000002.00000003.2437054119.0000000001497000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595842450.0000000001467000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2211189984.0000000003B90000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2596014578.000000000146B000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2387703208.0000000003B95000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280589042.0000000003B8A000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2242006834.0000000003B90000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2140006021.0000000001480000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595651010.0000000003D81000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2437096098.0000000003BD5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595827565.0000000003C40000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280534106.0000000003BA5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2139858898.0000000001477000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595707609.0000000003BD5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
                Source: EasyWay.exe, 00000002.00000003.2596380157.0000000003BCB000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2596380157.0000000003BCF000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2387703208.0000000003BD5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2139858898.000000000146F000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2437054119.0000000001497000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2211189984.0000000003B89000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280625387.000000000149C000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595842450.0000000001467000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2388229630.0000000003BD5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2211189984.0000000003B90000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2596014578.000000000146B000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2387703208.0000000003B95000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280589042.0000000003B8A000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2242006834.0000000003B90000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2140006021.0000000001480000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595651010.0000000003D81000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2437096098.0000000003BD5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595827565.0000000003C40000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280534106.0000000003BA5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2139858898.0000000001477000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595707609.0000000003BD5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2S&amp
                Source: EasyWay.exe, 00000002.00000003.2596380157.0000000003BCB000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2596380157.0000000003BCF000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2387703208.0000000003BD5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2139858898.000000000146F000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2437054119.0000000001497000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2211189984.0000000003B89000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280625387.000000000149C000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595842450.0000000001467000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2388229630.0000000003BD5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2211189984.0000000003B90000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2596014578.000000000146B000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2387703208.0000000003B95000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280589042.0000000003B8A000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2242006834.0000000003B90000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2140006021.0000000001480000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595651010.0000000003D81000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2437096098.0000000003BD5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595827565.0000000003C40000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280534106.0000000003BA5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2139858898.0000000001477000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595707609.0000000003BD5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=PCCoCNLxwF4M&am
                Source: EasyWay.exe, 00000002.00000003.2387703208.0000000003BD5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2437054119.0000000001497000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595842450.0000000001467000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2388229630.0000000003BD5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2211189984.0000000003B90000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2596014578.000000000146B000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2387703208.0000000003B95000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280589042.0000000003B8A000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2242006834.0000000003B90000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2140006021.0000000001480000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595651010.0000000003D81000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2437096098.0000000003BD5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595827565.0000000003C40000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280534106.0000000003BA5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2139858898.0000000001477000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595707609.0000000003BD5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=tvQ
                Source: EasyWay.exe, 00000002.00000003.2596380157.0000000003BCB000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2596380157.0000000003BCF000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2387703208.0000000003BD5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2139858898.000000000146F000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2437054119.0000000001497000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2211189984.0000000003B89000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280625387.000000000149C000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595842450.0000000001467000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2388229630.0000000003BD5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2211189984.0000000003B90000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2596014578.000000000146B000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2387703208.0000000003B95000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280589042.0000000003B8A000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2242006834.0000000003B90000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2140006021.0000000001480000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595651010.0000000003D81000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2437096098.0000000003BD5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595827565.0000000003C40000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280534106.0000000003BA5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2139858898.0000000001477000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595707609.0000000003BD5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&l=en
                Source: EasyWay.exe, 00000002.00000003.2320649734.0000000003B87000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg
                Source: EasyWay.exe, 00000002.00000003.2173754325.0000000003B98000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                Source: EasyWay.exe, 00000002.00000003.2173754325.0000000003B98000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtabv209h
                Source: EasyWay.exe, 00000002.00000003.2173754325.0000000003B98000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                Source: EasyWay.exe, 00000002.00000003.2173754325.0000000003B98000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://gemini.google.com/app?q=
                Source: EasyWay.exe, 00000002.00000003.2140006021.000000000146E000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2139928687.000000000146E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowe
                Source: EasyWay.exe, 00000002.00000003.2211280843.0000000001497000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/
                Source: EasyWay.exe, 00000002.00000003.2437054119.0000000001497000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595842450.0000000001467000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2211189984.0000000003B90000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2596014578.000000000146B000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2387703208.0000000003B95000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280589042.0000000003B8A000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2242006834.0000000003B90000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2140006021.0000000001480000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595651010.0000000003D81000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2437096098.0000000003BD5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595827565.0000000003C40000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280534106.0000000003BA5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2139858898.0000000001477000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595707609.0000000003BD5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/en/
                Source: EasyWay.exe, 00000002.00000003.2320649734.0000000003B87000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
                Source: EasyWay.exe, 00000002.00000003.2211280843.0000000001497000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.steampowered.com/
                Source: EasyWay.exe, 00000002.00000003.2139928687.0000000001469000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2211280843.0000000001497000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lv.queniujq.cn
                Source: EasyWay.exe, 00000002.00000003.2139928687.0000000001469000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2211280843.0000000001497000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://medal.tv
                Source: EasyWay.exe, 00000002.00000003.2172281593.0000000001407000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://orangemyther.live/IozZ
                Source: EasyWay.exe, 00000002.00000003.2139928687.0000000001469000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2211280843.0000000001497000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://player.vimeo.com
                Source: EasyWay.exe, 00000002.00000003.2139928687.0000000001469000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2211280843.0000000001497000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net
                Source: EasyWay.exe, 00000002.00000003.2242222927.000000000148F000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2243881484.0000000001497000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net/recap
                Source: EasyWay.exe, 00000002.00000003.2139928687.0000000001469000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2211280843.0000000001497000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net/recaptcha/;
                Source: EasyWay.exe, 00000002.00000003.2139928687.0000000001469000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2211280843.0000000001497000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s.ytimg.com;
                Source: EasyWay.exe, 00000002.00000003.2139928687.0000000001469000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2211280843.0000000001497000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sketchfab.com
                Source: EasyWay.exe, 00000002.00000003.2139928687.0000000001469000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2211280843.0000000001497000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steam.tv/
                Source: EasyWay.exe, 00000002.00000003.2139928687.0000000001469000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2211280843.0000000001497000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast-test.akamaized.net
                Source: EasyWay.exe, 00000002.00000003.2139928687.0000000001469000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2211280843.0000000001497000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast.akamaized.net
                Source: EasyWay.exe, 00000002.00000003.2139928687.0000000001469000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2211280843.0000000001497000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcastchat.akamaized.net
                Source: EasyWay.exe, 00000002.00000003.2280734084.0000000001487000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/
                Source: EasyWay.exe, 00000002.00000003.2280685347.0000000003B87000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/42MAAA==dzN;
                Source: EasyWay.exe, 00000002.00000003.2318500219.000000000148F000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2319117549.0000000001490000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280888524.000000000148F000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2596192763.0000000001487000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2318388888.0000000001487000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2211263215.000000000148F000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280734084.0000000001487000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/:
