Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Howard.exe

Overview

General Information

Sample name:Howard.exe
Analysis ID:1614812
MD5:262dfb3c2333afb399b1a384fa65bdeb
SHA1:4814f86089987b8bd083cf6212c3cb7d2ace58f6
SHA256:80a2df6d67c251c6ae13dae5e9189500f9f22ed52928e6484082413ccf9e14db
Tags:de-pumpedexeuser-abuse_ch
Infos:

Detection

Vidar
Score:100
Range:0 - 100
Confidence:100%

Signatures

Antivirus detection for URL or domain
Found malware configuration
Malicious sample detected (through community Yara rule)
Yara detected Vidar stealer
.NET source code contains potential unpacker
C2 URLs / IPs found in malware configuration
Injects a PE file into a foreign processes
Joe Sandbox ML detected suspicious sample
Sigma detected: Silenttrinity Stager Msbuild Activity
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Writes to foreign memory regions
Yara detected Costura Assembly Loader
Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to dynamically determine API calls
Contains functionality to launch a program with higher privileges
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to simulate keystroke presses
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
PE file contains an invalid checksum
PE file contains executable resources (Code or Archives)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Uses the system / local time for branch decision (may execute only at specific dates)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • Howard.exe (PID: 7380 cmdline: "C:\Users\user\Desktop\Howard.exe" MD5: 262DFB3C2333AFB399B1A384FA65BDEB)
    • MSBuild.exe (PID: 7504 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe" MD5: 8FDF47E0FF70C40ED3A17014AEEA4232)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
VidarVidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: Vidar

{"C2 url": "https://steamcommunity.com/profiles/76561199824159981", "Botnet": "a110mgz"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.1901284007.0000000005E20000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
    00000000.00000002.1899854955.0000000003F29000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
      00000000.00000002.1884214848.0000000002416000.00000040.00000020.00020000.00000000.sdmpWindows_Trojan_Donutloader_f40e3759unknownunknown
      • 0x1172aa:$x64: 06 B8 03 40 00 80 C3 4C 8B 49 10 49
      • 0x11a840:$x86: 04 75 EE 89 31 F0 FF 46 04 33 C0 EB
      00000000.00000002.1885193672.0000000002DC1000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
        00000000.00000002.1899854955.0000000004009000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
          Click to see the 4 entries

          Unpacked PEs

          SourceRuleDescriptionAuthorStrings
          0.2.Howard.exe.3f897a7.8.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
            1.2.MSBuild.exe.700000.0.unpackJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
              1.2.MSBuild.exe.700000.0.unpackinfostealer_win_vidar_strings_nov23Finds Vidar samples based on the specific stringsSekoia.io
              • 0x19f7f:$str01: MachineID:
              • 0x18f4f:$str02: Work Dir: In memory
              • 0x1a027:$str03: [Hardware]
              • 0x19f68:$str04: VideoCard:
              • 0x196c0:$str05: [Processes]
              • 0x196cc:$str06: [Software]
              • 0x18fe0:$str07: information.txt
              • 0x19cbc:$str08: %s\*
              • 0x19d09:$str08: %s\*
              • 0x191fd:$str11: Software\Martin Prikryl\WinSCP 2\Configuration
              • 0x19592:$str12: UseMasterPassword
              • 0x1a033:$str13: Soft: WinSCP
              • 0x19a6b:$str14: <Pass encoding="base64">
              • 0x1a016:$str15: Soft: FileZilla
              • 0x18fd2:$str16: passwords.txt
              • 0x195bd:$str17: build_id
              • 0x19684:$str18: file_data
              0.2.Howard.exe.5e20000.13.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
                0.2.Howard.exe.5e20000.13.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
                  Click to see the 6 entries

                  Sigma Signatures

                  System Summary

                  barindex
                  Sigma detected: Silenttrinity Stager Msbuild Activity
                  Source: Network ConnectionAuthor: Kiran kumar s, oscd.community: Data: DestinationIp: 149.154.167.99, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe, Initiated: true, ProcessId: 7504, Protocol: tcp, SourceIp: 192.168.2.4, SourceIsIpv6: false, SourcePort: 49731

                  Suricata Signatures

                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2025-02-14T06:31:23.386495+010020287653Unknown Traffic192.168.2.45726995.216.180.186443TCP
                  2025-02-14T06:32:09.825347+010020287653Unknown Traffic192.168.2.44973695.216.180.186443TCP
                  2025-02-14T06:32:45.777565+010020287653Unknown Traffic192.168.2.44975395.216.180.186443TCP

                  Joe Sandbox Signatures

                  Click to jump to signature section

                  Show All Signature Results

                  AV Detection

                  barindex
                  Antivirus detection for URL or domain
                  Source: https://opbafindi.com/EAvira URL Cloud: Label: malware
                  Source: https://95.216.180.186/)Avira URL Cloud: Label: malware
                  Source: https://95.216.180.186/0Avira URL Cloud: Label: malware
                  Source: https://95.216.180.186/4Avira URL Cloud: Label: malware
                  Source: https://opbafindi.comAvira URL Cloud: Label: malware
                  Found malware configuration
                  Source: 00000000.00000002.1899854955.0000000003E5B000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: Vidar {"C2 url": "https://steamcommunity.com/profiles/76561199824159981", "Botnet": "a110mgz"}
                  Joe Sandbox ML detected suspicious sample
                  Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                  Source: C:\Users\user\Desktop\Howard.exeCode function: 0_2_0042B040 CryptAcquireContextW,CryptDestroyHash,CryptCreateHash,CryptHashData,CryptDeriveKey,CryptDestroyHash,CryptDecrypt,CryptDestroyKey,CryptDestroyHash,CryptReleaseContext,0_2_0042B040
                  Source: C:\Users\user\Desktop\Howard.exeCode function: 0_2_0042B140 CryptAcquireContextW,CryptCreateHash,CryptHashData,CryptGetHashParam,CryptGetHashParam,CryptGetHashParam,GetLastError,GetLastError,GetLastError,CryptDestroyHash,CryptReleaseContext,0_2_0042B140
                  Source: C:\Users\user\Desktop\Howard.exeCode function: 0_2_0042ADE0 CryptAcquireContextW,CryptGenRandom,CryptReleaseContext,0_2_0042ADE0
                  Source: C:\Users\user\Desktop\Howard.exeCode function: 0_2_0042AEC0 CryptAcquireContextW,CryptCreateHash,CryptHashData,CryptDeriveKey,CryptDestroyHash,CryptEncrypt,CryptEncrypt,CryptDestroyKey,CryptDestroyHash,CryptReleaseContext,0_2_0042AEC0
                  Source: Howard.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
                  Source: unknownHTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.4:49731 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 23.197.127.21:443 -> 192.168.2.4:49733 version: TLS 1.2
                  Source: Binary string: A{"id":1,"method":"Storage.getCookies"}|.tgz.gzSecurityHistoryWork Dir: In memorySOFTWARE\Microsoft\Cryptographyfirefox%08lX%04lX%lu_key.txtSoft\Steam\steam_tokens.txt\Discord\tokens.txtpasswords.txtinformation.txtlocalhostWebSocketClient" & exitGdipGetImageHeightSoftGdipGetImagePixelFormatN0ZWFt\Monero\wallet.keysAzure\.awsstatusWallets_CreateProcessGdipGetImageEncodershttpsSoftware\Martin Prikryl\WinSCP 2\SessionsPlugins/devtoolsprefs.jsLocal Extension SettingsSync Extension SettingsFilescookiesCookies\BraveWallet\Preferenceskey_datas%s\%s\%sPortNumberCurrentBuildNumberGdiplusStartup.zipGdipCreateHBITMAPFromBitmapOpera Crypto.zooUnknownGdiplusShutdown/json_logins.jsoninvalid string positionSoftware\Martin Prikryl\WinSCP 2\ConfigurationDisplayVersionSOFTWARE\Microsoft\Windows NT\CurrentVersionopentokenamcommunity.comTelegramSoftware\Valve\SteamGdipSaveImageToStreamGdipLoadImageFromStream\AppData\Roaming\FileZilla\recentservers.xml.dllSOFTWARE\Microsoft\Windows\CurrentVersion\Uninstallapprove_aprilNetworkblock.arjprofiles.ini.lzhGdipGetImageWidthwallet_pathSteamPathscreenshot.jpgstring too longvector<T> too longProcessorNameStringloginusers.vdflibraryfolders.vdfconfig.vdfDialogConfig.vdfDialogConfigOverlay*.vdfGdipGetImageEncodersSizesteam.exeC:\Windows\system32\cmd.exeC:\Windows\system32\rundll32.exeBravetrueformhistory.sqlitecookies.sqliteplaces.sqliteLocal StatefalseAzure\.azureSOFTWARE\monero-project\monero-corechromefile_nameDisplayNameHostNameProductNameUserNameGdipSaveImageToFilemsal.cacheGdipDisposeImagemodeAzure\.IdentityServiceUseMasterPasswordhwidMachineGuidtask_idbuild_idCrash DetectedDisabled%dx%d%d/%d/%d %d:%d:%d.arcvdr1.pdb\Local Storage\leveldb_0.indexeddb.leveldb_formhistory.db_history.db_cookies.db_passwords.db_webdata.db_key4.db\key4.dbfile_dataLogin DataWeb DataoperaOperachrome-extension_[Processes][Software]\storage\default\\.aws\errors\\Telegram Desktop\\Steam\\config\\.azure\ Stable\\.IdentityService\\discord\/c timeout /t 10 & rd /s /q "C:\ProgramData\" & rd /s /q "C:\ProgramData\\..\.ZDISPLAYOpera GXEXCEPTION_INT_OVERFLOWEXCEPTION_FLT_OVERFLOWEXCEPTION_STACK_OVERFLOWEXCEPTION_FLT_UNDERFLOWPOSTEXCEPTION_BREAKPOINT\Local Storage\leveldb\CURRENTEXCEPTION_DATATYPE_MISALIGNMENTEXCEPTION_FLT_INEXACT_RESULTGETEXCEPTION_IN_PAGE_ERRORdQw4w9WgXcQEXCEPTION_SINGLE_STEPGdipCreateBitmapFromHBITMAPEXCEPTION_INT_DIVIDE_BY_ZEROEXCEPTION_FLT_DIVIDE_BY_ZEROEXCEPTION_NONCONTINUABLE_EXCEPTIONUNKNOWN EXCEPTIONEXCEPTION_INVALID_DISPOSITIONEXCEPTION_PRIV_INSTRUCTIONEXCEPTION_ILLEGAL_INSTRUCTIONEXCEPTION_FLT_INVALID_OPERATIONEXCEPTION_ACCESS_VIOLATIONEXCEPTION_FLT_STACK_CHECKEXCEPTION_FLT_DENORMAL_OPERANDEXCEPTION_ARRAY_BOUNDS_EXCEEDED%d MBIndexedDBOCALAPPDATA?<Host><Port><User><Pass encoding="base64">http://localhost:"webSocketDebuggerUrl":6^userContextId=4294967295465 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73ws://localhost:9223.metadata-v2comctl32gdi32:225121Windows 11HTTP/1.1HARDWARE\DESCRIPTION\System\CentralProcessor\0abcdefgh
                  Source: Binary string: C:\Users\Administrator\Desktop\vdr1\Release\vdr1.pdbA source: Howard.exe, 00000000.00000002.1885193672.0000000003247000.00000004.00000800.00020000.00000000.sdmp, Howard.exe, 00000000.00000002.1899854955.0000000003E5B000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005072720.0000000000719000.00000002.00000400.00020000.00000000.sdmp
                  Source: Binary string: q{"id":1,"method":"Storage.getCookies"}|.tgz.gzSecurityHistoryWork Dir: In memorySOFTWARE\Microsoft\Cryptographyfirefox%08lX%04lX%lu_key.txtSoft\Steam\steam_tokens.txt\Discord\tokens.txtpasswords.txtinformation.txtlocalhostWebSocketClient" & exitGdipGetImageHeightSoftGdipGetImagePixelFormatN0ZWFt\Monero\wallet.keysAzure\.awsstatusWallets_CreateProcessGdipGetImageEncodershttpsSoftware\Martin Prikryl\WinSCP 2\SessionsPlugins/devtoolsprefs.jsLocal Extension SettingsSync Extension SettingsFilescookiesCookies\BraveWallet\Preferenceskey_datas%s\%s\%sPortNumberCurrentBuildNumberGdiplusStartup.zipGdipCreateHBITMAPFromBitmapOpera Crypto.zooUnknownGdiplusShutdown/json_logins.jsoninvalid string positionSoftware\Martin Prikryl\WinSCP 2\ConfigurationDisplayVersionSOFTWARE\Microsoft\Windows NT\CurrentVersionopentokenamcommunity.comTelegramSoftware\Valve\SteamGdipSaveImageToStreamGdipLoadImageFromStream\AppData\Roaming\FileZilla\recentservers.xml.dllSOFTWARE\Microsoft\Windows\CurrentVersion\Uninstallapprove_aprilNetworkblock.arjprofiles.ini.lzhGdipGetImageWidthwallet_pathSteamPathscreenshot.jpgstring too longvector<T> too longProcessorNameStringloginusers.vdflibraryfolders.vdfconfig.vdfDialogConfig.vdfDialogConfigOverlay*.vdfGdipGetImageEncodersSizesteam.exeC:\Windows\system32\cmd.exeC:\Windows\system32\rundll32.exeBravetrueformhistory.sqlitecookies.sqliteplaces.sqliteLocal StatefalseAzure\.azureSOFTWARE\monero-project\monero-corechromefile_nameDisplayNameHostNameProductNameUserNameGdipSaveImageToFilemsal.cacheGdipDisposeImagemodeAzure\.IdentityServiceUseMasterPasswordhwidMachineGuidtask_idbuild_idCrash DetectedDisabled%dx%d%d/%d/%d %d:%d:%d.arcvdr1.pdb\Local Storage\leveldb_0.indexeddb.leveldb_formhistory.db_history.db_cookies.db_passwords.db_webdata.db_key4.db\key4.dbfile_dataLogin DataWeb DataoperaOperachrome-extension_[Processes][Software]\storage\default\\.aws\errors\\Telegram Desktop\\Steam\\config\\.azure\ Stable\\.IdentityService\\discord\/c timeout /t 10 & rd /s /q "C:\ProgramData\" & rd /s /q "C:\ProgramData\\..\.ZDISPLAYOpera GXEXCEPTION_INT_OVERFLOWEXCEPTION_FLT_OVERFLOWEXCEPTION_STACK_OVERFLOWEXCEPTION_FLT_UNDERFLOWPOSTEXCEPTION_BREAKPOINT\Local Storage\leveldb\CURRENTEXCEPTION_DATATYPE_MISALIGNMENTEXCEPTION_FLT_INEXACT_RESULTGETEXCEPTION_IN_PAGE_ERRORdQw4w9WgXcQEXCEPTION_SINGLE_STEPGdipCreateBitmapFromHBITMAPEXCEPTION_INT_DIVIDE_BY_ZEROEXCEPTION_FLT_DIVIDE_BY_ZEROEXCEPTION_NONCONTINUABLE_EXCEPTIONUNKNOWN EXCEPTIONEXCEPTION_INVALID_DISPOSITIONEXCEPTION_PRIV_INSTRUCTIONEXCEPTION_ILLEGAL_INSTRUCTIONEXCEPTION_FLT_INVALID_OPERATIONEXCEPTION_ACCESS_VIOLATIONEXCEPTION_FLT_STACK_CHECKEXCEPTION_FLT_DENORMAL_OPERANDEXCEPTION_ARRAY_BOUNDS_EXCEEDED%d MBIndexedDBOCALAPPDATA?<Host><Port><User><Pass encoding="base64">http://localhost:"webSocketDebuggerUrl":6^userContextId=4294967295465 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73ws://localhost:9223.metadata-v2comctl32gdi32:225121Windows 11HTTP/1.1HARDWARE\DESCRIPTION\System\CentralProcessor\0abcdefgh
                  Source: Binary string: vdr1.pdb source: Howard.exe, 00000000.00000002.1885193672.0000000003247000.00000004.00000800.00020000.00000000.sdmp, Howard.exe, 00000000.00000002.1899854955.0000000003E5B000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005072720.0000000000719000.00000002.00000400.00020000.00000000.sdmp
                  Source: Binary string: D:\a\_work\e\src\out\Release\WebView2Loader.dll.pdb source: Howard.exe
                  Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: Howard.exe, 00000000.00000002.1902660896.0000000006410000.00000004.08000000.00040000.00000000.sdmp, Howard.exe, 00000000.00000002.1899854955.0000000003E5B000.00000004.00000800.00020000.00000000.sdmp, Howard.exe, 00000000.00000002.1899854955.0000000003DC1000.00000004.00000800.00020000.00000000.sdmp
                  Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: Howard.exe, 00000000.00000002.1902660896.0000000006410000.00000004.08000000.00040000.00000000.sdmp, Howard.exe, 00000000.00000002.1899854955.0000000003E5B000.00000004.00000800.00020000.00000000.sdmp, Howard.exe, 00000000.00000002.1899854955.0000000003DC1000.00000004.00000800.00020000.00000000.sdmp
                  Source: Binary string: protobuf-net.pdbSHA256}Lq source: Howard.exe, 00000000.00000002.1899854955.0000000004009000.00000004.00000800.00020000.00000000.sdmp, Howard.exe, 00000000.00000002.1899854955.0000000003DC1000.00000004.00000800.00020000.00000000.sdmp, Howard.exe, 00000000.00000002.1902322964.0000000006070000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: protobuf-net.pdb source: Howard.exe, 00000000.00000002.1899854955.0000000004009000.00000004.00000800.00020000.00000000.sdmp, Howard.exe, 00000000.00000002.1899854955.0000000003DC1000.00000004.00000800.00020000.00000000.sdmp, Howard.exe, 00000000.00000002.1902322964.0000000006070000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: C:\Users\Administrator\Desktop\vdr1\Release\vdr1.pdb source: Howard.exe, 00000000.00000002.1885193672.0000000003247000.00000004.00000800.00020000.00000000.sdmp, Howard.exe, 00000000.00000002.1899854955.0000000003E5B000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005072720.0000000000719000.00000002.00000400.00020000.00000000.sdmp
                  Source: C:\Users\user\Desktop\Howard.exeCode function: 0_2_0046D8DC FindFirstFileA,GetDriveTypeA,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FindClose,GetLastError,FindClose,0_2_0046D8DC
                  Source: C:\Users\user\Desktop\Howard.exeCode function: 0_2_00429890 SetErrorMode,SetErrorMode,FindFirstFileW,GetLastError,SetErrorMode,FindNextFileW,FindClose,SetErrorMode,0_2_00429890
                  Source: C:\Users\user\Desktop\Howard.exeCode function: 0_2_00457970 FindFirstFileA,0_2_00457970
                  Source: C:\Users\user\Desktop\Howard.exeCode function: 0_2_00428FE0 Sleep,FindFirstFileW,FindNextFileW,FindClose,0_2_00428FE0