                Source: EasyWay.exe, 00000002.00000003.2437054119.0000000001497000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595842450.0000000001467000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2211189984.0000000003B90000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2596014578.000000000146B000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2387703208.0000000003B95000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280589042.0000000003B8A000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2242006834.0000000003B90000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2140006021.0000000001480000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595651010.0000000003D81000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2437096098.0000000003BD5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595827565.0000000003C40000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280534106.0000000003BA5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2139858898.0000000001477000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595707609.0000000003BD5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
                Source: EasyWay.exe, 00000002.00000003.2280888524.000000000148F000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2467783151.0000000001487000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2437118508.0000000001487000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280734084.0000000001487000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/B9zVuN8Koi/ky4KkrVkbq0Is
                Source: EasyWay.exe, 00000002.00000003.2475317821.000000000148F000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2468954492.0000000001487000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/B9zVuN8Koi/ky4KkrVkbq0Is;
                Source: EasyWay.exe, 00000002.00000003.2388328254.0000000001487000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/B9zVuN8Koi/ky4KkrVkbq0Isu
                Source: EasyWay.exe, 00000002.00000003.2532823842.0000000001490000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000002.3163776377.0000000001476000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2596192763.0000000001487000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2475317821.000000000148F000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2467783151.0000000001487000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2468954492.0000000001487000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2437118508.0000000001487000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/cd
                Source: EasyWay.exe, 00000002.00000003.2437054119.0000000001497000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595842450.0000000001467000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2211189984.0000000003B90000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2596014578.000000000146B000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2387703208.0000000003B95000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280589042.0000000003B8A000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2242006834.0000000003B90000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2140006021.0000000001480000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595651010.0000000003D81000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2437096098.0000000003BD5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595827565.0000000003C40000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280534106.0000000003BA5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2139858898.0000000001477000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595707609.0000000003BD5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/discussions/
                Source: EasyWay.exe, 00000002.00000003.2475317821.000000000148F000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2467783151.0000000001487000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2468954492.0000000001487000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2437118508.0000000001487000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/j
                Source: EasyWay.exe, 00000002.00000002.3163776377.0000000001476000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2596192763.0000000001487000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/jm
                Source: EasyWay.exe, 00000002.00000003.2172211143.0000000001489000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2139858898.000000000146F000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2388294137.0000000003B86000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2437054119.0000000001497000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595945495.0000000001473000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2211189984.0000000003B89000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595842450.0000000001471000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280625387.000000000149C000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2211189984.0000000003B90000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2437118508.0000000001473000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2211220870.00000000014A1000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2242006834.0000000003B90000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2437184849.0000000001461000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2140006021.0000000001480000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2596040246.000000000145F000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280700438.0000000003B86000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595651010.0000000003D81000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2139981226.0000000001461000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2596110310.0000000001461000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280534106.0000000003BA5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2139858898.0000000001477000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
                Source: EasyWay.exe, 00000002.00000003.2595707609.0000000003BD5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199822375128
                Source: EasyWay.exe, 00000002.00000003.2437054119.0000000001497000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595842450.0000000001467000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2211189984.0000000003B90000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2596014578.000000000146B000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2387703208.0000000003B95000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280589042.0000000003B8A000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2242006834.0000000003B90000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2140006021.0000000001480000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595651010.0000000003D81000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2437096098.0000000003BD5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595827565.0000000003C40000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280534106.0000000003BA5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2139858898.0000000001477000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595707609.0000000003BD5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/market/
                Source: EasyWay.exe, 00000002.00000003.2437054119.0000000001497000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595842450.0000000001467000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2211189984.0000000003B90000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2596014578.000000000146B000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2387703208.0000000003B95000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280589042.0000000003B8A000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2242006834.0000000003B90000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2140006021.0000000001480000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595651010.0000000003D81000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000002.3163745302.0000000001469000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2437096098.0000000003BD5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595827565.0000000003C40000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280534106.0000000003BA5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2139858898.0000000001477000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595707609.0000000003BD5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/my/wishlist/
                Source: EasyWay.exe, 00000002.00000003.2244122202.0000000001487000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2242222927.000000000148F000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2244285354.000000000148F000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280888524.000000000148F000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000002.3163776377.0000000001476000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2596192763.0000000001487000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2475317821.000000000148F000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2467783151.0000000001487000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2468954492.0000000001487000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2437118508.0000000001487000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2211263215.000000000148F000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000002.3163592074.00000000013E4000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2172281593.0000000001407000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280734084.0000000001487000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199822375128
                Source: EasyWay.exe, 00000002.00000003.2388229630.0000000003BDC000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2387703208.0000000003BD5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280685347.0000000003B87000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2139858898.000000000146F000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2437054119.0000000001497000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595945495.0000000001473000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2211189984.0000000003B89000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595842450.0000000001471000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280625387.000000000149C000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2387703208.0000000003B92000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2211189984.0000000003B90000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2437118508.0000000001473000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2211220870.00000000014A1000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280589042.0000000003B8A000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2242006834.0000000003B90000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2437184849.0000000001461000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2140006021.0000000001480000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2596040246.000000000145F000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595651010.0000000003D81000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2387864509.0000000003BD8000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2467738437.0000000003BDC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199822375128/badges
                Source: EasyWay.exe, 00000002.00000003.2211263215.000000000148F000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2211280843.0000000001497000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199822375128/invent
                Source: EasyWay.exe, 00000002.00000003.2139858898.000000000146F000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2388294137.0000000003B86000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2437054119.0000000001497000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595945495.0000000001473000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2211189984.0000000003B89000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595842450.0000000001471000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280625387.000000000149C000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2211189984.0000000003B90000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2437118508.0000000001473000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2242006834.0000000003B90000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2437184849.0000000001461000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2140006021.0000000001480000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2596040246.000000000145F000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280700438.0000000003B86000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595651010.0000000003D81000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2139981226.0000000001461000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2596110310.0000000001461000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280534106.0000000003BA5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2139858898.0000000001477000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2532922865.0000000001461000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2318356653.0000000003B86000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199822375128/inventory/
                Source: EasyWay.exe, 00000002.00000003.2244122202.0000000001487000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2244285354.000000000148F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/7656119982237512825B9zVuN8Koi/ky4KkrVkbq0Is
                Source: EasyWay.exe, 00000002.00000003.2242222927.000000000148F000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2211263215.000000000148F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/7656119982237512825B9zVuN8Koi/ky4KkrVkbq0Is;
                Source: EasyWay.exe, 00000002.00000003.2172281593.0000000001407000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199822375128B
                Source: EasyWay.exe, 00000002.00000003.2280888524.000000000148F000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280734084.0000000001487000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199822375128I
                Source: EasyWay.exe, 00000002.00000002.3163776377.0000000001476000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2596192763.0000000001487000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199822375128b
                Source: EasyWay.exe, 00000002.00000003.2437054119.0000000001497000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595842450.0000000001467000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2211189984.0000000003B90000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2596014578.000000000146B000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2387703208.0000000003B95000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280589042.0000000003B8A000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2242006834.0000000003B90000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2140006021.0000000001480000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595651010.0000000003D81000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2437096098.0000000003BD5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595827565.0000000003C40000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280534106.0000000003BA5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2139858898.0000000001477000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595707609.0000000003BD5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/workshop/
                Source: EasyWay.exe, 00000002.00000002.3163776377.0000000001476000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2596192763.0000000001487000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/z
                Source: EasyWay.exe, 00000002.00000003.2595707609.0000000003BD5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280734084.0000000001487000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com:443/profiles/76561199822375128
                Source: EasyWay.exe, 00000002.00000003.2467738437.0000000003BDC000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2437096098.0000000003BD5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595707609.0000000003BD5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com:443/profiles/76561199822375128/5
                Source: EasyWay.exe, 00000002.00000003.2242222927.000000000148F000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2211263215.000000000148F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com:443/profiles/76561199822375128M
                Source: EasyWay.exe, 00000002.00000003.2139928687.0000000001469000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2211280843.0000000001497000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamloopback.host
                Source: EasyWay.exe, 00000002.00000003.2172281593.0000000001407000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sterpickced.digital/
                Source: EasyWay.exe, 00000002.00000003.2318388888.000000000145F000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2388328254.000000000145F000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2244122202.000000000145F000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2172374399.0000000001463000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280734084.000000000145F000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2319117549.000000000145F000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2242239956.000000000145F000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2139981226.0000000001461000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sterpickced.digital/plSOz9F
                Source: EasyWay.exe, 00000002.00000003.2243881484.0000000001497000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com
                Source: EasyWay.exe, 00000002.00000003.2211280843.0000000001497000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/
                Source: EasyWay.exe, 00000002.00000003.2211263215.000000000148F000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2139928687.0000000001469000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2211280843.0000000001497000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;
                Source: EasyWay.exe, 00000002.00000003.2280734084.0000000001404000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595945495.0000000001476000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2437118508.0000000001487000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2211263215.000000000148F000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2139928687.0000000001469000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;X-Frame-OptionsSAMEORIGINPersistent-AuthWWW-AuthenticateVarysteamCou
                Source: EasyWay.exe, 00000002.00000003.2595707609.0000000003BD5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/about/
                Source: EasyWay.exe, 00000002.00000003.2437054119.0000000001497000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595842450.0000000001467000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2211189984.0000000003B90000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2596014578.000000000146B000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2387703208.0000000003B95000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280589042.0000000003B8A000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2242006834.0000000003B90000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2140006021.0000000001480000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595651010.0000000003D81000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000002.3163745302.0000000001469000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2437096098.0000000003BD5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595827565.0000000003C40000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280534106.0000000003BA5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2139858898.0000000001477000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595707609.0000000003BD5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/explore/
                Source: EasyWay.exe, 00000002.00000003.2172211143.0000000001489000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2139858898.000000000146F000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2388294137.0000000003B86000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2437054119.0000000001497000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595945495.0000000001473000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2211189984.0000000003B89000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595842450.0000000001471000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280625387.000000000149C000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2211189984.0000000003B90000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2437118508.0000000001473000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2211220870.00000000014A1000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2242006834.0000000003B90000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2437184849.0000000001461000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2140006021.0000000001480000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2596040246.000000000145F000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280700438.0000000003B86000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595651010.0000000003D81000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2139981226.0000000001461000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2596110310.0000000001461000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280534106.0000000003BA5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2139858898.0000000001477000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/legal/
                Source: EasyWay.exe, 00000002.00000003.2437054119.0000000001497000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595842450.0000000001467000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2211189984.0000000003B90000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2596014578.000000000146B000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2387703208.0000000003B95000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280589042.0000000003B8A000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2242006834.0000000003B90000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2140006021.0000000001480000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595651010.0000000003D81000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2437096098.0000000003BD5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595827565.0000000003C40000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280534106.0000000003BA5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2139858898.0000000001477000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595707609.0000000003BD5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/mobile
                Source: EasyWay.exe, 00000002.00000003.2437054119.0000000001497000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595842450.0000000001467000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2211189984.0000000003B90000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2596014578.000000000146B000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2387703208.0000000003B95000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280589042.0000000003B8A000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2242006834.0000000003B90000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2140006021.0000000001480000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595651010.0000000003D81000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000002.3163745302.0000000001469000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2437096098.0000000003BD5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595827565.0000000003C40000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280534106.0000000003BA5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2139858898.0000000001477000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595707609.0000000003BD5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/news/
                Source: EasyWay.exe, 00000002.00000003.2437054119.0000000001497000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595842450.0000000001467000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2211189984.0000000003B90000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2596014578.000000000146B000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2387703208.0000000003B95000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280589042.0000000003B8A000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2242006834.0000000003B90000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2140006021.0000000001480000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595651010.0000000003D81000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000002.3163745302.0000000001469000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2437096098.0000000003BD5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595827565.0000000003C40000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280534106.0000000003BA5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2139858898.0000000001477000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595707609.0000000003BD5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/points/shop/
                Source: EasyWay.exe, 00000002.00000003.2437054119.0000000001497000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595842450.0000000001467000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2211189984.0000000003B90000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2596014578.000000000146B000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2387703208.0000000003B95000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280589042.0000000003B8A000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2242006834.0000000003B90000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2140006021.0000000001480000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595651010.0000000003D81000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2437096098.0000000003BD5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595827565.0000000003C40000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280534106.0000000003BA5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2139858898.0000000001477000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595707609.0000000003BD5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/privacy_agreement/
                Source: EasyWay.exe, 00000002.00000003.2437054119.0000000001497000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595842450.0000000001467000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2211189984.0000000003B90000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2596014578.000000000146B000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2387703208.0000000003B95000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280589042.0000000003B8A000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2242006834.0000000003B90000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2140006021.0000000001480000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595651010.0000000003D81000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000002.3163745302.0000000001469000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2437096098.0000000003BD5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595827565.0000000003C40000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280534106.0000000003BA5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2139858898.0000000001477000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595707609.0000000003BD5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/stats/