                  Networking

                  barindex
                  C2 URLs / IPs found in malware configuration
                  Source: Malware configuration extractorURLs: https://steamcommunity.com/profiles/76561199824159981
                  Source: global trafficHTTP traffic detected: GET /sok33tn HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache
                  Source: global trafficHTTP traffic detected: GET /profiles/76561199824159981 HTTP/1.1Host: steamcommunity.comConnection: Keep-AliveCache-Control: no-cache
                  Source: global trafficHTTP traffic detected: GET /sok33tn HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cacheCookie: stel_ssid=7a0ba467f1b792a039_14834849593679827492
                  Source: global trafficHTTP traffic detected: GET /profiles/76561199824159981 HTTP/1.1Host: steamcommunity.comConnection: Keep-AliveCache-Control: no-cacheCookie: sessionid=c0ba4388df99ed39a956e62f; steamCountry=US%7C185ce35c568ebbb18a145d0cabae7186
                  Source: global trafficHTTP traffic detected: GET /sok33tn HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cacheCookie: stel_ssid=7a0ba467f1b792a039_14834849593679827492
                  Source: global trafficHTTP traffic detected: GET /profiles/76561199824159981 HTTP/1.1Host: steamcommunity.comConnection: Keep-AliveCache-Control: no-cacheCookie: sessionid=c0ba4388df99ed39a956e62f; steamCountry=US%7C185ce35c568ebbb18a145d0cabae7186
                  Source: global trafficHTTP traffic detected: GET /sok33tn HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cacheCookie: stel_ssid=7a0ba467f1b792a039_14834849593679827492
                  Source: global trafficHTTP traffic detected: GET /sok33tn HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cacheCookie: stel_ssid=7a0ba467f1b792a039_14834849593679827492
                  Source: global trafficHTTP traffic detected: GET /profiles/76561199824159981 HTTP/1.1Host: steamcommunity.comConnection: Keep-AliveCache-Control: no-cacheCookie: sessionid=c0ba4388df99ed39a956e62f; steamCountry=US%7C185ce35c568ebbb18a145d0cabae7186
                  Source: Joe Sandbox ViewIP Address: 23.197.127.21 23.197.127.21
                  Source: Joe Sandbox ViewIP Address: 149.154.167.99 149.154.167.99
                  Source: Joe Sandbox ViewIP Address: 149.154.167.99 149.154.167.99
                  Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49736 -> 95.216.180.186:443
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:49753 -> 95.216.180.186:443
                  Source: Network trafficSuricata IDS: 2028765 - Severity 3 - ET JA3 Hash - [Abuse.ch] Possible Dridex : 192.168.2.4:57269 -> 95.216.180.186:443
                  Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
                  Source: unknownTCP traffic detected without corresponding DNS query: 95.216.180.186
                  Source: unknownTCP traffic detected without corresponding DNS query: 95.216.180.186
                  Source: unknownTCP traffic detected without corresponding DNS query: 95.216.180.186
                  Source: unknownTCP traffic detected without corresponding DNS query: 95.216.180.186
                  Source: unknownTCP traffic detected without corresponding DNS query: 95.216.180.186
                  Source: unknownTCP traffic detected without corresponding DNS query: 95.216.180.186
                  Source: unknownTCP traffic detected without corresponding DNS query: 95.216.180.186
                  Source: unknownTCP traffic detected without corresponding DNS query: 95.216.180.186
                  Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownTCP traffic detected without corresponding DNS query: 95.216.180.186
                  Source: unknownTCP traffic detected without corresponding DNS query: 95.216.180.186
                  Source: unknownTCP traffic detected without corresponding DNS query: 95.216.180.186
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_00703C79 InternetOpenA,InternetConnectA,HttpOpenRequestA,HttpSendRequestA,InternetReadFile,InternetCloseHandle,1_2_00703C79
                  Source: global trafficHTTP traffic detected: GET /sok33tn HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache
                  Source: global trafficHTTP traffic detected: GET /profiles/76561199824159981 HTTP/1.1Host: steamcommunity.comConnection: Keep-AliveCache-Control: no-cache
                  Source: global trafficHTTP traffic detected: GET /sok33tn HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cacheCookie: stel_ssid=7a0ba467f1b792a039_14834849593679827492
                  Source: global trafficHTTP traffic detected: GET /profiles/76561199824159981 HTTP/1.1Host: steamcommunity.comConnection: Keep-AliveCache-Control: no-cacheCookie: sessionid=c0ba4388df99ed39a956e62f; steamCountry=US%7C185ce35c568ebbb18a145d0cabae7186
                  Source: global trafficHTTP traffic detected: GET /sok33tn HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cacheCookie: stel_ssid=7a0ba467f1b792a039_14834849593679827492
                  Source: global trafficHTTP traffic detected: GET /profiles/76561199824159981 HTTP/1.1Host: steamcommunity.comConnection: Keep-AliveCache-Control: no-cacheCookie: sessionid=c0ba4388df99ed39a956e62f; steamCountry=US%7C185ce35c568ebbb18a145d0cabae7186
                  Source: global trafficHTTP traffic detected: GET /sok33tn HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cacheCookie: stel_ssid=7a0ba467f1b792a039_14834849593679827492
                  Source: global trafficHTTP traffic detected: GET /sok33tn HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cacheCookie: stel_ssid=7a0ba467f1b792a039_14834849593679827492
                  Source: global trafficHTTP traffic detected: GET /profiles/76561199824159981 HTTP/1.1Host: steamcommunity.comConnection: Keep-AliveCache-Control: no-cacheCookie: sessionid=c0ba4388df99ed39a956e62f; steamCountry=US%7C185ce35c568ebbb18a145d0cabae7186
                  Source: MSBuild.exe, 00000001.00000002.3006158595.0000000003080000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: .com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https equals www.youtube.com (Youtube)
                  Source: MSBuild.exe, 00000001.00000002.3006158595.0000000003080000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: .net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.y equals www.youtube.com (Youtube)
                  Source: MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://steamloopback.host https://store.steampowered.com/; equals www.youtube.com (Youtube)
                  Source: MSBuild.exe, 00000001.00000002.3006158595.0000000003080000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policydefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.s equals www.youtube.com (Youtube)
                  Source: Howard.exeString found in binary or memory: Cookies_%08X%s%shttps://passport.yandex.ru/passport?mode=authhttp://m.o2.pl/https://www.linkedin.com/uas/loginMozilla/5.0https://authweb.orange.fr/auth_user/bin/auth_user.cgihttps://m.mail.virgilio.it/m/wmmhttps://e.mail.ru/loginMozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36https://mobile.zoho.com/Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.90 Safari/537.36Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36https://login.live.com/Mozilla/5.0 (iPhone; CPU iPhone OS 16_6 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.6 Mobile/15E148 Safari/604.1https://outlook.live.com/owa/https://twitter.com/?Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0 Edg/$(76.0.3809.132)_IMAP3_IMAP2_IMAP1res=successhttps://login.live.com/oauth20_remoteconnect.srfhttp://localhost/https://twitter.com/https://mail.google.com/mail/_blankhttps://passport.yandex.ru/profilehttps://passport.yandex.ru/passport?mode=passportif (document.getElementById("remember_me_checkbox")) document.getElementById("remember_me_checkbox").dataset.checked="yes"; if (document.getElementById("remember_me_checkbox")) if (document.getElementById("remember_me_checkbox").childNodes.length>1) document.getElementById("remember_me_checkbox").childNodes[1].className+=" is-checked"; if (document.getElementById("remember_me_checkbox")) if (document.getElementById("remember_me_checkbox").childNodes.length>3) document.getElementById("remember_me_checkbox").childNodes[3].checked=true;http://m.o2.pl/?folderlinkedin.comlinkedin.com/checkpoint/lg/login-submitif (document.getElementById("default_f_memorize_password_csCheckbox")) if (document.getElementById("default_f_memorize_password_csCheckbox").childNodes.length>0) document.getElementById("default_f_memorize_password_csCheckbox").childNodes[0].className="checkboxOn"; if (document.getElementById("default_f_memorize_password")) document.getElementById("default_f_memorize_password").checked=true;http://www.orange.fr/input equals www.linkedin.com (Linkedin)
                  Source: Howard.exeString found in binary or memory: Cookies_%08X%s%shttps://passport.yandex.ru/passport?mode=authhttp://m.o2.pl/https://www.linkedin.com/uas/loginMozilla/5.0https://authweb.orange.fr/auth_user/bin/auth_user.cgihttps://m.mail.virgilio.it/m/wmmhttps://e.mail.ru/loginMozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36https://mobile.zoho.com/Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.90 Safari/537.36Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36https://login.live.com/Mozilla/5.0 (iPhone; CPU iPhone OS 16_6 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.6 Mobile/15E148 Safari/604.1https://outlook.live.com/owa/https://twitter.com/?Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0 Edg/$(76.0.3809.132)_IMAP3_IMAP2_IMAP1res=successhttps://login.live.com/oauth20_remoteconnect.srfhttp://localhost/https://twitter.com/https://mail.google.com/mail/_blankhttps://passport.yandex.ru/profilehttps://passport.yandex.ru/passport?mode=passportif (document.getElementById("remember_me_checkbox")) document.getElementById("remember_me_checkbox").dataset.checked="yes"; if (document.getElementById("remember_me_checkbox")) if (document.getElementById("remember_me_checkbox").childNodes.length>1) document.getElementById("remember_me_checkbox").childNodes[1].className+=" is-checked"; if (document.getElementById("remember_me_checkbox")) if (document.getElementById("remember_me_checkbox").childNodes.length>3) document.getElementById("remember_me_checkbox").childNodes[3].checked=true;http://m.o2.pl/?folderlinkedin.comlinkedin.com/checkpoint/lg/login-submitif (document.getElementById("default_f_memorize_password_csCheckbox")) if (document.getElementById("default_f_memorize_password_csCheckbox").childNodes.length>0) document.getElementById("default_f_memorize_password_csCheckbox").childNodes[0].className="checkboxOn"; if (document.getElementById("default_f_memorize_password")) document.getElementById("default_f_memorize_password").checked=true;http://www.orange.fr/input equals www.twitter.com (Twitter)
                  Source: Howard.exeString found in binary or memory: https://www.facebook.com/ equals www.facebook.com (Facebook)
                  Source: Howard.exeString found in binary or memory: https://www.linkedin.com equals www.linkedin.com (Linkedin)
                  Source: Howard.exeString found in binary or memory: https://www.linkedin.com/messaging/ equals www.linkedin.com (Linkedin)
                  Source: Howard.exeString found in binary or memory: https://www.linkedin.com/uas/login equals www.linkedin.com (Linkedin)
                  Source: Howard.exeString found in binary or memory: id="javax.faces.ViewState"/>VirgilioPasswordVirgilioEmail<title>Virgilio Mail - Login</title>Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0;)/m/wmm/folder/INBOX/1?refresh=TRUEm.mail.virgilio.itheadersidfolderreadmessageGroupListselectedMailboxactionreduxStateroot.AppState = <span> date" role="gridcell"title="data-test-id="message-subject"<strong</strong>data-test-read="false"data-test-id="message-list-item"data-test-id="content-area"from_nameparticipantListrawDateisReadmflags}msgListObj="email":"emailAddress:"alt="Sign in">Sign in</a><span>Sign in</span><form id="account-switcher-form"<form id="manage-account-form" method="post"<form id="login-username-form" method="post"<form id="mbr-login-form"action="https://login.yahoo.com/config/login_verify2?"action="https://login.yahoo.com/config/login?"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/132.0.0.0 Safari/537.36/n/inbox/allmail.yahoo.comisotypefieldnewmodels"error":{"code":"AUTH_NO_AUTH"}{"models":[],"Content-Type: application/x-www-form-urlencoded; charset=UTF-8/touch/api/models?_m=messages&fid.0=1&goto.0=all&extra_cond.0=only_new&sort_type.0=date&unread.0=unread_model.0=messages&_ckey=%s&_exp=%s&_eexp=%s;%3B,%2C"eexp-boxes":""exp-boxes":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36action="/checkcaptcha?action="https://passport.yandex.ru/authname="_ckey" value="mail.yandex.ruRSNSBmode=listing&accId=%s&from=1&to=50&summary=true&sortBy=date&sortOrder=false&folderSpec=2&view=unread&zmrcsr=%s/zm/ml.dozmcsr=https://mail.zoho.comzmail.accId = "/zm/Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36mail.zoho.comEWShttps://outlook.office365.com/http://www.outlook.com/http://mail.live.com/https://outlook.live.com/mail/inbox/https://outlook.office365.com/EWS/Exchange.asmxMailHandlerEWSEWSPasswordEWSUserEWSWebsiteEWSServerc_user.messenger.comFacebookhttps://www.messenger.com/https://www.facebook.com/MailHandlerFacebookFacebookWebsitehttps://accounts.google.com/LogoutGMailhttps://inbox.google.com/https://mail.google.com/MailHandlerGMailGMailFolderListGMailWebsitehttps://outlook.office365.comhttps://outlook.live.com/mail/logoff.owa/owa/logoff.owa/logout.srflogin.live.comOutlook.comMicrosoft 365Outlook LiveMailHandlerHotmailAccountTypeHotmailWebsiteIMAPhttps://e.mail.ruhttps://Mail.Yahoo.comhttp://www.GMX.comhttp://Mail.Google.comhttp://www.Outlook.comhttp://Mail.Live.comimap.mail.ru:993imap.mail.yahoo.com:993imap.gmx.com:993imap.mail.me.com:993MailHandlerIMAP3MailHandlerIMAP2MailHandlerIMAPIMAPPassword3IMAPUser3IMAPWebsite3IMAPAuthMethod3IMAPServer3IMAPPassword2IMAPUser2IMAPWebsite2IMAPAuthMethod2IMAPServer2IMAPPasswordIMAPUserIMAPWebsiteIMAPAuthMethod1IMAPServeriNotes WebMailHandlerINotesiNotesPasswordiNotesNameiNotesServerhttps://linkedin.comhttps://www.linkedin.comLinkedInhttps://www.linkedin.com/messaging/LinkedIn.comMa
                  Source: Howard.exeString found in binary or memory: id="javax.faces.ViewState"/>VirgilioPasswordVirgilioEmail<title>Virgilio Mail - Login</title>Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0;)/m/wmm/folder/INBOX/1?refresh=TRUEm.mail.virgilio.itheadersidfolderreadmessageGroupListselectedMailboxactionreduxStateroot.AppState = <span> date" role="gridcell"title="data-test-id="message-subject"<strong</strong>data-test-read="false"data-test-id="message-list-item"data-test-id="content-area"from_nameparticipantListrawDateisReadmflags}msgListObj="email":"emailAddress:"alt="Sign in">Sign in</a><span>Sign in</span><form id="account-switcher-form"<form id="manage-account-form" method="post"<form id="login-username-form" method="post"<form id="mbr-login-form"action="https://login.yahoo.com/config/login_verify2?"action="https://login.yahoo.com/config/login?"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/132.0.0.0 Safari/537.36/n/inbox/allmail.yahoo.comisotypefieldnewmodels"error":{"code":"AUTH_NO_AUTH"}{"models":[],"Content-Type: application/x-www-form-urlencoded; charset=UTF-8/touch/api/models?_m=messages&fid.0=1&goto.0=all&extra_cond.0=only_new&sort_type.0=date&unread.0=unread_model.0=messages&_ckey=%s&_exp=%s&_eexp=%s;%3B,%2C"eexp-boxes":""exp-boxes":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36action="/checkcaptcha?action="https://passport.yandex.ru/authname="_ckey" value="mail.yandex.ruRSNSBmode=listing&accId=%s&from=1&to=50&summary=true&sortBy=date&sortOrder=false&folderSpec=2&view=unread&zmrcsr=%s/zm/ml.dozmcsr=https://mail.zoho.comzmail.accId = "/zm/Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36mail.zoho.comEWShttps://outlook.office365.com/http://www.outlook.com/http://mail.live.com/https://outlook.live.com/mail/inbox/https://outlook.office365.com/EWS/Exchange.asmxMailHandlerEWSEWSPasswordEWSUserEWSWebsiteEWSServerc_user.messenger.comFacebookhttps://www.messenger.com/https://www.facebook.com/MailHandlerFacebookFacebookWebsitehttps://accounts.google.com/LogoutGMailhttps://inbox.google.com/https://mail.google.com/MailHandlerGMailGMailFolderListGMailWebsitehttps://outlook.office365.comhttps://outlook.live.com/mail/logoff.owa/owa/logoff.owa/logout.srflogin.live.comOutlook.comMicrosoft 365Outlook LiveMailHandlerHotmailAccountTypeHotmailWebsiteIMAPhttps://e.mail.ruhttps://Mail.Yahoo.comhttp://www.GMX.comhttp://Mail.Google.comhttp://www.Outlook.comhttp://Mail.Live.comimap.mail.ru:993imap.mail.yahoo.com:993imap.gmx.com:993imap.mail.me.com:993MailHandlerIMAP3MailHandlerIMAP2MailHandlerIMAPIMAPPassword3IMAPUser3IMAPWebsite3IMAPAuthMethod3IMAPServer3IMAPPassword2IMAPUser2IMAPWebsite2IMAPAuthMethod2IMAPServer2IMAPPasswordIMAPUserIMAPWebsiteIMAPAuthMethod1IMAPServeriNotes WebMailHandlerINotesiNotesPasswordiNotesNameiNotesServerhttps://linkedin.comhttps://www.linkedin.comLinkedInhttps://www.linkedin.com/messaging/LinkedIn.comMa