                Source: EasyWay.exe, 00000002.00000003.2437054119.0000000001497000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595842450.0000000001467000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2211189984.0000000003B90000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2596014578.000000000146B000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2387703208.0000000003B95000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280589042.0000000003B8A000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2242006834.0000000003B90000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2140006021.0000000001480000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595651010.0000000003D81000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2437096098.0000000003BD5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595827565.0000000003C40000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280534106.0000000003BA5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2139858898.0000000001477000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595707609.0000000003BD5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/steam_refunds/
                Source: EasyWay.exe, 00000002.00000003.2437054119.0000000001497000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595842450.0000000001467000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2211189984.0000000003B90000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2596014578.000000000146B000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2387703208.0000000003B95000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280589042.0000000003B8A000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2242006834.0000000003B90000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2140006021.0000000001480000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595651010.0000000003D81000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2437096098.0000000003BD5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595827565.0000000003C40000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280534106.0000000003BA5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2139858898.0000000001477000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595707609.0000000003BD5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/subscriber_agreement/
                Source: EasyWay.exe, 00000002.00000003.2320132641.0000000003DA2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
                Source: EasyWay.exe, 00000002.00000003.2320132641.0000000003DA2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
                Source: EasyWay.exe, 00000002.00000003.1343439530.000000000141D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/
                Source: EasyWay.exe, 00000002.00000002.3163592074.00000000013B8000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.1343426452.0000000001453000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/asdawfq
                Source: EasyWay.exe, 00000002.00000003.1343439530.0000000001407000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://web.telegram.org
                Source: EasyWay.exe, 00000002.00000003.1343439530.0000000001407000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://web.telegram.orgPersistent-AuthWWW-AuthenticateVarystel_ssid=5db4d8b1aa1b5fa55a_518096108019
                Source: EasyWay.exe, 00000002.00000003.1343439530.0000000001407000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://web.telegram.orgX-Frame-OptionsALLOW-FROM
                Source: EasyWay.exe, 00000002.00000003.2173754325.0000000003B98000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/v20
                Source: EasyWay.exe, 00000002.00000003.2139928687.0000000001469000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2211280843.0000000001497000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
                Source: EasyWay.exe, 00000002.00000003.2173754325.0000000003B98000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_alldp.ico
                Source: EasyWay.exe, 00000002.00000003.2211280843.0000000001497000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/recaptcha/
                Source: EasyWay.exe, 00000002.00000003.2139928687.0000000001469000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2211280843.0000000001497000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.cn/recaptcha/
                Source: EasyWay.exe, 00000002.00000003.2139928687.0000000001469000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2211280843.0000000001497000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/recaptcha/
                Source: EasyWay.exe, 00000002.00000003.2320132641.0000000003DA2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.CDjelnmQJyZc
                Source: EasyWay.exe, 00000002.00000003.2320132641.0000000003DA2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.b3lOZaxJcpF6
                Source: EasyWay.exe, 00000002.00000003.2320132641.0000000003DA2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
                Source: EasyWay.exe, 00000002.00000003.2320132641.0000000003DA2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
                Source: EasyWay.exe, 00000002.00000003.2320132641.0000000003DA2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/media/img/mozorg/mozilla-256.4720741d4108.jpg
                Source: EasyWay.exe, 00000002.00000003.2320132641.0000000003DA2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
                Source: EasyWay.exe, 00000002.00000003.2437054119.0000000001497000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2211189984.0000000003B90000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280589042.0000000003B8A000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2242006834.0000000003B90000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2140006021.0000000001480000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595651010.0000000003D81000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2437096098.0000000003BD5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595827565.0000000003C40000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280534106.0000000003BA5000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2532742685.000000000149F000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2139858898.0000000001477000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2595707609.0000000003BD5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
                Source: EasyWay.exe, 00000002.00000003.2139928687.0000000001469000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2211280843.0000000001497000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com
                Source: EasyWay.exe, 00000002.00000003.2139928687.0000000001469000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2211280843.0000000001497000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
                Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
                Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
                Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
                Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
                Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
                Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
                Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
                Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
                Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
                Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
                Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
                Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
                Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
                Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
                Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
                Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
                Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
                Source: unknownHTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.5:49710 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 23.197.127.21:443 -> 192.168.2.5:49743 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:49744 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 23.197.127.21:443 -> 192.168.2.5:49745 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:49746 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 23.197.127.21:443 -> 192.168.2.5:49747 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:49748 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 23.197.127.21:443 -> 192.168.2.5:49749 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:49750 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 23.197.127.21:443 -> 192.168.2.5:49751 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:49752 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 23.197.127.21:443 -> 192.168.2.5:49753 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:49754 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 23.192.247.89:443 -> 192.168.2.5:49755 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:49756 version: TLS 1.2
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_0043FF00 OpenClipboard,GetClipboardData,GlobalLock,GetWindowRect,GlobalUnlock,CloseClipboard,2_2_0043FF00
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_01351000 EntryPoint,GetClipboardSequenceNumber,Sleep,Sleep,OpenClipboard,GetClipboardData,GlobalLock,GlobalAlloc,GlobalLock,GlobalUnlock,EmptyClipboard,SetClipboardData,GlobalFree,GlobalUnlock,CloseClipboard,GetClipboardSequenceNumber,2_2_01351000
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_0043FF00 OpenClipboard,GetClipboardData,GlobalLock,GetWindowRect,GlobalUnlock,CloseClipboard,2_2_0043FF00
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_00440324 GetDC,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetCurrentObject,GetObjectW,DeleteObject,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,SelectObject,DeleteDC,ReleaseDC,DeleteObject,2_2_00440324
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_00523A100_2_00523A10
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_0054CBB00_2_0054CBB0
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_0054D4700_2_0054D470
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_0052B8500_2_0052B850
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_005378400_2_00537840
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_005410700_2_00541070
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_0056D07A0_2_0056D07A
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_0055E8600_2_0055E860
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_005210000_2_00521000
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_0055A0000_2_0055A000
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_0052A8300_2_0052A830
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_0053F8200_2_0053F820
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_005358D00_2_005358D0
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_0054C8D00_2_0054C8D0
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_0054A0C00_2_0054A0C0
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_005650C00_2_005650C0
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_0053A8900_2_0053A890
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_0054F8900_2_0054F890
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_005270B00_2_005270B0
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_005500B00_2_005500B0
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_005610B00_2_005610B0
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_005298A00_2_005298A0
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_0052C0A00_2_0052C0A0
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_005278A00_2_005278A0
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_0053F0A00_2_0053F0A0
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_0054C1500_2_0054C150
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_005441500_2_00544150
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_0052A1600_2_0052A160
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_005331000_2_00533100
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_005579300_2_00557930
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_0054D1D00_2_0054D1D0
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_005549E00_2_005549E0
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_005259900_2_00525990
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_005409800_2_00540980
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_005461800_2_00546180
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_0052E9B00_2_0052E9B0
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_005361A00_2_005361A0
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_005499A00_2_005499A0
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_0052B2400_2_0052B240
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_005292700_2_00529270
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_005432600_2_00543260
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_005342100_2_00534210
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_005352100_2_00535210
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_0054E2200_2_0054E220
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_00565AC00_2_00565AC0
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_00535AE00_2_00535AE0
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_005312E00_2_005312E0
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_0054F2E00_2_0054F2E0
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_00527A800_2_00527A80
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_0052F2800_2_0052F280
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_00538A800_2_00538A80
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_00534AB00_2_00534AB0
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_0052D2A00_2_0052D2A0