                  Source: Howard.exeString found in binary or memory: id="javax.faces.ViewState"/>VirgilioPasswordVirgilioEmail<title>Virgilio Mail - Login</title>Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0;)/m/wmm/folder/INBOX/1?refresh=TRUEm.mail.virgilio.itheadersidfolderreadmessageGroupListselectedMailboxactionreduxStateroot.AppState = <span> date" role="gridcell"title="data-test-id="message-subject"<strong</strong>data-test-read="false"data-test-id="message-list-item"data-test-id="content-area"from_nameparticipantListrawDateisReadmflags}msgListObj="email":"emailAddress:"alt="Sign in">Sign in</a><span>Sign in</span><form id="account-switcher-form"<form id="manage-account-form" method="post"<form id="login-username-form" method="post"<form id="mbr-login-form"action="https://login.yahoo.com/config/login_verify2?"action="https://login.yahoo.com/config/login?"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/132.0.0.0 Safari/537.36/n/inbox/allmail.yahoo.comisotypefieldnewmodels"error":{"code":"AUTH_NO_AUTH"}{"models":[],"Content-Type: application/x-www-form-urlencoded; charset=UTF-8/touch/api/models?_m=messages&fid.0=1&goto.0=all&extra_cond.0=only_new&sort_type.0=date&unread.0=unread_model.0=messages&_ckey=%s&_exp=%s&_eexp=%s;%3B,%2C"eexp-boxes":""exp-boxes":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36action="/checkcaptcha?action="https://passport.yandex.ru/authname="_ckey" value="mail.yandex.ruRSNSBmode=listing&accId=%s&from=1&to=50&summary=true&sortBy=date&sortOrder=false&folderSpec=2&view=unread&zmrcsr=%s/zm/ml.dozmcsr=https://mail.zoho.comzmail.accId = "/zm/Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36mail.zoho.comEWShttps://outlook.office365.com/http://www.outlook.com/http://mail.live.com/https://outlook.live.com/mail/inbox/https://outlook.office365.com/EWS/Exchange.asmxMailHandlerEWSEWSPasswordEWSUserEWSWebsiteEWSServerc_user.messenger.comFacebookhttps://www.messenger.com/https://www.facebook.com/MailHandlerFacebookFacebookWebsitehttps://accounts.google.com/LogoutGMailhttps://inbox.google.com/https://mail.google.com/MailHandlerGMailGMailFolderListGMailWebsitehttps://outlook.office365.comhttps://outlook.live.com/mail/logoff.owa/owa/logoff.owa/logout.srflogin.live.comOutlook.comMicrosoft 365Outlook LiveMailHandlerHotmailAccountTypeHotmailWebsiteIMAPhttps://e.mail.ruhttps://Mail.Yahoo.comhttp://www.GMX.comhttp://Mail.Google.comhttp://www.Outlook.comhttp://Mail.Live.comimap.mail.ru:993imap.mail.yahoo.com:993imap.gmx.com:993imap.mail.me.com:993MailHandlerIMAP3MailHandlerIMAP2MailHandlerIMAPIMAPPassword3IMAPUser3IMAPWebsite3IMAPAuthMethod3IMAPServer3IMAPPassword2IMAPUser2IMAPWebsite2IMAPAuthMethod2IMAPServer2IMAPPasswordIMAPUserIMAPWebsiteIMAPAuthMethod1IMAPServeriNotes WebMailHandlerINotesiNotesPasswordiNotesNameiNotesServerhttps://linkedin.comhttps://www.linkedin.comLinkedInhttps://www.linkedin.com/messaging/LinkedIn.comMa
                  Source: Howard.exeString found in binary or memory: id="javax.faces.ViewState"/>VirgilioPasswordVirgilioEmail<title>Virgilio Mail - Login</title>Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0;)/m/wmm/folder/INBOX/1?refresh=TRUEm.mail.virgilio.itheadersidfolderreadmessageGroupListselectedMailboxactionreduxStateroot.AppState = <span> date" role="gridcell"title="data-test-id="message-subject"<strong</strong>data-test-read="false"data-test-id="message-list-item"data-test-id="content-area"from_nameparticipantListrawDateisReadmflags}msgListObj="email":"emailAddress:"alt="Sign in">Sign in</a><span>Sign in</span><form id="account-switcher-form"<form id="manage-account-form" method="post"<form id="login-username-form" method="post"<form id="mbr-login-form"action="https://login.yahoo.com/config/login_verify2?"action="https://login.yahoo.com/config/login?"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/132.0.0.0 Safari/537.36/n/inbox/allmail.yahoo.comisotypefieldnewmodels"error":{"code":"AUTH_NO_AUTH"}{"models":[],"Content-Type: application/x-www-form-urlencoded; charset=UTF-8/touch/api/models?_m=messages&fid.0=1&goto.0=all&extra_cond.0=only_new&sort_type.0=date&unread.0=unread_model.0=messages&_ckey=%s&_exp=%s&_eexp=%s;%3B,%2C"eexp-boxes":""exp-boxes":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36action="/checkcaptcha?action="https://passport.yandex.ru/authname="_ckey" value="mail.yandex.ruRSNSBmode=listing&accId=%s&from=1&to=50&summary=true&sortBy=date&sortOrder=false&folderSpec=2&view=unread&zmrcsr=%s/zm/ml.dozmcsr=https://mail.zoho.comzmail.accId = "/zm/Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36mail.zoho.comEWShttps://outlook.office365.com/http://www.outlook.com/http://mail.live.com/https://outlook.live.com/mail/inbox/https://outlook.office365.com/EWS/Exchange.asmxMailHandlerEWSEWSPasswordEWSUserEWSWebsiteEWSServerc_user.messenger.comFacebookhttps://www.messenger.com/https://www.facebook.com/MailHandlerFacebookFacebookWebsitehttps://accounts.google.com/LogoutGMailhttps://inbox.google.com/https://mail.google.com/MailHandlerGMailGMailFolderListGMailWebsitehttps://outlook.office365.comhttps://outlook.live.com/mail/logoff.owa/owa/logoff.owa/logout.srflogin.live.comOutlook.comMicrosoft 365Outlook LiveMailHandlerHotmailAccountTypeHotmailWebsiteIMAPhttps://e.mail.ruhttps://Mail.Yahoo.comhttp://www.GMX.comhttp://Mail.Google.comhttp://www.Outlook.comhttp://Mail.Live.comimap.mail.ru:993imap.mail.yahoo.com:993imap.gmx.com:993imap.mail.me.com:993MailHandlerIMAP3MailHandlerIMAP2MailHandlerIMAPIMAPPassword3IMAPUser3IMAPWebsite3IMAPAuthMethod3IMAPServer3IMAPPassword2IMAPUser2IMAPWebsite2IMAPAuthMethod2IMAPServer2IMAPPasswordIMAPUserIMAPWebsiteIMAPAuthMethod1IMAPServeriNotes WebMailHandlerINotesiNotesPasswordiNotesNameiNotesServerhttps://linkedin.comhttps://www.linkedin.comLinkedInhttps://www.linkedin.com/messaging/LinkedIn.comMa
                  Source: Howard.exeString found in binary or memory: m.mail.virgilio.it/m/wmme.mail.ru/messages/inbox?octaviusif (document.getElementById("rem")) document.getElementById("rem").checked=true;https://accounts.zoho.com/cloginif (document.getElementById("pLabelC")) document.getElementById("pLabelC").className+=" checked"; if (document.getElementById("persistent")) document.getElementById("persistent").value="y";https://mail.yahoo.com/nmail.yahoo.com/dmail.yahoo.com/om/api/1.0/openmail.appmail.yahoo.com/neo/launchhttps://outlook.live.com/mail/https://login.live.comhttps://account.microsoft.com/login.live.com/ppsecure/post.srfif (document.getElementById("idChkBx_PWD_KMSI0Pwd")) if (document.getElementById("idChkBx_PWD_KMSI0Pwd").checked==false) if (document.getElementById("idLbl_PWD_KMSI_Cb")) document.getElementById("idLbl_PWD_KMSI_Cb").click();document.querySelectorAll('input[type=checkbox]')[0].click()OpenMailListTopMostSoftware\CompSoft\HowardMailListFlagswww.the-sz.comhttp://www.the-sz.com/Wino MailMozilla ThunderbirdLotus NotesIBM NotesMicrosoft MailHotmaileM ClientOpera developerOpera StableOperaInternet ExplorerFirefoxGoogle Chromehttps://go.microsoft.com/fwlink/p/?LinkId=2124703https://developer.microsoft.com/en-us/microsoft-edge/webview2/AppleMSN MessengerOutlookHotmail WhiteFancy OutlookOutlook.com WhiteCheckRangeDaysCheckRangeNewMailSoundToolTipTimeRefreshTime1 %1!u! Closemain equals www.yahoo.com (Yahoo)
                  Source: MSBuild.exe, 00000001.00000002.3006158595.0000000003080000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: m/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https+wm|l equals www.youtube.com (Youtube)
                  Source: Howard.exeString found in binary or memory: www.linkedin.com equals www.linkedin.com (Linkedin)
                  Source: global trafficDNS traffic detected: DNS query: t.me
                  Source: global trafficDNS traffic detected: DNS query: opbafindi.com
                  Source: global trafficDNS traffic detected: DNS query: steamcommunity.com
                  Source: MSBuild.exe, 00000001.00000002.3006158595.0000000003080000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A4A000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:27060
                  Source: Howard.exeString found in binary or memory: http://Mail.Google.com
                  Source: Howard.exeString found in binary or memory: http://Mail.Live.com
                  Source: Howard.exeString found in binary or memory: http://X.com/
                  Source: MSBuild.exe, 00000001.00000002.3005428855.0000000000A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.microsoft.
                  Source: Howard.exeString found in binary or memory: http://m.o2.pl
                  Source: Howard.exeString found in binary or memory: http://m.o2.pl/
                  Source: Howard.exeString found in binary or memory: http://m.o2.pl/?folder
                  Source: Howard.exeString found in binary or memory: http://mail.live.com/
                  Source: Howard.exeString found in binary or memory: http://mail.virgilio.it/
                  Source: Howard.exeString found in binary or memory: http://mdsp.orange.fr
                  Source: Howard.exeString found in binary or memory: http://poczta.o2.pl/
                  Source: Howard.exeString found in binary or memory: http://r.orange.fr/r/Owebmail_inbox_v2
                  Source: Howard.exeString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
                  Source: Howard.exe, 00000000.00000002.1885193672.0000000002DC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                  Source: MSBuild.exe, 00000001.00000002.3006158595.00000000030A3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3006158595.00000000030C3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmp, 76561199824159981[1].htm0.1.dr, 76561199824159981[1].htm.1.drString found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
                  Source: MSBuild.exe, 00000001.00000002.3006158595.00000000030A3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3006158595.00000000030C3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3004989391.00000000006F2000.00000004.00000010.00020000.00000000.sdmp, 76561199824159981[1].htm0.1.dr, 76561199824159981[1].htm.1.drString found in binary or memory: http://store.steampowered.com/privacy_agreement/
                  Source: MSBuild.exe, 00000001.00000002.3006158595.00000000030A3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3006158595.00000000030C3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmp, 76561199824159981[1].htm0.1.dr, 76561199824159981[1].htm.1.drString found in binary or memory: http://store.steampowered.com/subscriber_agreement/
                  Source: Howard.exeString found in binary or memory: http://www.GMX.com
                  Source: Howard.exeString found in binary or memory: http://www.Outlook.com
                  Source: Howard.exeString found in binary or memory: http://www.orange.fr/
                  Source: Howard.exeString found in binary or memory: http://www.outlook.com/
                  Source: Howard.exeString found in binary or memory: http://www.the-sz.com/
                  Source: Howard.exeString found in binary or memory: http://www.the-sz.com/F
                  Source: Howard.exeString found in binary or memory: http://www.the-sz.com/Wino
                  Source: Howard.exeString found in binary or memory: http://www.the-sz.com/common/update.php?p=howard
                  Source: Howard.exeString found in binary or memory: http://www.the-sz.com/common/update.php?p=howardLastCheckPianoSmooth.wavUnreadMailCountRegistryLocat
                  Source: MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmp, 76561199824159981[1].htm0.1.dr, 76561199824159981[1].htm.1.drString found in binary or memory: http://www.valvesoftware.com/legal.htm
                  Source: 76561199824159981[1].htm0.1.drString found in binary or memory: https://95.216.180.186
                  Source: MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://95.216.180.186/
                  Source: MSBuild.exe, 00000001.00000002.3005428855.0000000000A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://95.216.180.186/)
                  Source: MSBuild.exe, 00000001.00000002.3006158595.0000000003080000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://95.216.180.186/0
                  Source: MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://95.216.180.186/4
                  Source: MSBuild.exe, 00000001.00000002.3005428855.0000000000A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://95.216.180.186/M
                  Source: MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://95.216.180.186/P
                  Source: MSBuild.exe, 00000001.00000002.3005428855.0000000000A16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://95.216.180.186/en-GB
                  Source: MSBuild.exe, 00000001.00000002.3005428855.0000000000A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://95.216.180.186/ography
                  Source: MSBuild.exe, 00000001.00000002.3005428855.0000000000A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://95.216.180.186/rosoft
                  Source: MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://95.216.180.186/~#
                  Source: Howard.exeString found in binary or memory: https://Mail.Yahoo.com
                  Source: Howard.exeString found in binary or memory: https://accounts.google.com/Logout
                  Source: Howard.exeString found in binary or memory: https://accounts.google.com/o/oauth2/v2/auth?client_id=%s&response_type=code&redirect_uri=http%%3A%%
                  Source: Howard.exeString found in binary or memory: https://accounts.zoho.com/clogin
                  Source: Howard.exeString found in binary or memory: https://accounts.zoho.com/cloginif
                  Source: MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.steampowered.com/
                  Source: Howard.exeString found in binary or memory: https://authweb.orange.fr/auth_user/bin/auth_user.cgi
                  Source: Howard.exeString found in binary or memory: https://authweb.orange.fr/auth_user2/bin/auth_user.cgi
                  Source: Howard.exeString found in binary or memory: https://autologon.microsoftazuread-sso.com/
                  Source: Howard.exeString found in binary or memory: https://autologon.microsoftazuread-sso.com/class=
                  Source: MSBuild.exe, 00000001.00000002.3005428855.0000000000A8E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://avatars.cloudflare.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cd%o
                  Source: MSBuild.exe, 00000001.00000002.3005428855.0000000000A8E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://avatars.cloudflare.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_4o
                  Source: MSBuild.exe, 00000001.00000002.3005428855.0000000000A8E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://avatars.cloudflare.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_ful
                  Source: 76561199824159981[1].htm0.1.drString found in binary or memory: https://avatars.cloudflare.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
                  Source: MSBuild.exe, 00000001.00000002.3006158595.0000000003080000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A4A000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://broadcast.st.dl.eccdnx.com
                  Source: MSBuild.exe, 00000001.00000002.3006158595.0000000003080000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A4A000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/
                  Source: MSBuild.exe, 00000001.00000002.3006158595.0000000003080000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://checkout.steampowe
                  Source: MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://checkout.steampowered.com/
                  Source: MSBuild.exe, 00000001.00000002.3005428855.0000000000A8E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloud
                  Source: MSBuild.exe, 00000001.00000002.3005428855.0000000000A8E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.c
                  Source: MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/
                  Source: MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmp, 76561199824159981[1].htm0.1.dr, 76561199824159981[1].htm.1.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/applications/community/main.css?v=isaCx97tvA