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_00528B500_2_00528B50
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_0055FB500_2_0055FB50
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_005593500_2_00559350
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_005383400_2_00538340
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_00558B400_2_00558B40
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_005803420_2_00580342
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_00545B600_2_00545B60
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_005653100_2_00565310
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_005563000_2_00556300
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_005263200_2_00526320
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_00526B200_2_00526B20
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_005283200_2_00528320
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_0053E3200_2_0053E320
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_0053F3C00_2_0053F3C0
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_0053B3F00_2_0053B3F0
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_005623E00_2_005623E0
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_005533800_2_00553380
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_005554700_2_00555470
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_00542C600_2_00542C60
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_00557C100_2_00557C10
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_0054141E0_2_0054141E
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_0055D4D00_2_0055D4D0
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_0052FCC00_2_0052FCC0
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_00544CC00_2_00544CC0
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_0057E4C80_2_0057E4C8
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_0055BCF00_2_0055BCF0
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_00540CE00_2_00540CE0
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_00541CE00_2_00541CE0
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_00558CE00_2_00558CE0
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_005334900_2_00533490
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_0055A4900_2_0055A490
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_00533CA00_2_00533CA0
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_005384A00_2_005384A0
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_0055F5500_2_0055F550
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_0052B5400_2_0052B540
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_0052CD700_2_0052CD70
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_0054E5100_2_0054E510
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_0053A5200_2_0053A520
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_005355D00_2_005355D0
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_00553DD00_2_00553DD0
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_0054A5C00_2_0054A5C0
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_005595C00_2_005595C0
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_00559DC00_2_00559DC0
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_005605F00_2_005605F0
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_00543DE00_2_00543DE0
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_005235800_2_00523580
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_005395800_2_00539580
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_0053BD800_2_0053BD80
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_005645800_2_00564580
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_005295B00_2_005295B0
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_0055EDA00_2_0055EDA0
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_005286100_2_00528610
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_005266000_2_00526600
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_00565E000_2_00565E00
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_0055AE300_2_0055AE30
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_005386200_2_00538620
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_0055FE200_2_0055FE20
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_005326F00_2_005326F0
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_0055D6E00_2_0055D6E0
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_0054EE900_2_0054EE90
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_005426900_2_00542690
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_005656900_2_00565690
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_005686BA0_2_005686BA
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_00535EA00_2_00535EA0
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_005437400_2_00543740
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_00525F700_2_00525F70
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_0055B7700_2_0055B770
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_0055A7600_2_0055A760
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_00558F100_2_00558F10
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_005257000_2_00525700
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_00551F000_2_00551F00
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_00527F300_2_00527F30
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_00538F200_2_00538F20
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_00544FF00_2_00544FF0
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_0052F7E00_2_0052F7E0
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_00572FE00_2_00572FE0
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_0053CF900_2_0053CF90
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_0052DF800_2_0052DF80
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_0052C7800_2_0052C780
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_0041F8532_2_0041F853
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_0044B07D2_2_0044B07D
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_004488102_2_00448810
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_0040E8C02_2_0040E8C0
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_0044D1602_2_0044D160
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_0041EB152_2_0041EB15
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_004293C02_2_004293C0
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_0040DC222_2_0040DC22
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_00437C3B2_2_00437C3B
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_0044DCE02_2_0044DCE0
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_00415CEE2_2_00415CEE
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_00444C802_2_00444C80
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_004305602_2_00430560
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_00410D6E2_2_00410D6E
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_004385102_2_00438510
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_0041AD302_2_0041AD30
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_004216702_2_00421670
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_004177002_2_00417700
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_004010402_2_00401040
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_004380552_2_00438055
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_0043806B2_2_0043806B
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_0042F8102_2_0042F810
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_004338102_2_00433810
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_004270202_2_00427020
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_0044C8202_2_0044C820
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_0043D0D02_2_0043D0D0
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_0040D8E02_2_0040D8E0
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_004468A02_2_004468A0
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_0043B0B62_2_0043B0B6
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_0044D9402_2_0044D940
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_004441402_2_00444140
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_0041B9492_2_0041B949
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_0042114F2_2_0042114F
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_0043215F2_2_0043215F
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_0043E1022_2_0043E102
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_004141062_2_00414106
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_0043F9202_2_0043F920
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_004491302_2_00449130
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_004379C12_2_004379C1
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_0041EB152_2_0041EB15
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_004309D02_2_004309D0
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_004249802_2_00424980
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_004361A02_2_004361A0
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_0043DA4B2_2_0043DA4B
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_0041CA5F2_2_0041CA5F
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_00408A702_2_00408A70
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_00402AD02_2_00402AD0
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_0040A2F02_2_0040A2F0
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_00432A852_2_00432A85
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_0042D2882_2_0042D288
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_0042DAB02_2_0042DAB0
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_0041FAB72_2_0041FAB7
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_00416B422_2_00416B42
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_0042A3702_2_0042A370
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_0043A3742_2_0043A374
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_0040F31E2_2_0040F31E
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_004338102_2_00433810
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_004253D02_2_004253D0
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_004113D62_2_004113D6
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_004203F92_2_004203F9
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_004443A02_2_004443A0
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_00430BB92_2_00430BB9
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_0042DC402_2_0042DC40
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_0043FC402_2_0043FC40
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_0040D4502_2_0040D450
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_004434742_2_00443474
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_0043C4D22_2_0043C4D2
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_00445CD02_2_00445CD0
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_0042DCF22_2_0042DCF2
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_0042FC8D2_2_0042FC8D
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_0041C4B22_2_0041C4B2
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_00424D402_2_00424D40
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_00420D602_2_00420D60
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_00407D702_2_00407D70
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_004035102_2_00403510
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_004095102_2_00409510
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_0040CD202_2_0040CD20
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_004465202_2_00446520
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_0044C5282_2_0044C528
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_00429D302_2_00429D30
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_0040FDC02_2_0040FDC0
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_004235F02_2_004235F0
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_00442E482_2_00442E48
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_0044CE502_2_0044CE50
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_0044D6102_2_0044D610
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_0040C6302_2_0040C630
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_0041CECE2_2_0041CECE
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_0040BED02_2_0040BED0
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_0040B6802_2_0040B680
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_0042B6832_2_0042B683
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_004286802_2_00428680
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_0043BE942_2_0043BE94
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_00403EB02_2_00403EB0
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_0041D6BE2_2_0041D6BE
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_004327422_2_00432742
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_004257402_2_00425740
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_00423F602_2_00423F60
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_0041CF022_2_0041CF02
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_0040F7282_2_0040F728
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_0041E7362_2_0041E736
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_004397C72_2_004397C7
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_00432FCD2_2_00432FCD
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_00410FF02_2_00410FF0
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_004317FA2_2_004317FA
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_004427852_2_00442785
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_0044C7802_2_0044C780
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_00408F902_2_00408F90
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_004047922_2_00404792
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_0042D7902_2_0042D790