                  Source: MSBuild.exe, 00000001.00000002.3006158595.00000000030A3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3006158595.00000000030C3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmp, 76561199824159981[1].htm0.1.dr, 76561199824159981[1].htm.1.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/globalv2.css?v=N4H9vOOxi8kG&amp;l=english&am
                  Source: MSBuild.exe, 00000001.00000002.3006158595.00000000030A3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3006158595.00000000030C3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmp, 76561199824159981[1].htm0.1.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/promo/summer2017/stickers.css?v=INiZALwvDIbb
                  Source: MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmp, 76561199824159981[1].htm.1.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/skin_1/fatalerror.css?v=OFUqlcDNiD6y&amp;l=e
                  Source: MSBuild.exe, 00000001.00000002.3006158595.00000000030A3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3006158595.00000000030C3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmp, 76561199824159981[1].htm0.1.dr, 76561199824159981[1].htm.1.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/skin_1/header.css?v=EZbG2DEumYDH&amp;l=engli
                  Source: MSBuild.exe, 00000001.00000002.3006158595.00000000030A3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3006158595.00000000030C3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmp, 76561199824159981[1].htm0.1.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/skin_1/modalContent.css?v=WXAusLHclDIt&amp;l
                  Source: MSBuild.exe, 00000001.00000002.3006158595.00000000030A3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3006158595.00000000030C3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmp, 76561199824159981[1].htm0.1.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/skin_1/profilev2.css?v=l1VAyDrxeeyo&amp;l=en
                  Source: MSBuild.exe, 00000001.00000002.3006158595.00000000030A3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3006158595.00000000030C3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmp, 76561199824159981[1].htm0.1.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
                  Source: MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3004989391.00000000006F2000.00000004.00000010.00020000.00000000.sdmp, 76561199824159981[1].htm0.1.dr, 76561199824159981[1].htm.1.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
                  Source: MSBuild.exe, 00000001.00000002.3005428855.0000000000A8E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javas
                  Source: MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascrC
                  Source: MSBuild.exe, 00000001.00000002.3006158595.00000000030A3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3006158595.00000000030C3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmp, 76561199824159981[1].htm0.1.dr, 76561199824159981[1].htm.1.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/applications/community/libraries~b28b
                  Source: MSBuild.exe, 00000001.00000002.3006158595.00000000030A3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3006158595.00000000030C3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmp, 76561199824159981[1].htm0.1.dr, 76561199824159981[1].htm.1.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/applications/community/main.js?v=kDTc
                  Source: MSBuild.exe, 00000001.00000002.3006158595.00000000030A3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3006158595.00000000030C3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmp, 76561199824159981[1].htm0.1.dr, 76561199824159981[1].htm.1.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/applications/community/manifest.js?v=
                  Source: MSBuild.exe, 00000001.00000002.3006158595.00000000030A3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3006158595.00000000030C3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmp, 76561199824159981[1].htm0.1.dr, 76561199824159981[1].htm.1.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/global.js?v=3W_ge11SZngF&amp;l=englis
                  Source: MSBuild.exe, 00000001.00000002.3006158595.00000000030A3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3006158595.00000000030C3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmp, 76561199824159981[1].htm0.1.dr, 76561199824159981[1].htm.1.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=gQHVlrK4-jX-&a
                  Source: MSBuild.exe, 00000001.00000002.3005428855.0000000000A8E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/modalContent.js?v=XfYrwi9zUC4b&am
                  Source: MSBuild.exe, 00000001.00000002.3006158595.00000000030A3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3006158595.00000000030C3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmp, 76561199824159981[1].htm0.1.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/modalContent.js?v=XfYrwi9zUC4b&amp;l=
                  Source: MSBuild.exe, 00000001.00000002.3006158595.00000000030A3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3006158595.00000000030C3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmp, 76561199824159981[1].htm0.1.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/modalv2.js?v=zBXEuexVQ0FZ&amp;l=engli
                  Source: MSBuild.exe, 00000001.00000002.3006158595.00000000030A3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3006158595.00000000030C3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmp, 76561199824159981[1].htm0.1.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/profile.js?v=47omfdMZRDiz&amp;l=engli
                  Source: MSBuild.exe, 00000001.00000002.3006158595.00000000030A3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A8E000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3006158595.00000000030C3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmp, 76561199824159981[1].htm0.1.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/promo/stickers.js?v=iGFW_JMULCcZ&amp;
                  Source: MSBuild.exe, 00000001.00000002.3006158595.00000000030A3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3006158595.00000000030C3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmp, 76561199824159981[1].htm0.1.dr, 76561199824159981[1].htm.1.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&amp;l
                  Source: MSBuild.exe, 00000001.00000002.3005428855.0000000000A8E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/reportedcontent.js?v=
                  Source: MSBuild.exe, 00000001.00000002.3006158595.00000000030A3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3006158595.00000000030C3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmp, 76561199824159981[1].htm0.1.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/reportedcontent.js?v=-lZqrarogJr8&amp
                  Source: MSBuild.exe, 00000001.00000002.3006158595.00000000030A3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3006158595.00000000030C3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmp, 76561199824159981[1].htm0.1.dr, 76561199824159981[1].htm.1.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcD
                  Source: MSBuild.exe, 00000001.00000002.3006158595.00000000030A3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3006158595.00000000030C3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmp, 76561199824159981[1].htm0.1.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/webui/clientcom.js?v=CFgKk306m7Mu&amp
                  Source: MSBuild.exe, 00000001.00000002.3006158595.00000000030A3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3006158595.00000000030C3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmp, 76561199824159981[1].htm0.1.dr, 76561199824159981[1].htm.1.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/buttons.css?v=G3UTKgHH4xLD&amp;l=engl
                  Source: 76561199824159981[1].htm0.1.dr, 76561199824159981[1].htm.1.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/motiva_sans.css?v=nc69vwog8R9p&amp;l=
                  Source: MSBuild.exe, 00000001.00000002.3006158595.00000000030A3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3006158595.00000000030C3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmp, 76561199824159981[1].htm0.1.dr, 76561199824159981[1].htm.1.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/shared_global.css?v=sd6kCnGQW5Ji&amp;
                  Source: MSBuild.exe, 00000001.00000002.3006158595.00000000030A3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3006158595.00000000030C3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmp, 76561199824159981[1].htm0.1.dr, 76561199824159981[1].htm.1.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/shared_responsive.css?v=n4_f9JKDa7wP&
                  Source: MSBuild.exe, 00000001.00000002.3006158595.00000000030A3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3006158595.00000000030C3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmp, 76561199824159981[1].htm0.1.dr, 76561199824159981[1].htm.1.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
                  Source: MSBuild.exe, 00000001.00000002.3006158595.00000000030A3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3006158595.00000000030C3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmp, 76561199824159981[1].htm0.1.dr, 76561199824159981[1].htm.1.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_logo.png
                  Source: MSBuild.exe, 00000001.00000002.3006158595.00000000030A3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3006158595.00000000030C3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmp, 76561199824159981[1].htm0.1.dr, 76561199824159981[1].htm.1.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.p
                  Source: MSBuild.exe, 00000001.00000002.3006158595.00000000030A3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3006158595.00000000030C3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmp, 76561199824159981[1].htm0.1.dr, 76561199824159981[1].htm.1.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
                  Source: MSBuild.exe, 00000001.00000002.3006158595.00000000030A3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3006158595.00000000030C3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmp, 76561199824159981[1].htm0.1.dr, 76561199824159981[1].htm.1.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2S
                  Source: MSBuild.exe, 00000001.00000002.3006158595.00000000030A3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3006158595.00000000030C3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmp, 76561199824159981[1].htm0.1.dr, 76561199824159981[1].htm.1.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_global.js?v=L76dql3x7WI
                  Source: MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmp, 76561199824159981[1].htm0.1.dr, 76561199824159981[1].htm.1.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v
                  Source: MSBuild.exe, 00000001.00000002.3006158595.00000000030A3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3006158595.00000000030C3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmp, 76561199824159981[1].htm0.1.dr, 76561199824159981[1].htm.1.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&amp;
                  Source: MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shareg
                  Source: Howard.exeString found in binary or memory: https://e.mail.ru
                  Source: Howard.exeString found in binary or memory: https://e.mail.ru/
                  Source: Howard.exeString found in binary or memory: https://e.mail.ru/login
                  Source: Howard.exe, 00000000.00000002.1899854955.0000000004009000.00000004.00000800.00020000.00000000.sdmp, Howard.exe, 00000000.00000002.1899854955.0000000003DC1000.00000004.00000800.00020000.00000000.sdmp, Howard.exe, 00000000.00000002.1902322964.0000000006070000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-net
                  Source: Howard.exe, 00000000.00000002.1899854955.0000000004009000.00000004.00000800.00020000.00000000.sdmp, Howard.exe, 00000000.00000002.1899854955.0000000003DC1000.00000004.00000800.00020000.00000000.sdmp, Howard.exe, 00000000.00000002.1902322964.0000000006070000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-netJ
                  Source: Howard.exe, 00000000.00000002.1899854955.0000000004009000.00000004.00000800.00020000.00000000.sdmp, Howard.exe, 00000000.00000002.1899854955.0000000003DC1000.00000004.00000800.00020000.00000000.sdmp, Howard.exe, 00000000.00000002.1902322964.0000000006070000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-neti
                  Source: MSBuild.exe, 00000001.00000002.3006158595.0000000003080000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampo
                  Source: MSBuild.exe, 00000001.00000002.3006158595.0000000003080000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowere
                  Source: MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/
                  Source: MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmp, 76561199824159981[1].htm0.1.dr, 76561199824159981[1].htm.1.drString found in binary or memory: https://help.steampowered.com/en/
                  Source: Howard.exeString found in binary or memory: https://inbox.google.com/
                  Source: Howard.exeString found in binary or memory: https://linkedin.com
                  Source: Howard.exeString found in binary or memory: https://login.live.com
                  Source: Howard.exeString found in binary or memory: https://login.live.com/
                  Source: Howard.exeString found in binary or memory: https://login.live.com/oauth20_remoteconnect.srf
                  Source: Howard.exeString found in binary or memory: https://login.live.com/ppsecure/post.srf
                  Source: Howard.exeString found in binary or memory: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=%s&response_type=code&redir
                  Source: Howard.exeString found in binary or memory: https://login.microsoftonline.com/jsdisabled
                  Source: MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.steampowered.com/
                  Source: Howard.exeString found in binary or memory: https://login.yahoo.com/config/login?
                  Source: Howard.exeString found in binary or memory: https://login.yahoo.com/config/login_verify2?
                  Source: MSBuild.exe, 00000001.00000002.3006158595.0000000003080000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A4A000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lv.queniujq.cn
                  Source: Howard.exeString found in binary or memory: https://m.mail.virgilio.it/m/wmm
                  Source: Howard.exeString found in binary or memory: https://mail.google.com/
                  Source: Howard.exeString found in binary or memory: https://mail.google.com/mail/
                  Source: Howard.exeString found in binary or memory: https://mail.google.com/mail/feed/atom/%s
                  Source: Howard.exeString found in binary or memory: https://mail.yahoo.com/
                  Source: Howard.exeString found in binary or memory: https://mail.yahoo.com/n
                  Source: Howard.exeString found in binary or memory: https://mail.yahoo.com/nmail.yahoo.com/dmail.yahoo.com/om/api/1.0/openmail.appmail.yahoo.com/neo/lau
                  Source: Howard.exeString found in binary or memory: https://mail.zoho.com
                  Source: Howard.exeString found in binary or memory: https://mail.zoho.com/biz/index.do
                  Source: MSBuild.exe, 00000001.00000002.3006158595.0000000003080000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A4A000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://medal.tv
                  Source: Howard.exeString found in binary or memory: https://messagerie.sfr.fr/
                  Source: Howard.exeString found in binary or memory: https://messenger.com/t/
                  Source: Howard.exeString found in binary or memory: https://mobile.zoho.com/
                  Source: Howard.exeString found in binary or memory: https://oauth.yandex.com/authorize?client_id=%s&response_type=code&redirect_uri=http%%3A%%2F%%2Floca
                  Source: MSBuild.exe, 00000001.00000002.3005428855.0000000000A16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://opbafindi.com
                  Source: MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://opbafindi.com/
                  Source: MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://opbafindi.com/(
                  Source: MSBuild.exe, 00000001.00000002.3005428855.0000000000A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://opbafindi.com/5
                  Source: MSBuild.exe, 00000001.00000002.3005428855.0000000000A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://opbafindi.com/E
                  Source: Howard.exeString found in binary or memory: https://outlook.live.com
                  Source: Howard.exeString found in binary or memory: https://outlook.live.com/mail/
                  Source: Howard.exeString found in binary or memory: https://outlook.live.com/mail/0/
                  Source: Howard.exeString found in binary or memory: https://outlook.live.com/mail/inbox/
                  Source: Howard.exeString found in binary or memory: https://outlook.live.com/owa/
                  Source: Howard.exeString found in binary or memory: https://outlook.live.com/owa/logoff.owa
                  Source: Howard.exeString found in binary or memory: https://outlook.office365.com
                  Source: Howard.exeString found in binary or memory: https://outlook.office365.com/
                  Source: Howard.exeString found in binary or memory: https://outlook.office365.com/EWS/Exchange.asmx
                  Source: Howard.exeString found in binary or memory: https://outlook.office365.com/mail/
                  Source: Howard.exeString found in binary or memory: https://outlook.office365.com/mail/logoff.owa
                  Source: MSBuild.exe, 00000001.00000002.3006158595.0000000003080000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A4A000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://player.vimeo.com
                  Source: MSBuild.exe, 00000001.00000002.3006158595.0000000003080000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A4A000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net
                  Source: MSBuild.exe, 00000001.00000002.3006158595.0000000003080000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A4A000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net/recaptcha/;
                  Source: MSBuild.exe, 00000001.00000002.3006158595.0000000003080000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s.y
                  Source: MSBuild.exe, 00000001.00000002.3006158595.0000000003080000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A4A000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s.ytimg.com;
                  Source: MSBuild.exe, 00000001.00000002.3006158595.0000000003080000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A4A000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sketchfab.com
                  Source: Howard.exeString found in binary or memory: https://ssl-sso.orange.fr/authM
                  Source: Howard.exe, 00000000.00000002.1899854955.0000000004009000.00000004.00000800.00020000.00000000.sdmp, Howard.exe, 00000000.00000002.1899854955.0000000003DC1000.00000004.00000800.00020000.00000000.sdmp, Howard.exe, 00000000.00000002.1902322964.0000000006070000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/11564914/23354;
                  Source: Howard.exe, 00000000.00000002.1885193672.0000000002DC1000.00000004.00000800.00020000.00000000.sdmp, Howard.exe, 00000000.00000002.1899854955.0000000004009000.00000004.00000800.00020000.00000000.sdmp, Howard.exe, 00000000.00000002.1899854955.0000000003DC1000.00000004.00000800.00020000.00000000.sdmp, Howard.exe, 00000000.00000002.1902322964.0000000006070000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/14436606/23354
                  Source: Howard.exe, 00000000.00000002.1899854955.0000000004009000.00000004.00000800.00020000.00000000.sdmp, Howard.exe, 00000000.00000002.1899854955.0000000003DC1000.00000004.00000800.00020000.00000000.sdmp, Howard.exe, 00000000.00000002.1902322964.0000000006070000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/2152978/23354
                  Source: MSBuild.exe, 00000001.00000002.3006158595.0000000003080000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A4A000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steam.tv/
                  Source: MSBuild.exe, 00000001.00000002.3006158595.0000000003080000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A4A000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast-test.akamaized.net
                  Source: MSBuild.exe, 00000001.00000002.3006158595.0000000003080000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A4A000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast.akamaized.net
                  Source: MSBuild.exe, 00000001.00000002.3006158595.0000000003080000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A4A000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcastchat.akamaized.net
                  Source: MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmp, 76561199824159981[1].htm.1.drString found in binary or memory: https://steamcommunity.com
                  Source: 76561199824159981[1].htm.1.drString found in binary or memory: https://steamcommunity.com/
                  Source: MSBuild.exe, 00000001.00000002.3005428855.0000000000A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/7
                  Source: MSBuild.exe, 00000001.00000002.3006158595.00000000030A3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3006158595.00000000030C3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmp, 76561199824159981[1].htm0.1.dr, 76561199824159981[1].htm.1.drString found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
                  Source: MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmp, 76561199824159981[1].htm0.1.dr, 76561199824159981[1].htm.1.drString found in binary or memory: https://steamcommunity.com/discussions/
                  Source: MSBuild.exe, 00000001.00000002.3006158595.00000000030A3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3006158595.00000000030C3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3004989391.00000000006F2000.00000004.00000010.00020000.00000000.sdmp, 76561199824159981[1].htm0.1.dr, 76561199824159981[1].htm.1.drString found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
                  Source: 76561199824159981[1].htm.1.drString found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199824159981
                  Source: MSBuild.exe, 00000001.00000002.3006158595.00000000030A3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3006158595.00000000030C3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmp, 76561199824159981[1].htm0.1.dr, 76561199824159981[1].htm.1.drString found in binary or memory: https://steamcommunity.com/market/
                  Source: MSBuild.exe, 00000001.00000002.3006158595.00000000030A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/my/wi
                  Source: MSBuild.exe, 00000001.00000002.3006158595.00000000030A3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3006158595.00000000030C3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmp, 76561199824159981[1].htm0.1.dr, 76561199824159981[1].htm.1.drString found in binary or memory: https://steamcommunity.com/my/wishlist/
                  Source: Howard.exe, 00000000.00000002.1885193672.00000000032C8000.00000004.00000800.00020000.00000000.sdmp, Howard.exe, 00000000.00000002.1899854955.0000000003E5B000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A4A000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005099023.000000000071D000.00000040.00000400.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199824159981
                  Source: MSBuild.exe, 00000001.00000002.3006158595.00000000030A3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3006158595.00000000030C3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmp, 76561199824159981[1].htm0.1.drString found in binary or memory: https://steamcommunity.com/profiles/76561199824159981/badges
                  Source: MSBuild.exe, 00000001.00000002.3006158595.00000000030A3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3006158595.00000000030C3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmp, 76561199824159981[1].htm0.1.drString found in binary or memory: https://steamcommunity.com/profiles/76561199824159981/inventory/
                  Source: MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199824159981P)
                  Source: MSBuild.exe, 00000001.00000002.3005099023.000000000071D000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199824159981a110mgzMozilla/5.0
                  Source: MSBuild.exe, 00000001.00000002.3006158595.00000000030A3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3006158595.00000000030C3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmp, 76561199824159981[1].htm0.1.dr, 76561199824159981[1].htm.1.drString found in binary or memory: https://steamcommunity.com/workshop/
                  Source: MSBuild.exe, 00000001.00000002.3006158595.0000000003080000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamloopback.ho8wx
                  Source: MSBuild.exe, 00000001.00000002.3006158595.0000000003080000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A4A000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamloopback.host
                  Source: 76561199824159981[1].htm.1.drString found in binary or memory: https://store.steampowered.com/
                  Source: MSBuild.exe, 00000001.00000002.3006158595.0000000003080000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A4A000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;
                  Source: MSBuild.exe, 00000001.00000002.3006158595.0000000003080000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;2
                  Source: 76561199824159981[1].htm.1.drString found in binary or memory: https://store.steampowered.com/about/
                  Source: MSBuild.exe, 00000001.00000002.3006158595.00000000030A3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3006158595.00000000030C3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmp, 76561199824159981[1].htm0.1.dr, 76561199824159981[1].htm.1.drString found in binary or memory: https://store.steampowered.com/explore/
                  Source: MSBuild.exe, 00000001.00000002.3006158595.00000000030A3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3006158595.00000000030C3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmp, 76561199824159981[1].htm0.1.dr, 76561199824159981[1].htm.1.drString found in binary or memory: https://store.steampowered.com/legal/
                  Source: MSBuild.exe, 00000001.00000002.3006158595.00000000030A3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3006158595.00000000030C3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmp, 76561199824159981[1].htm0.1.dr, 76561199824159981[1].htm.1.drString found in binary or memory: https://store.steampowered.com/mobile
                  Source: MSBuild.exe, 00000001.00000002.3006158595.00000000030A3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3006158595.00000000030C3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmp, 76561199824159981[1].htm0.1.dr, 76561199824159981[1].htm.1.drString found in binary or memory: https://store.steampowered.com/news/
                  Source: MSBuild.exe, 00000001.00000002.3006158595.00000000030A3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3006158595.00000000030C3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmp, 76561199824159981[1].htm0.1.dr, 76561199824159981[1].htm.1.drString found in binary or memory: https://store.steampowered.com/points/shop/
                  Source: MSBuild.exe, 00000001.00000002.3006158595.00000000030A3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3006158595.00000000030C3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmp, 76561199824159981[1].htm0.1.dr, 76561199824159981[1].htm.1.drString found in binary or memory: https://store.steampowered.com/privacy_agreement/
                  Source: MSBuild.exe, 00000001.00000002.3006158595.00000000030A3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3006158595.00000000030C3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmp, 76561199824159981[1].htm0.1.dr, 76561199824159981[1].htm.1.drString found in binary or memory: https://store.steampowered.com/stats/
                  Source: MSBuild.exe, 00000001.00000002.3006158595.00000000030A3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3006158595.00000000030C3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmp, 76561199824159981[1].htm0.1.dr, 76561199824159981[1].htm.1.drString found in binary or memory: https://store.steampowered.com/steam_refunds/
                  Source: MSBuild.exe, 00000001.00000002.3006158595.00000000030A3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3006158595.00000000030C3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmp, 76561199824159981[1].htm0.1.dr, 76561199824159981[1].htm.1.drString found in binary or memory: https://store.steampowered.com/subscriber_agreement/
                  Source: MSBuild.exe, 00000001.00000002.3005428855.0000000000A29000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/
                  Source: MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A16000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A29000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/sok33tn
                  Source: MSBuild.exe, 00000001.00000002.3005428855.0000000000A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/sok33tnU
                  Source: MSBuild.exe, 00000001.00000002.3005099023.000000000071D000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://t.me/sok33tna110mgzMozilla/5.0
                  Source: MSBuild.exe, 00000001.00000002.3005428855.0000000000A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/sok33tni
                  Source: MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/sok33tnp
                  Source: MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/sok33tny
                  Source: Howard.exeString found in binary or memory: https://twitter.com/
                  Source: Howard.exeString found in binary or memory: https://twitter.com/?
                  Source: Howard.exeString found in binary or memory: https://twitter.com/messages/
                  Source: MSBuild.exe, 00000001.00000002.3006158595.0000000003080000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://web.telegram.org
                  Source: MSBuild.exe, 00000001.00000002.3006158595.0000000003080000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A4A000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
                  Source: MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/recaptcha/
                  Source: MSBuild.exe, 00000001.00000002.3006158595.0000000003080000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A4A000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.cn/recaptcha/
                  Source: MSBuild.exe, 00000001.00000002.3006158595.0000000003080000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A4A000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/recaptcha/
                  Source: Howard.exeString found in binary or memory: https://www.linkedin.com
                  Source: Howard.exeString found in binary or memory: https://www.linkedin.com/messaging/
                  Source: Howard.exeString found in binary or memory: https://www.linkedin.com/uas/login
                  Source: Howard.exeString found in binary or memory: https://www.messenger.com/
                  Source: Howard.exeString found in binary or memory: https://www.messenger.com/t/
                  Source: MSBuild.exe, 00000001.00000002.3006158595.00000000030A3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3006158595.00000000030C3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmp, 76561199824159981[1].htm0.1.dr, 76561199824159981[1].htm.1.drString found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
                  Source: MSBuild.exe, 00000001.00000002.3006158595.0000000003080000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A4A000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com
                  Source: MSBuild.exe, 00000001.00000002.3006158595.0000000003080000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A4A000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
                  Source: Howard.exeString found in binary or memory: https://yahoo.com
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49980
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57269
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49990 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49980 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49959
                  Source: unknownNetwork traffic detected: HTTP traffic on port 57268 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49990
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49959 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57267
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57268
                  Source: unknownNetwork traffic detected: HTTP traffic on port 57267 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 57269 -> 443
                  Source: unknownHTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.4:49731 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 23.197.127.21:443 -> 192.168.2.4:49733 version: TLS 1.2