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_0052B8502_2_0052B850
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_005378402_2_00537840
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_005410702_2_00541070
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_0056D07A2_2_0056D07A
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_0055E8602_2_0055E860
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_005210002_2_00521000
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_0055A0002_2_0055A000
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_0052A8302_2_0052A830
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_0053F8202_2_0053F820
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_005358D02_2_005358D0
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_0054C8D02_2_0054C8D0
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_0054A0C02_2_0054A0C0
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_005650C02_2_005650C0
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_0053A8902_2_0053A890
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_0054F8902_2_0054F890
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_005270B02_2_005270B0
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_005500B02_2_005500B0
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_005610B02_2_005610B0
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_005278A02_2_005278A0
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_0052C0A02_2_0052C0A0
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_005298A02_2_005298A0
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_0053F0A02_2_0053F0A0
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_005441502_2_00544150
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_0054C1502_2_0054C150
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_0052A1602_2_0052A160
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_005331002_2_00533100
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_005579302_2_00557930
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_0054D1D02_2_0054D1D0
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_005549E02_2_005549E0
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_005259902_2_00525990
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_005409802_2_00540980
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_005461802_2_00546180
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_0052E9B02_2_0052E9B0
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_005361A02_2_005361A0
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_005499A02_2_005499A0
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_0052B2402_2_0052B240
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_005292702_2_00529270
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_005432602_2_00543260
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_00523A102_2_00523A10
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_005352102_2_00535210
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_005342102_2_00534210
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_0054E2202_2_0054E220
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_00565AC02_2_00565AC0
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_00535AE02_2_00535AE0
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_005312E02_2_005312E0
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_0054F2E02_2_0054F2E0
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_00527A802_2_00527A80
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_0052F2802_2_0052F280
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_00538A802_2_00538A80
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_00534AB02_2_00534AB0
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_0052D2A02_2_0052D2A0
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_00528B502_2_00528B50
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_0055FB502_2_0055FB50
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_005593502_2_00559350
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_005383402_2_00538340
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_00558B402_2_00558B40
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_005803422_2_00580342
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_00545B602_2_00545B60
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_005653102_2_00565310
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_005563002_2_00556300
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_005263202_2_00526320
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_00526B202_2_00526B20
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_005283202_2_00528320
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_0053E3202_2_0053E320
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_0053F3C02_2_0053F3C0
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_0053B3F02_2_0053B3F0
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_005413E02_2_005413E0
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_005623E02_2_005623E0
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_005533802_2_00553380
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_0054CBB02_2_0054CBB0
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_0054D4702_2_0054D470
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_005554702_2_00555470
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_00542C602_2_00542C60
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_00557C102_2_00557C10
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_0055D4D02_2_0055D4D0
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_0052FCC02_2_0052FCC0
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_00544CC02_2_00544CC0
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_0057E4C82_2_0057E4C8
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_0055BCF02_2_0055BCF0
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_00540CE02_2_00540CE0
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_00541CE02_2_00541CE0
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_00558CE02_2_00558CE0
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_005334902_2_00533490
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_0055A4902_2_0055A490
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_00533CA02_2_00533CA0
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_005384A02_2_005384A0
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_0055F5502_2_0055F550
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_0052B5402_2_0052B540
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_0052CD702_2_0052CD70
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_0054E5102_2_0054E510
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_0053A5202_2_0053A520
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_005355D02_2_005355D0
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_00553DD02_2_00553DD0
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_0054A5C02_2_0054A5C0
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_00559DC02_2_00559DC0
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_005595C02_2_005595C0
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_005605F02_2_005605F0
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_00543DE02_2_00543DE0
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_005235802_2_00523580
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_0053BD802_2_0053BD80
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_005395802_2_00539580
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_005645802_2_00564580
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_005295B02_2_005295B0
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_0055EDA02_2_0055EDA0
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_005286102_2_00528610
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_005266002_2_00526600
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_00565E002_2_00565E00
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_0055AE302_2_0055AE30
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_005386202_2_00538620
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_0055FE202_2_0055FE20
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_005326F02_2_005326F0
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_0055D6E02_2_0055D6E0
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_005426902_2_00542690
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_0054EE902_2_0054EE90
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_005656902_2_00565690
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_005686BA2_2_005686BA
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_00535EA02_2_00535EA0
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_005437402_2_00543740
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_00525F702_2_00525F70
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_0055B7702_2_0055B770
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_0055A7602_2_0055A760
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_00558F102_2_00558F10
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_005257002_2_00525700
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_00551F002_2_00551F00
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_00527F302_2_00527F30
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_00538F202_2_00538F20
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_00544FF02_2_00544FF0
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_0052F7E02_2_0052F7E0
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_00572FE02_2_00572FE0
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_0053CF902_2_0053CF90
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_0052DF802_2_0052DF80
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_0052C7802_2_0052C780
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: String function: 00568BC0 appears 102 times
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: String function: 00570E2C appears 46 times
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: String function: 0041AD20 appears 89 times
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: String function: 00575BD4 appears 34 times
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: String function: 0040B2E0 appears 60 times
                Source: EasyWay.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: EasyWay.exeStatic PE information: Section: .bss ZLIB complexity 1.000333325987306
                Source: EasyWay.exeStatic PE information: Section: .bss ZLIB complexity 1.000333325987306
                Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@4/0@16/9
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_00444C80 CoCreateInstance,SysAllocString,CoSetProxyBlanket,SysAllocString,SysAllocString,VariantInit,VariantClear,SysFreeString,SysFreeString,SysFreeString,SysFreeString,GetVolumeInformationW,2_2_00444C80
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8632:120:WilError_03
                Source: EasyWay.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: C:\Users\user\Desktop\EasyWay.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: EasyWay.exe, 00000002.00000003.2243198255.0000000003B93000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2242858730.0000000003BAA000.00000004.00000800.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2173722507.000000000149D000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2173450835.0000000003BDC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                Source: EasyWay.exeVirustotal: Detection: 34%
                Source: EasyWay.exeReversingLabs: Detection: 39%
                Source: C:\Users\user\Desktop\EasyWay.exeFile read: C:\Users\user\Desktop\EasyWay.exeJump to behavior
                Source: unknownProcess created: C:\Users\user\Desktop\EasyWay.exe "C:\Users\user\Desktop\EasyWay.exe"
                Source: C:\Users\user\Desktop\EasyWay.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: C:\Users\user\Desktop\EasyWay.exeProcess created: C:\Users\user\Desktop\EasyWay.exe "C:\Users\user\Desktop\EasyWay.exe"
                Source: C:\Users\user\Desktop\EasyWay.exeProcess created: C:\Users\user\Desktop\EasyWay.exe "C:\Users\user\Desktop\EasyWay.exe"Jump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeSection loaded: webio.dllJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeSection loaded: winnsi.dllJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeSection loaded: schannel.dllJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeSection loaded: mskeyprotect.dllJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeSection loaded: ntasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeSection loaded: ncrypt.dllJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeSection loaded: ncryptsslp.dllJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeSection loaded: wbemcomn.dllJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: EasyWay.exeStatic file information: File size 1219072 > 1048576
                Source: EasyWay.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_0055CA05 pushfd ; ret 0_2_0055CA09
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_0055CC5D push 89D0F735h; ret 0_2_0055CC65
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_00568D7A push ecx; ret 0_2_00568D8D
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_00455447 push eax; retf 2_2_00455448
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_00453C38 push ebx; ret 2_2_00453C45
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_004554FD push edx; ret 2_2_0045552F
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_0055CA05 pushfd ; ret 2_2_0055CA09
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_0055CC5D push 89D0F735h; ret 2_2_0055CC65
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_00568D7A push ecx; ret 2_2_00568D8D
                Source: EasyWay.exeStatic PE information: section name: .text entropy: 7.087634248192435