                  System Summary

                  barindex
                  Malicious sample detected (through community Yara rule)
                  Source: 1.2.MSBuild.exe.700000.0.unpack, type: UNPACKEDPEMatched rule: Finds Vidar samples based on the specific strings Author: Sekoia.io
                  Source: 0.2.Howard.exe.241861e.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Donutloader_f40e3759 Author: unknown
                  Source: 0.2.Howard.exe.3e5b3b0.3.raw.unpack, type: UNPACKEDPEMatched rule: Finds Vidar samples based on the specific strings Author: Sekoia.io
                  Source: 0.2.Howard.exe.241861e.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Donutloader_f40e3759 Author: unknown
                  Source: 00000000.00000002.1884214848.0000000002416000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Donutloader_f40e3759 Author: unknown
                  Source: C:\Users\user\Desktop\Howard.exeCode function: 0_2_004501C00_2_004501C0
                  Source: C:\Users\user\Desktop\Howard.exeCode function: 0_2_0044F9400_2_0044F940
                  Source: C:\Users\user\Desktop\Howard.exeCode function: 0_2_0044FED00_2_0044FED0
                  Source: C:\Users\user\Desktop\Howard.exeCode function: 0_2_004500B00_2_004500B0
                  Source: C:\Users\user\Desktop\Howard.exeCode function: 0_2_004501500_2_00450150
                  Source: C:\Users\user\Desktop\Howard.exeCode function: 0_2_0044E1B00_2_0044E1B0
                  Source: C:\Users\user\Desktop\Howard.exeCode function: 0_2_0042B2900_2_0042B290
                  Source: C:\Users\user\Desktop\Howard.exeCode function: 0_2_004423400_2_00442340
                  Source: C:\Users\user\Desktop\Howard.exeCode function: 0_2_0045C4600_2_0045C460
                  Source: C:\Users\user\Desktop\Howard.exeCode function: 0_2_004495600_2_00449560
                  Source: C:\Users\user\Desktop\Howard.exeCode function: 0_2_0044F6400_2_0044F640
                  Source: C:\Users\user\Desktop\Howard.exeCode function: 0_2_0044F6500_2_0044F650
                  Source: C:\Users\user\Desktop\Howard.exeCode function: 0_2_0044F6B00_2_0044F6B0
                  Source: C:\Users\user\Desktop\Howard.exeCode function: 0_2_004207000_2_00420700
                  Source: C:\Users\user\Desktop\Howard.exeCode function: 0_2_004597800_2_00459780
                  Source: C:\Users\user\Desktop\Howard.exeCode function: 0_2_004388200_2_00438820
                  Source: C:\Users\user\Desktop\Howard.exeCode function: 0_2_004429D00_2_004429D0
                  Source: C:\Users\user\Desktop\Howard.exeCode function: 0_2_0041599B0_2_0041599B
                  Source: C:\Users\user\Desktop\Howard.exeCode function: 0_2_00463A740_2_00463A74
                  Source: C:\Users\user\Desktop\Howard.exeCode function: 0_2_0041BC500_2_0041BC50
                  Source: C:\Users\user\Desktop\Howard.exeCode function: 0_2_00458D500_2_00458D50
                  Source: C:\Users\user\Desktop\Howard.exeCode function: 0_2_0044FD600_2_0044FD60
                  Source: C:\Users\user\Desktop\Howard.exeCode function: 0_2_00459E200_2_00459E20
                  Source: C:\Users\user\Desktop\Howard.exeCode function: 0_2_0044FFE00_2_0044FFE0
                  Source: C:\Users\user\Desktop\Howard.exeCode function: 0_2_024165A10_2_024165A1
                  Source: C:\Users\user\Desktop\Howard.exeCode function: 0_2_025320560_2_02532056
                  Source: C:\Users\user\Desktop\Howard.exeCode function: 0_2_0252D6620_2_0252D662
                  Source: C:\Users\user\Desktop\Howard.exeCode function: 0_2_0252E5560_2_0252E556
                  Source: C:\Users\user\Desktop\Howard.exeCode function: 0_2_0252ED5E0_2_0252ED5E
                  Source: C:\Users\user\Desktop\Howard.exeCode function: 0_2_0252E9260_2_0252E926
                  Source: C:\Users\user\Desktop\Howard.exeCode function: 0_2_0252F7FE0_2_0252F7FE
                  Source: C:\Users\user\Desktop\Howard.exeCode function: 0_2_0255CF900_2_0255CF90
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_0070AF7E1_2_0070AF7E
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_00717D561_2_00717D56
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_007151471_2_00715147
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_00704B3F1_2_00704B3F
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_007171E11_2_007171E1
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_007153AF1_2_007153AF
                  Source: C:\Users\user\Desktop\Howard.exeCode function: String function: 0041FC70 appears 56 times
                  Source: C:\Users\user\Desktop\Howard.exeCode function: String function: 0041F810 appears 32 times
                  Source: C:\Users\user\Desktop\Howard.exeCode function: String function: 00421820 appears 129 times
                  Source: C:\Users\user\Desktop\Howard.exeCode function: String function: 0041F230 appears 55 times
                  Source: C:\Users\user\Desktop\Howard.exeCode function: String function: 00420280 appears 139 times
                  Source: C:\Users\user\Desktop\Howard.exeCode function: String function: 0041FD40 appears 41 times
                  Source: C:\Users\user\Desktop\Howard.exeCode function: String function: 00421780 appears 78 times
                  Source: Howard.exeStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (console) Intel 80386, for MS Windows
                  Source: Howard.exeBinary or memory string: OriginalFilename vs Howard.exe
                  Source: Howard.exe, 00000000.00000000.1756627436.00000000004A5000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameWebView2Loader.dll~/ vs Howard.exe
                  Source: Howard.exe, 00000000.00000002.1899854955.00000000040E0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameYirscxwmjso.dll" vs Howard.exe
                  Source: Howard.exe, 00000000.00000002.1901019319.0000000005650000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameYirscxwmjso.dll" vs Howard.exe
                  Source: Howard.exe, 00000000.00000002.1885193672.0000000002DC1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs Howard.exe
                  Source: Howard.exe, 00000000.00000002.1902660896.0000000006410000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs Howard.exe
                  Source: Howard.exe, 00000000.00000002.1899854955.0000000004009000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs Howard.exe
                  Source: Howard.exe, 00000000.00000002.1899854955.0000000003E5B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs Howard.exe
                  Source: Howard.exe, 00000000.00000002.1899854955.0000000003DC1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs Howard.exe
                  Source: Howard.exe, 00000000.00000002.1899854955.0000000003DC1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs Howard.exe
                  Source: Howard.exe, 00000000.00000002.1902322964.0000000006070000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs Howard.exe
                  Source: Howard.exeBinary or memory string: OriginalFilenameWebView2Loader.dll~/ vs Howard.exe
                  Source: Howard.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
                  Source: 1.2.MSBuild.exe.700000.0.unpack, type: UNPACKEDPEMatched rule: infostealer_win_vidar_strings_nov23 author = Sekoia.io, description = Finds Vidar samples based on the specific strings, creation_date = 2023-11-10, classification = TLP:CLEAR, version = 1.0, reference = https://twitter.com/crep1x/status/1722652451319202242, id = b2c17627-f9b8-4401-b657-1cce560edc76
                  Source: 0.2.Howard.exe.241861e.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Donutloader_f40e3759 os = windows, severity = x86, creation_date = 2021-09-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Donutloader, fingerprint = 6400b34f762cebb4f91a8d24c5fce647e069a971fb3ec923a63aa98c8cfffab7, id = f40e3759-2531-4e21-946a-fb55104814c0, last_modified = 2022-01-13
                  Source: 0.2.Howard.exe.3e5b3b0.3.raw.unpack, type: UNPACKEDPEMatched rule: infostealer_win_vidar_strings_nov23 author = Sekoia.io, description = Finds Vidar samples based on the specific strings, creation_date = 2023-11-10, classification = TLP:CLEAR, version = 1.0, reference = https://twitter.com/crep1x/status/1722652451319202242, id = b2c17627-f9b8-4401-b657-1cce560edc76
                  Source: 0.2.Howard.exe.241861e.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Donutloader_f40e3759 os = windows, severity = x86, creation_date = 2021-09-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Donutloader, fingerprint = 6400b34f762cebb4f91a8d24c5fce647e069a971fb3ec923a63aa98c8cfffab7, id = f40e3759-2531-4e21-946a-fb55104814c0, last_modified = 2022-01-13
                  Source: 00000000.00000002.1884214848.0000000002416000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Donutloader_f40e3759 os = windows, severity = x86, creation_date = 2021-09-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Donutloader, fingerprint = 6400b34f762cebb4f91a8d24c5fce647e069a971fb3ec923a63aa98c8cfffab7, id = f40e3759-2531-4e21-946a-fb55104814c0, last_modified = 2022-01-13
                  Source: 0.2.Howard.exe.5320000.10.raw.unpack, -.csCryptographic APIs: 'CreateDecryptor'
                  Source: 0.2.Howard.exe.5320000.10.raw.unpack, -.csCryptographic APIs: 'TransformFinalBlock'
                  Source: 0.2.Howard.exe.5320000.10.raw.unpack, -.csCryptographic APIs: 'TransformFinalBlock'
                  Source: 0.2.Howard.exe.6410000.16.raw.unpack, ITaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask'
                  Source: 0.2.Howard.exe.6410000.16.raw.unpack, TaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask', 'CreateFolder'
                  Source: 0.2.Howard.exe.6410000.16.raw.unpack, Task.csTask registration methods: 'RegisterChanges', 'CreateTask'
                  Source: 0.2.Howard.exe.6410000.16.raw.unpack, TaskService.csTask registration methods: 'CreateFromToken'
                  Source: 0.2.Howard.exe.3e0b390.2.raw.unpack, ITaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask'
                  Source: 0.2.Howard.exe.3e0b390.2.raw.unpack, TaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask', 'CreateFolder'
                  Source: 0.2.Howard.exe.3e0b390.2.raw.unpack, Task.csSecurity API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                  Source: 0.2.Howard.exe.3e5b3b0.3.raw.unpack, TaskSecurity.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
                  Source: 0.2.Howard.exe.3e5b3b0.3.raw.unpack, TaskSecurity.csSecurity API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
                  Source: 0.2.Howard.exe.3e0b390.2.raw.unpack, TaskFolder.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                  Source: 0.2.Howard.exe.3e0b390.2.raw.unpack, User.csSecurity API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
                  Source: 0.2.Howard.exe.6410000.16.raw.unpack, Task.csSecurity API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                  Source: 0.2.Howard.exe.3e0b390.2.raw.unpack, TaskPrincipal.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                  Source: 0.2.Howard.exe.3e0b390.2.raw.unpack, TaskSecurity.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
                  Source: 0.2.Howard.exe.3e0b390.2.raw.unpack, TaskSecurity.csSecurity API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
                  Source: 0.2.Howard.exe.6410000.16.raw.unpack, TaskSecurity.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
                  Source: 0.2.Howard.exe.6410000.16.raw.unpack, TaskSecurity.csSecurity API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
                  Source: 0.2.Howard.exe.6410000.16.raw.unpack, TaskFolder.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                  Source: 0.2.Howard.exe.6410000.16.raw.unpack, TaskPrincipal.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                  Source: 0.2.Howard.exe.3e5b3b0.3.raw.unpack, TaskPrincipal.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                  Source: 0.2.Howard.exe.3e5b3b0.3.raw.unpack, User.csSecurity API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
                  Source: 0.2.Howard.exe.3e5b3b0.3.raw.unpack, TaskFolder.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                  Source: 0.2.Howard.exe.3e5b3b0.3.raw.unpack, Task.csSecurity API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                  Source: 0.2.Howard.exe.6410000.16.raw.unpack, User.csSecurity API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
                  Source: Howard.exeBinary string: F%s<%s></%s><?%s %s?><?%s?>D:(A;OICI;GA;;;WD)SetSecurityDescriptorDaclInitializeSecurityDescriptorConvertStringSecurityDescriptorToSecurityDescriptorWReactOSSOFTWARE\Microsoft\Windows NT\CurrentVersionService Pack 3Service Pack 2Service Pack 1IdentSOFTWARE\Microsoft\Windows\CurrentVersion\Media CenterInstalledSYSTEM\WPA\FundamentalsSYSTEM\CurrentControlSet\Control\PE BuilderSYSTEM\CurrentControlSet\Control\MiniNTLanmanNTServerNTWinNTProductTypeSYSTEM\CurrentControlSet\Control\ProductOptionsWDAGUtilityAccount\\.\GLOBALROOT\device\vmsmbC:\WcSandboxStateUnknown 0x%I64XUnknown CE Kernel 0x%I64XWindows CE 5.2Windows CE 5.0Windows 3.1Unknown DOS Kernel 0x%I64XWindows MEWindows 98 SEWindows 98Windows 95 OSR2Windows 95Unknown NT Kernel 0x%I64X [TerminalSession] [Fundamentals for Legacy PCs] [Domain Controller] [Home Server] [Terminal Services] [Storage Server] [Home Edition] [Embedded] [Enterprise] [Datacenter] [MediaCenter] [MediaCenter Vista] [MediaCenter 2005 Ex] [MediaCenter 2005] [MediaCenter 2004] [TabletPC] [MiniNT] [PE Builder] [Advanced Server] [Server]Windows 11Windows 10Windows 8.1Windows 8Windows 7Windows VistaWindows Server 2003Windows XPWindows 2000Windows NT4Windows NT3.51UBRDllGetVersion%u.%u.%u.%uIVersvcVersionSOFTWARE\Microsoft\Internet ExplorerCurrentVersionH2JWQLTRUEFALSE%dAlphaBlendTransparentBltmsimg32.dllCoInitializeExTrackMouseEventCurrentBuildCurrentMinorVersionNumberCurrentMajorVersionNumberProductIdSoftware\Microsoft\Windows\CurrentVersionHardwareAddressSystem\CurrentControlSet\Services\VxD\DHCP\DhcpInfo00MACAddressSELECT * FROM Win32_NetworkAdapterConfiguration WHERE IPEnabled=trueROOT\CIMV2NetworkAddressSOFTWARE\Description\Microsoft\Rpc\UuidTemporaryDataMACSOFTWARE\Microsoft\Windows Genuine AdvantageIdentifierHARDWARE\DEVICEMAP\Scsi\Scsi Port %u\Scsi Bus %u\Target Id %u\Logical Unit Id 0CountSYSTEM\CurrentControlSet\Services\Disk\Enum%04X-%04X-%04X-%04XSYSTEMROOT_NT_ALTERNATE_SYMBOL_PATH_NT_SYMBOL_PATHNtQueryInformationThreadSymGetLineFromAddr64SymGetModuleBase64SymFunctionTableAccess64StackWalk64SymGetModuleInfo64SymFromAddrSymGetSymFromAddr64SymSetOptionsSymInitializeMiniDumpWriteDumpdbghelp.dll0x%I64X@0x%I64X%s@0x%I64X - Offset: 0x%I64X%hs(0x%I64X,0x%I64X,0x%I64X,0x%I64X)
                  Source: classification engineClassification label: mal100.troj.evad.winEXE@3/2@15/3
                  Source: C:\Users\user\Desktop\Howard.exeCode function: 0_2_004432F0 GetLastError,FormatMessageW,FormatMessageW,GetModuleHandleW,FormatMessageW,0_2_004432F0
                  Source: C:\Users\user\Desktop\Howard.exeCode function: 0_2_02416CB1 CreateToolhelp32Snapshot,Thread32First,Wow64SuspendThread,CloseHandle,Thread32Next,0_2_02416CB1
                  Source: C:\Users\user\Desktop\Howard.exeCode function: 0_2_00439B10 CoCreateInstance,0_2_00439B10
                  Source: C:\Users\user\Desktop\Howard.exeCode function: 0_2_00436CC0 FindResourceExW,FindResourceExW,FindResourceExW,FindResourceExW,FindResourceExW,FindResourceExW,FindResourceExW,FindResourceExW,LoadResource,SizeofResource,LockResource,0_2_00436CC0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\76561199824159981[1].htmJump to behavior
                  Source: C:\Users\user\Desktop\Howard.exeMutant created: NULL
                  Source: Howard.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  Source: C:\Users\user\Desktop\Howard.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                  Source: Howard.exeString found in binary or memory: mail.yahoo.com/neo/launch
                  Source: Howard.exeString found in binary or memory: m.mail.virgilio.it/m/wmme.mail.ru/messages/inbox?octaviusif (document.getElementById("rem")) document.getElementById("rem").checked=true;https://accounts.zoho.com/cloginif (document.getElementById("pLabelC")) document.getElementById("pLabelC").className+=" checked"; if (document.getElementById("persistent")) document.getElementById("persistent").value="y";https://mail.yahoo.com/nmail.yahoo.com/dmail.yahoo.com/om/api/1.0/openmail.appmail.yahoo.com/neo/launchhttps://outlook.live.com/mail/https://login.live.comhttps://account.microsoft.com/login.live.com/ppsecure/post.srfif (document.getElementById("idChkBx_PWD_KMSI0Pwd")) if (document.getElementById("idChkBx_PWD_KMSI0Pwd").checked==false) if (document.getElementById("idLbl_PWD_KMSI_Cb")) document.getElementById("idLbl_PWD_KMSI_Cb").click();document.querySelectorAll('input[type=checkbox]')[0].click()OpenMailListTopMostSoftware\CompSoft\HowardMailListFlagswww.the-sz.comhttp://www.the-sz.com/Wino MailMozilla ThunderbirdLotus NotesIBM NotesMicrosoft MailHotmaileM ClientOpera developerOpera StableOperaInternet ExplorerFirefoxGoogle Chromehttps://go.microsoft.com/fwlink/p/?LinkId=2124703https://developer.microsoft.com/en-us/microsoft-edge/webview2/AppleMSN MessengerOutlookHotmail WhiteFancy OutlookOutlook.com WhiteCheckRangeDaysCheckRangeNewMailSoundToolTipTimeRefreshTime1 %1!u! Closemain
                  Source: unknownProcess created: C:\Users\user\Desktop\Howard.exe "C:\Users\user\Desktop\Howard.exe"
                  Source: C:\Users\user\Desktop\Howard.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
                  Source: C:\Users\user\Desktop\Howard.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"Jump to behavior
                  Source: C:\Users\user\Desktop\Howard.exeSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\Desktop\Howard.exeSection loaded: winmm.dllJump to behavior
                  Source: C:\Users\user\Desktop\Howard.exeSection loaded: wininet.dllJump to behavior
                  Source: C:\Users\user\Desktop\Howard.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Users\user\Desktop\Howard.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\Desktop\Howard.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\Desktop\Howard.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\Howard.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\Howard.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\Howard.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\Desktop\Howard.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Users\user\Desktop\Howard.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\Howard.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Users\user\Desktop\Howard.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Users\user\Desktop\Howard.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\user\Desktop\Howard.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: wininet.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: dbghelp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: winnsi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: schannel.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: mskeyprotect.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ntasn1.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: dpapi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ncrypt.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ncryptsslp.dllJump to behavior
                  Source: C:\Users\user\Desktop\Howard.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                  Source: C:\Users\user\Desktop\Howard.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                  Source: Howard.exeStatic file information: File size 2711552 > 1048576
                  Source: Howard.exeStatic PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x1fb000
                  Source: Howard.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                  Source: Binary string: A{"id":1,"method":"Storage.getCookies"}|.tgz.gzSecurityHistoryWork Dir: In memorySOFTWARE\Microsoft\Cryptographyfirefox%08lX%04lX%lu_key.txtSoft\Steam\steam_tokens.txt\Discord\tokens.txtpasswords.txtinformation.txtlocalhostWebSocketClient" & exitGdipGetImageHeightSoftGdipGetImagePixelFormatN0ZWFt\Monero\wallet.keysAzure\.awsstatusWallets_CreateProcessGdipGetImageEncodershttpsSoftware\Martin Prikryl\WinSCP 2\SessionsPlugins/devtoolsprefs.jsLocal Extension SettingsSync Extension SettingsFilescookiesCookies\BraveWallet\Preferenceskey_datas%s\%s\%sPortNumberCurrentBuildNumberGdiplusStartup.zipGdipCreateHBITMAPFromBitmapOpera Crypto.zooUnknownGdiplusShutdown/json_logins.jsoninvalid string positionSoftware\Martin Prikryl\WinSCP 2\ConfigurationDisplayVersionSOFTWARE\Microsoft\Windows NT\CurrentVersionopentokenamcommunity.comTelegramSoftware\Valve\SteamGdipSaveImageToStreamGdipLoadImageFromStream\AppData\Roaming\FileZilla\recentservers.xml.dllSOFTWARE\Microsoft\Windows\CurrentVersion\Uninstallapprove_aprilNetworkblock.arjprofiles.ini.lzhGdipGetImageWidthwallet_pathSteamPathscreenshot.jpgstring too longvector<T> too longProcessorNameStringloginusers.vdflibraryfolders.vdfconfig.vdfDialogConfig.vdfDialogConfigOverlay*.vdfGdipGetImageEncodersSizesteam.exeC:\Windows\system32\cmd.exeC:\Windows\system32\rundll32.exeBravetrueformhistory.sqlitecookies.sqliteplaces.sqliteLocal StatefalseAzure\.azureSOFTWARE\monero-project\monero-corechromefile_nameDisplayNameHostNameProductNameUserNameGdipSaveImageToFilemsal.cacheGdipDisposeImagemodeAzure\.IdentityServiceUseMasterPasswordhwidMachineGuidtask_idbuild_idCrash DetectedDisabled%dx%d%d/%d/%d %d:%d:%d.arcvdr1.pdb\Local Storage\leveldb_0.indexeddb.leveldb_formhistory.db_history.db_cookies.db_passwords.db_webdata.db_key4.db\key4.dbfile_dataLogin DataWeb DataoperaOperachrome-extension_[Processes][Software]\storage\default\\.aws\errors\\Telegram Desktop\\Steam\\config\\.azure\ Stable\\.IdentityService\\discord\/c timeout /t 10 & rd /s /q "C:\ProgramData\" & rd /s /q "C:\ProgramData\\..\.ZDISPLAYOpera GXEXCEPTION_INT_OVERFLOWEXCEPTION_FLT_OVERFLOWEXCEPTION_STACK_OVERFLOWEXCEPTION_FLT_UNDERFLOWPOSTEXCEPTION_BREAKPOINT\Local Storage\leveldb\CURRENTEXCEPTION_DATATYPE_MISALIGNMENTEXCEPTION_FLT_INEXACT_RESULTGETEXCEPTION_IN_PAGE_ERRORdQw4w9WgXcQEXCEPTION_SINGLE_STEPGdipCreateBitmapFromHBITMAPEXCEPTION_INT_DIVIDE_BY_ZEROEXCEPTION_FLT_DIVIDE_BY_ZEROEXCEPTION_NONCONTINUABLE_EXCEPTIONUNKNOWN EXCEPTIONEXCEPTION_INVALID_DISPOSITIONEXCEPTION_PRIV_INSTRUCTIONEXCEPTION_ILLEGAL_INSTRUCTIONEXCEPTION_FLT_INVALID_OPERATIONEXCEPTION_ACCESS_VIOLATIONEXCEPTION_FLT_STACK_CHECKEXCEPTION_FLT_DENORMAL_OPERANDEXCEPTION_ARRAY_BOUNDS_EXCEEDED%d MBIndexedDBOCALAPPDATA?<Host><Port><User><Pass encoding="base64">http://localhost:"webSocketDebuggerUrl":6^userContextId=4294967295465 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73ws://localhost:9223.metadata-v2comctl32gdi32:225121Windows 11HTTP/1.1HARDWARE\DESCRIPTION\System\CentralProcessor\0abcdefgh
                  Source: Binary string: C:\Users\Administrator\Desktop\vdr1\Release\vdr1.pdbA source: Howard.exe, 00000000.00000002.1885193672.0000000003247000.00000004.00000800.00020000.00000000.sdmp, Howard.exe, 00000000.00000002.1899854955.0000000003E5B000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005072720.0000000000719000.00000002.00000400.00020000.00000000.sdmp
                  Source: Binary string: q{"id":1,"method":"Storage.getCookies"}|.tgz.gzSecurityHistoryWork Dir: In memorySOFTWARE\Microsoft\Cryptographyfirefox%08lX%04lX%lu_key.txtSoft\Steam\steam_tokens.txt\Discord\tokens.txtpasswords.txtinformation.txtlocalhostWebSocketClient" & exitGdipGetImageHeightSoftGdipGetImagePixelFormatN0ZWFt\Monero\wallet.keysAzure\.awsstatusWallets_CreateProcessGdipGetImageEncodershttpsSoftware\Martin Prikryl\WinSCP 2\SessionsPlugins/devtoolsprefs.jsLocal Extension SettingsSync Extension SettingsFilescookiesCookies\BraveWallet\Preferenceskey_datas%s\%s\%sPortNumberCurrentBuildNumberGdiplusStartup.zipGdipCreateHBITMAPFromBitmapOpera Crypto.zooUnknownGdiplusShutdown/json_logins.jsoninvalid string positionSoftware\Martin Prikryl\WinSCP 2\ConfigurationDisplayVersionSOFTWARE\Microsoft\Windows NT\CurrentVersionopentokenamcommunity.comTelegramSoftware\Valve\SteamGdipSaveImageToStreamGdipLoadImageFromStream\AppData\Roaming\FileZilla\recentservers.xml.dllSOFTWARE\Microsoft\Windows\CurrentVersion\Uninstallapprove_aprilNetworkblock.arjprofiles.ini.lzhGdipGetImageWidthwallet_pathSteamPathscreenshot.jpgstring too longvector<T> too longProcessorNameStringloginusers.vdflibraryfolders.vdfconfig.vdfDialogConfig.vdfDialogConfigOverlay*.vdfGdipGetImageEncodersSizesteam.exeC:\Windows\system32\cmd.exeC:\Windows\system32\rundll32.exeBravetrueformhistory.sqlitecookies.sqliteplaces.sqliteLocal StatefalseAzure\.azureSOFTWARE\monero-project\monero-corechromefile_nameDisplayNameHostNameProductNameUserNameGdipSaveImageToFilemsal.cacheGdipDisposeImagemodeAzure\.IdentityServiceUseMasterPasswordhwidMachineGuidtask_idbuild_idCrash DetectedDisabled%dx%d%d/%d/%d %d:%d:%d.arcvdr1.pdb\Local Storage\leveldb_0.indexeddb.leveldb_formhistory.db_history.db_cookies.db_passwords.db_webdata.db_key4.db\key4.dbfile_dataLogin DataWeb DataoperaOperachrome-extension_[Processes][Software]\storage\default\\.aws\errors\\Telegram Desktop\\Steam\\config\\.azure\ Stable\\.IdentityService\\discord\/c timeout /t 10 & rd /s /q "C:\ProgramData\" & rd /s /q "C:\ProgramData\\..\.ZDISPLAYOpera GXEXCEPTION_INT_OVERFLOWEXCEPTION_FLT_OVERFLOWEXCEPTION_STACK_OVERFLOWEXCEPTION_FLT_UNDERFLOWPOSTEXCEPTION_BREAKPOINT\Local Storage\leveldb\CURRENTEXCEPTION_DATATYPE_MISALIGNMENTEXCEPTION_FLT_INEXACT_RESULTGETEXCEPTION_IN_PAGE_ERRORdQw4w9WgXcQEXCEPTION_SINGLE_STEPGdipCreateBitmapFromHBITMAPEXCEPTION_INT_DIVIDE_BY_ZEROEXCEPTION_FLT_DIVIDE_BY_ZEROEXCEPTION_NONCONTINUABLE_EXCEPTIONUNKNOWN EXCEPTIONEXCEPTION_INVALID_DISPOSITIONEXCEPTION_PRIV_INSTRUCTIONEXCEPTION_ILLEGAL_INSTRUCTIONEXCEPTION_FLT_INVALID_OPERATIONEXCEPTION_ACCESS_VIOLATIONEXCEPTION_FLT_STACK_CHECKEXCEPTION_FLT_DENORMAL_OPERANDEXCEPTION_ARRAY_BOUNDS_EXCEEDED%d MBIndexedDBOCALAPPDATA?<Host><Port><User><Pass encoding="base64">http://localhost:"webSocketDebuggerUrl":6^userContextId=4294967295465 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73ws://localhost:9223.metadata-v2comctl32gdi32:225121Windows 11HTTP/1.1HARDWARE\DESCRIPTION\System\CentralProcessor\0abcdefgh
                  Source: Binary string: vdr1.pdb source: Howard.exe, 00000000.00000002.1885193672.0000000003247000.00000004.00000800.00020000.00000000.sdmp, Howard.exe, 00000000.00000002.1899854955.0000000003E5B000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005072720.0000000000719000.00000002.00000400.00020000.00000000.sdmp
                  Source: Binary string: D:\a\_work\e\src\out\Release\WebView2Loader.dll.pdb source: Howard.exe
                  Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: Howard.exe, 00000000.00000002.1902660896.0000000006410000.00000004.08000000.00040000.00000000.sdmp, Howard.exe, 00000000.00000002.1899854955.0000000003E5B000.00000004.00000800.00020000.00000000.sdmp, Howard.exe, 00000000.00000002.1899854955.0000000003DC1000.00000004.00000800.00020000.00000000.sdmp
                  Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: Howard.exe, 00000000.00000002.1902660896.0000000006410000.00000004.08000000.00040000.00000000.sdmp, Howard.exe, 00000000.00000002.1899854955.0000000003E5B000.00000004.00000800.00020000.00000000.sdmp, Howard.exe, 00000000.00000002.1899854955.0000000003DC1000.00000004.00000800.00020000.00000000.sdmp
                  Source: Binary string: protobuf-net.pdbSHA256}Lq source: Howard.exe, 00000000.00000002.1899854955.0000000004009000.00000004.00000800.00020000.00000000.sdmp, Howard.exe, 00000000.00000002.1899854955.0000000003DC1000.00000004.00000800.00020000.00000000.sdmp, Howard.exe, 00000000.00000002.1902322964.0000000006070000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: protobuf-net.pdb source: Howard.exe, 00000000.00000002.1899854955.0000000004009000.00000004.00000800.00020000.00000000.sdmp, Howard.exe, 00000000.00000002.1899854955.0000000003DC1000.00000004.00000800.00020000.00000000.sdmp, Howard.exe, 00000000.00000002.1902322964.0000000006070000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: C:\Users\Administrator\Desktop\vdr1\Release\vdr1.pdb source: Howard.exe, 00000000.00000002.1885193672.0000000003247000.00000004.00000800.00020000.00000000.sdmp, Howard.exe, 00000000.00000002.1899854955.0000000003E5B000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005072720.0000000000719000.00000002.00000400.00020000.00000000.sdmp