                Source: C:\Users\user\Desktop\EasyWay.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                Malware Analysis System Evasion

                barindex
                Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
                Source: C:\Users\user\Desktop\EasyWay.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_VideoController
                Query firmware table information (likely to detect VMs)
                Source: C:\Users\user\Desktop\EasyWay.exeSystem information queried: FirmwareTableInformationJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeWindow / User API: threadDelayed 3074Jump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exe TID: 8700Thread sleep time: -90000s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exe TID: 3200Thread sleep count: 3074 > 30Jump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
                Source: C:\Users\user\Desktop\EasyWay.exeLast function: Thread delayed
                Source: C:\Users\user\Desktop\EasyWay.exeLast function: Thread delayed
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_0057AA8E FindFirstFileExW,0_2_0057AA8E
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_0057AB3F FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_0057AB3F
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_0057AA8E FindFirstFileExW,2_2_0057AA8E
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_0057AB3F FindFirstFileExW,FindNextFileW,FindClose,FindClose,2_2_0057AB3F
                Source: EasyWay.exe, 00000002.00000003.2243337618.0000000003BD8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696428655x
                Source: EasyWay.exe, 00000002.00000003.2243337618.0000000003BD8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696428655f
                Source: EasyWay.exe, 00000002.00000003.2243337618.0000000003BD8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696428655d
                Source: EasyWay.exe, 00000002.00000003.2243337618.0000000003BD8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
                Source: EasyWay.exe, 00000002.00000003.2243337618.0000000003BD8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696428655
                Source: EasyWay.exe, 00000002.00000003.2243337618.0000000003BDD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: - GDCDYNVMware20,11696428655p
                Source: EasyWay.exe, 00000002.00000003.2243337618.0000000003BD8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696428655}
                Source: EasyWay.exe, 00000002.00000003.2242239956.0000000001407000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2596124351.0000000001407000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280734084.0000000001407000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000002.3163592074.00000000013CD000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2319117549.0000000001407000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2467850577.0000000001407000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2388328254.0000000001407000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2244122202.0000000001407000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2475363979.0000000001407000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2318388888.0000000001407000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000002.3163592074.0000000001407000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                Source: EasyWay.exe, 00000002.00000003.2243337618.0000000003BD8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
                Source: EasyWay.exe, 00000002.00000003.2243337618.0000000003BD8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
                Source: EasyWay.exe, 00000002.00000003.2243337618.0000000003BD8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696428655u
                Source: EasyWay.exe, 00000002.00000003.2243337618.0000000003BD8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696428655|UE
                Source: EasyWay.exe, 00000002.00000003.2243337618.0000000003BD8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696428655}
                Source: EasyWay.exe, 00000002.00000003.2243337618.0000000003BD8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
                Source: EasyWay.exe, 00000002.00000003.2243337618.0000000003BD8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
                Source: EasyWay.exe, 00000002.00000003.2243337618.0000000003BD8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696428655t
                Source: EasyWay.exe, 00000002.00000003.2243337618.0000000003BD8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696428655x
                Source: EasyWay.exe, 00000002.00000003.2243337618.0000000003BD8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655
                Source: EasyWay.exe, 00000002.00000003.2243337618.0000000003BD8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696428655s
                Source: EasyWay.exe, 00000002.00000003.2243337618.0000000003BD8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
                Source: EasyWay.exe, 00000002.00000003.2243337618.0000000003BD8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696428655
                Source: EasyWay.exe, 00000002.00000003.2243337618.0000000003BD8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696428655
                Source: EasyWay.exe, 00000002.00000003.2243337618.0000000003BD8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696428655o
                Source: EasyWay.exe, 00000002.00000003.2243337618.0000000003BD8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
                Source: EasyWay.exe, 00000002.00000003.2243337618.0000000003BD8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696428655t
                Source: EasyWay.exe, 00000002.00000003.2243337618.0000000003BD8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696428655
                Source: EasyWay.exe, 00000002.00000003.2243337618.0000000003BD8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
                Source: EasyWay.exe, 00000002.00000003.2243337618.0000000003BD8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696428655j
                Source: EasyWay.exe, 00000002.00000003.2243337618.0000000003BD8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696428655
                Source: EasyWay.exe, 00000002.00000003.2243337618.0000000003BD8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696428655]
                Source: EasyWay.exe, 00000002.00000003.2242239956.0000000001407000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2596124351.0000000001407000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2280734084.0000000001407000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2319117549.0000000001407000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2467850577.0000000001407000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2388328254.0000000001407000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2244122202.0000000001407000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2475363979.0000000001407000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2318388888.0000000001407000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000002.3163592074.0000000001407000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2469024944.0000000001407000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWJ
                Source: EasyWay.exe, 00000002.00000003.2243337618.0000000003BD8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696428655x
                Source: EasyWay.exe, 00000002.00000003.2243337618.0000000003BD8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696428655h
                Source: EasyWay.exe, 00000002.00000003.2243337618.0000000003BD8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696428655
                Source: C:\Users\user\Desktop\EasyWay.exeAPI call chain: ExitProcess graph end node
                Source: C:\Users\user\Desktop\EasyWay.exeProcess information queried: ProcessInformationJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_0044A860 LdrInitializeThunk,2_2_0044A860
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_00568A4E IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00568A4E
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_005911B4 mov edi, dword ptr fs:[00000030h]0_2_005911B4
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_005764CC GetProcessHeap,0_2_005764CC
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_00568A42 SetUnhandledExceptionFilter,0_2_00568A42
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_00568A4E IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00568A4E
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_00570B7E IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00570B7E
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_00568692 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00568692
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_00568A42 SetUnhandledExceptionFilter,2_2_00568A42
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_00568A4E IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00568A4E
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_00570B7E IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00570B7E
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 2_2_00568692 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00568692

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Contains functionality to inject code into remote processes
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_005911B4 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,CreateProcessW,CreateProcessW,VirtualAlloc,VirtualAlloc,GetThreadContext,Wow64GetThreadContext,ReadProcessMemory,ReadProcessMemory,VirtualAllocEx,VirtualAllocEx,GetProcAddress,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,SetThreadContext,Wow64SetThreadContext,ResumeThread,ResumeThread,0_2_005911B4
                Injects a PE file into a foreign processes
                Source: C:\Users\user\Desktop\EasyWay.exeMemory written: C:\Users\user\Desktop\EasyWay.exe base: 400000 value starts with: 4D5AJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeProcess created: C:\Users\user\Desktop\EasyWay.exe "C:\Users\user\Desktop\EasyWay.exe"Jump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: EnumSystemLocalesW,0_2_0057A049
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,0_2_0057A0E4
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: GetLocaleInfoW,0_2_005758BC
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: EnumSystemLocalesW,0_2_0057A337
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: GetLocaleInfoW,0_2_0057A396
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: EnumSystemLocalesW,0_2_0057A46B
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: GetLocaleInfoW,0_2_0057A4B6
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,0_2_0057A55D
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,0_2_00579DF8
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: EnumSystemLocalesW,0_2_00575DB7
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: GetLocaleInfoW,0_2_0057A663
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: EnumSystemLocalesW,2_2_0057A049
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,2_2_0057A0E4
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: GetLocaleInfoW,2_2_005758BC
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: EnumSystemLocalesW,2_2_0057A337
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: GetLocaleInfoW,2_2_0057A396
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: EnumSystemLocalesW,2_2_0057A46B
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: GetLocaleInfoW,2_2_0057A4B6
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,2_2_0057A55D
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,2_2_00579DF8
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: EnumSystemLocalesW,2_2_00575DB7
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: GetLocaleInfoW,2_2_0057A663
                Source: C:\Users\user\Desktop\EasyWay.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeCode function: 0_2_00569487 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00569487
                Source: C:\Users\user\Desktop\EasyWay.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                Source: EasyWay.exe, 00000002.00000003.2469024944.00000000013FC000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2475317821.000000000148F000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2468954492.0000000001487000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2475363979.0000000001407000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2596040246.00000000013FD000.00000004.00000020.00020000.00000000.sdmp, EasyWay.exe, 00000002.00000003.2469024944.0000000001407000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
                Source: C:\Users\user\Desktop\EasyWay.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

                Stealing of Sensitive Information

                barindex
                Yara detected LummaC Stealer
                Source: Yara matchFile source: Process Memory Space: EasyWay.exe PID: 8676, type: MEMORYSTR
                Source: Yara matchFile source: 2.2.EasyWay.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.EasyWay.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000002.00000002.3163167776.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.1310600652.0000000000C7A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Found many strings related to Crypto-Wallets (likely being stolen)
                Source: EasyWay.exe, 00000002.00000003.2318388888.000000000145F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: C:\Users\user\AppData\Roaming\Electrum\wallets
                Source: EasyWay.exe, 00000002.00000003.2318388888.000000000145F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Roaming\ElectronCash\wallets
                Source: EasyWay.exe, 00000002.00000003.2318388888.000000000145F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Jaxx Liberty
                Source: EasyWay.exe, 00000002.00000003.2318388888.000000000145F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: ger-print.fp","simple-storage.json","window-state.json"],"z":"Wallets/Binanc
                Source: EasyWay.exe, 00000002.00000003.2318388888.000000000145F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: a%\\Exodus\\exodus.wallet","m":["*"],"z":"Wallets/Exodus","d":0,"fs":2097152
                Source: EasyWay.exe, 00000002.00000003.2476022030.0000000001481000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: ExodusWeb3r
                Source: EasyWay.exe, 00000002.00000003.2318388888.000000000145F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: um","m":["keystore"],"z":"Wallets/Ethereum","d":1,"fs":20971520},{"t":0,"p":P
                Source: EasyWay.exe, 00000002.00000003.2318388888.000000000145F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %localappdata%\Coinomi\Coinomi\wallets
                Source: EasyWay.exe, 00000002.00000003.2318388888.000000000145F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: um","m":["keystore"],"z":"Wallets/Ethereum","d":1,"fs":20971520},{"t":0,"p":P
                Tries to harvest and steal browser information (history, passwords, etc)
                Source: C:\Users\user\Desktop\EasyWay.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbnJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchhJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjpJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cert9.dbJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcelljJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbicJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcgeJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfddJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgppJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihdJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpoJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnfJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihohJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclgJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqliteJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkmJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoaddJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpaJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifbJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilcJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblbJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpiJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaadJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpakJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapacJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdafJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnknoJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmjJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\formhistory.sqliteJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkpJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdilJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdmaJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbchJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcmJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklkJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdmJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoaJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkldJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgefJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbbJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhiJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\ProfilesJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnidJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffneJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimigJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafaJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncgJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For AccountJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjhJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgikJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolbJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdphJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcjeJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopgJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnbaJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhaeJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdoJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjehJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfciJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\prefs.jsJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliofJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmonJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhmJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjihJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhadJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflcJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajbJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappaflnJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\abogmiocnneedmmepnohnhlijcjpcifdJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnmJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemgJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneecJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\logins.jsonJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknnJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdnoJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgnJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbchJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimnJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbgJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjkJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahdJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhkJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofecJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeapJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfeJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbmJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaocJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoaJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqliteJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgkJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkdJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\key4.dbJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfjJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolafJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohaoJump to behavior
                Tries to harvest and steal ftp login credentials
                Source: C:\Users\user\Desktop\EasyWay.exeFile opened: C:\Users\user\AppData\Roaming\FTPboxJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeFile opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\FavoritesJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeFile opened: C:\Users\user\AppData\Roaming\FTPGetterJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeFile opened: C:\Users\user\AppData\Roaming\Conceptworld\NotezillaJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeFile opened: C:\Users\user\AppData\Roaming\FTPInfoJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeFile opened: C:\ProgramData\SiteDesigner\3D-FTPJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeFile opened: C:\Users\user\AppData\Roaming\FTPRushJump to behavior
                Tries to steal Crypto Currency Wallets
                Source: C:\Users\user\Desktop\EasyWay.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeFile opened: C:\Users\user\AppData\Roaming\Ledger LiveJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldbJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\walletsJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeFile opened: C:\Users\user\AppData\Roaming\BinanceJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDBJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\walletsJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\walletsJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDBJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeDirectory queried: C:\Users\user\Documents\BJZFPPWAPTJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeDirectory queried: C:\Users\user\Documents\BJZFPPWAPTJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeDirectory queried: C:\Users\user\Documents\IPKGELNTQYJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeDirectory queried: C:\Users\user\Documents\IPKGELNTQYJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeDirectory queried: C:\Users\user\Documents\SFPUSAFIOLJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeDirectory queried: C:\Users\user\Documents\SFPUSAFIOLJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeDirectory queried: C:\Users\user\Documents\SUAVTZKNFLJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeDirectory queried: C:\Users\user\Documents\SUAVTZKNFLJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeDirectory queried: C:\Users\user\Documents\QCFWYSKMHAJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeDirectory queried: C:\Users\user\Documents\QCFWYSKMHAJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeDirectory queried: C:\Users\user\Documents\BJZFPPWAPTJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeDirectory queried: C:\Users\user\Documents\BJZFPPWAPTJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeDirectory queried: C:\Users\user\Documents\IPKGELNTQYJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeDirectory queried: C:\Users\user\Documents\IPKGELNTQYJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeDirectory queried: C:\Users\user\Documents\NVWZAPQSQLJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeDirectory queried: C:\Users\user\Documents\NVWZAPQSQLJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeDirectory queried: C:\Users\user\Documents\BJZFPPWAPTJump to behavior
                Source: C:\Users\user\Desktop\EasyWay.exeDirectory queried: C:\Users\user\Documents\BJZFPPWAPTJump to behavior
                Source: Yara matchFile source: 00000002.00000003.2391723882.000000000146F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000003.2244122202.000000000145F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000003.2318388888.000000000145F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000003.2280734084.000000000145F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000003.2319117549.000000000145F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000003.2388328254.0000000001467000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000003.2319117549.0000000001407000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000003.2467850577.0000000001407000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000003.2242239956.000000000145F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000003.2388328254.0000000001407000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000003.2318388888.0000000001407000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: EasyWay.exe PID: 8676, type: MEMORYSTR

                Remote Access Functionality

                barindex
                Yara detected LummaC Stealer
                Source: Yara matchFile source: Process Memory Space: EasyWay.exe PID: 8676, type: MEMORYSTR
                Source: Yara matchFile source: 2.2.EasyWay.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.EasyWay.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000002.00000002.3163167776.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.1310600652.0000000000C7A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire InfrastructureValid Accounts12
                Windows Management Instrumentation                		1
                DLL Side-Loading                		211
                Process Injection                		21
                Virtualization/Sandbox Evasion                		2
                OS Credential Dumping                		1
                System Time Discovery                		Remote Services1
                Screen Capture                		21
                Encrypted Channel                		Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
                DLL Side-Loading                		211
                Process Injection                		LSASS Memory241
                Security Software Discovery                		Remote Desktop Protocol1
                Archive Collected Data                		1
                Ingress Tool Transfer                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
                Deobfuscate/Decode Files or Information                		Security Account Manager21
                Virtualization/Sandbox Evasion                		SMB/Windows Admin Shares41
                Data from Local System                		3
                Non-Application Layer Protocol                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook4
                Obfuscated Files or Information                		NTDS1
                Process Discovery                		Distributed Component Object Model3
                Clipboard Data                		14
                Application Layer Protocol                		Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script2
                Software Packing                		LSA Secrets1
                Application Window Discovery                		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                DLL Side-Loading                		Cached Domain Credentials11
                File and Directory Discovery                		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup ItemsCompile After DeliveryDCSync33
                System Information Discovery                		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.