                  Data Obfuscation

                  barindex
                  .NET source code contains potential unpacker
                  Source: 0.2.Howard.exe.6410000.16.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                  Source: 0.2.Howard.exe.6410000.16.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                  Source: 0.2.Howard.exe.6410000.16.raw.unpack, XmlSerializationHelper.cs.Net Code: ReadObjectProperties
                  Source: 0.2.Howard.exe.5320000.10.raw.unpack, -.cs.Net Code: _0001 System.AppDomain.Load(byte[])
                  Source: 0.2.Howard.exe.5320000.10.raw.unpack, -.cs.Net Code: _0001 System.Reflection.Assembly.Load(byte[])
                  Source: 0.2.Howard.exe.6070000.15.raw.unpack, TypeModel.cs.Net Code: TryDeserializeList
                  Source: 0.2.Howard.exe.6070000.15.raw.unpack, ListDecorator.cs.Net Code: Read
                  Source: 0.2.Howard.exe.6070000.15.raw.unpack, TypeSerializer.cs.Net Code: CreateInstance
                  Source: 0.2.Howard.exe.6070000.15.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateInstance
                  Source: 0.2.Howard.exe.6070000.15.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateIfNull
                  Source: 0.2.Howard.exe.3e0b390.2.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                  Source: 0.2.Howard.exe.3e0b390.2.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                  Source: 0.2.Howard.exe.3e0b390.2.raw.unpack, XmlSerializationHelper.cs.Net Code: ReadObjectProperties
                  Source: 0.2.Howard.exe.3e5b3b0.3.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                  Source: 0.2.Howard.exe.3e5b3b0.3.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                  Source: 0.2.Howard.exe.3e5b3b0.3.raw.unpack, XmlSerializationHelper.cs.Net Code: ReadObjectProperties
                  Yara detected Costura Assembly Loader
                  Source: Yara matchFile source: 0.2.Howard.exe.3f897a7.8.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.Howard.exe.5e20000.13.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.Howard.exe.5e20000.13.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.Howard.exe.3f49787.7.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.Howard.exe.3f897a7.8.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000000.00000002.1901284007.0000000005E20000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.1899854955.0000000003F29000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.1885193672.0000000002DC1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.1899854955.0000000004009000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: Howard.exe PID: 7380, type: MEMORYSTR
                  Source: C:\Users\user\Desktop\Howard.exeCode function: 0_2_0046AF9C LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_0046AF9C
                  Source: Howard.exeStatic PE information: real checksum: 0x554a7 should be: 0x2a3a87
                  Source: C:\Users\user\Desktop\Howard.exeCode function: 0_2_004617C0 push eax; ret 0_2_004617EE
                  Source: 0.2.Howard.exe.5650000.12.raw.unpack, uurv2ikYuxw7yOj2KgO.csHigh entropy of concatenated method names: 'uhTk0qgkAC', 'oloktfIKoI', 'XD3kLADwjN', 'spZkEwjhIZ', 'lUtkD0OMlS', 'C6IkCr7tD1', 'WCPkwPvd6K', 'tkNkNldvnn', 'oMAk276DCo', 'FKbkfwAOAF'
                  Source: C:\Users\user\Desktop\Howard.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Howard.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Howard.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Howard.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Howard.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Howard.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Howard.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Howard.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Howard.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Howard.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Howard.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Howard.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Howard.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Howard.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Howard.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Howard.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Howard.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Howard.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Howard.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Howard.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Howard.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Howard.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Howard.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Howard.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Howard.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Howard.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Howard.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Howard.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Howard.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Howard.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Howard.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Howard.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\Howard.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                  Malware Analysis System Evasion

                  barindex
                  Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                  Source: Howard.exe, 00000000.00000002.1885193672.0000000002DC1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL
                  Source: C:\Users\user\Desktop\Howard.exeMemory allocated: 2550000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\Howard.exeMemory allocated: 2DC0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\Howard.exeMemory allocated: 2C60000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\Howard.exeCode function: 0_2_00453DD0 rdtsc 0_2_00453DD0
                  Source: C:\Users\user\Desktop\Howard.exeAPI coverage: 1.8 %
                  Source: C:\Users\user\Desktop\Howard.exeCode function: 0_2_00426D50 GetSystemTime followed by cmp: cmp dword ptr [esp+20h], 01h and CTI: jne 00426DB7h0_2_00426D50
                  Source: C:\Users\user\Desktop\Howard.exeCode function: 0_2_0046D8DC FindFirstFileA,GetDriveTypeA,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FindClose,GetLastError,FindClose,0_2_0046D8DC
                  Source: C:\Users\user\Desktop\Howard.exeCode function: 0_2_00429890 SetErrorMode,SetErrorMode,FindFirstFileW,GetLastError,SetErrorMode,FindNextFileW,FindClose,SetErrorMode,0_2_00429890
                  Source: C:\Users\user\Desktop\Howard.exeCode function: 0_2_00457970 FindFirstFileA,0_2_00457970
                  Source: C:\Users\user\Desktop\Howard.exeCode function: 0_2_00428FE0 Sleep,FindFirstFileW,FindNextFileW,FindClose,0_2_00428FE0
                  Source: MSBuild.exe, 00000001.00000002.3005428855.00000000009D8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW0
                  Source: Howard.exe, 00000000.00000002.1885193672.0000000002DC1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware|VIRTUAL|A M I|Xen
                  Source: MSBuild.exe, 00000001.00000002.3005428855.0000000000A34000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                  Source: Howard.exe, 00000000.00000002.1885193672.0000000002DC1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Microsoft|VMWare|Virtual
                  Source: C:\Users\user\Desktop\Howard.exeProcess information queried: ProcessInformationJump to behavior
                  Source: C:\Users\user\Desktop\Howard.exeCode function: 0_2_00453DD0 rdtsc 0_2_00453DD0
                  Source: C:\Users\user\Desktop\Howard.exeCode function: 0_2_0046AF9C LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_0046AF9C
                  Source: C:\Users\user\Desktop\Howard.exeCode function: 0_2_02416B61 mov eax, dword ptr fs:[00000030h]0_2_02416B61
                  Source: C:\Users\user\Desktop\Howard.exeCode function: 0_2_024165A1 mov edx, dword ptr fs:[00000030h]0_2_024165A1
                  Source: C:\Users\user\Desktop\Howard.exeCode function: 0_2_02416F11 mov eax, dword ptr fs:[00000030h]0_2_02416F11
                  Source: C:\Users\user\Desktop\Howard.exeCode function: 0_2_024171B1 mov eax, dword ptr fs:[00000030h]0_2_024171B1
                  Source: C:\Users\user\Desktop\Howard.exeCode function: 0_2_024171B0 mov eax, dword ptr fs:[00000030h]0_2_024171B0
                  Source: C:\Users\user\Desktop\Howard.exeProcess token adjusted: DebugJump to behavior
                  Source: C:\Users\user\Desktop\Howard.exeProcess token adjusted: DebugJump to behavior
                  Source: C:\Users\user\Desktop\Howard.exeCode function: 0_2_0041CD10 OleInitialize,SetUnhandledExceptionFilter,SendMessageW,CopyIcon,SetTimer,0_2_0041CD10
                  Source: C:\Users\user\Desktop\Howard.exeCode function: 0_2_00447F30 SetUnhandledExceptionFilter,0_2_00447F30
                  Source: C:\Users\user\Desktop\Howard.exeMemory allocated: page read and write | page guardJump to behavior

                  HIPS / PFW / Operating System Protection Evasion

                  barindex
                  Injects a PE file into a foreign processes
                  Source: C:\Users\user\Desktop\Howard.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 700000 value starts with: 4D5AJump to behavior
                  Writes to foreign memory regions
                  Source: C:\Users\user\Desktop\Howard.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 700000Jump to behavior
                  Source: C:\Users\user\Desktop\Howard.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 701000Jump to behavior
                  Source: C:\Users\user\Desktop\Howard.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 719000Jump to behavior
                  Source: C:\Users\user\Desktop\Howard.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 71D000Jump to behavior
                  Source: C:\Users\user\Desktop\Howard.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 71F000Jump to behavior
                  Source: C:\Users\user\Desktop\Howard.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 720000Jump to behavior
                  Source: C:\Users\user\Desktop\Howard.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 721000Jump to behavior
                  Source: C:\Users\user\Desktop\Howard.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 452008Jump to behavior
                  Source: C:\Users\user\Desktop\Howard.exeCode function: 0_2_0042B970 ShellExecuteExW,0_2_0042B970
                  Source: C:\Users\user\Desktop\Howard.exeCode function: 0_2_0042DF93 SetForegroundWindow,SetForegroundWindow,keybd_event,keybd_event,keybd_event,keybd_event,keybd_event,SetForegroundWindow,SetActiveWindow,SystemParametersInfoW,GetCurrentThreadId,AttachThreadInput,0_2_0042DF93
                  Source: C:\Users\user\Desktop\Howard.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"Jump to behavior
                  Source: Howard.exeBinary or memory string: FWorkerWProgmanSoftware\Microsoft\Windows\CurrentVersion\Notifications\SettingsNOC_GLOBAL_SETTING_TOASTS_ENABLED%s [%u.%02u]\StringFileInfo\040904B0\FileVersion%u.%u\StringFileInfo\040704B0\FileVersion\StringFileInfo\040904B0\%s\StringFileInfo\040704B0\%sMS Shell Dlg 2Microsoft JhengHei UIMicrosoft YaHei UISegoe UITahomaSystemMS Shell DlgMS Sans Serifj
                  Source: Howard.exeBinary or memory string: Progman
                  Source: C:\Users\user\Desktop\Howard.exeCode function: 0_2_00453D10 cpuid 0_2_00453D10
                  Source: C:\Users\user\Desktop\Howard.exeCode function: GetLocaleInfoW,0_2_00440200
                  Source: C:\Users\user\Desktop\Howard.exeCode function: GetModuleHandleW,GetLocaleInfoW,SendMessageW,SendMessageW,GetModuleHandleW,PostMessageW,0_2_004403F0
                  Source: C:\Users\user\Desktop\Howard.exeCode function: GetLocaleInfoW,0_2_00411840
                  Source: C:\Users\user\Desktop\Howard.exeCode function: GetLocaleInfoA,0_2_00458A70
                  Source: C:\Users\user\Desktop\Howard.exeCode function: SendMessageW,SendMessageW,GetWindowLongW,SetWindowLongW,__ftol,__ftol,__ftol,__ftol,ImageList_Create,LoadImageW,LoadImageW,ImageList_ReplaceIcon,DestroyIcon,LoadImageW,ImageList_ReplaceIcon,DestroyIcon,GetSysColor,ImageList_SetBkColor,SendMessageW,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetLocaleInfoW,0_2_0042FB90
                  Source: C:\Users\user\Desktop\Howard.exeCode function: GetLocaleInfoW,GetLocaleInfoW,0_2_00447DF0
                  Source: C:\Users\user\Desktop\Howard.exeCode function: GetWindowLongW,BeginPaint,SaveDC,GetClientRect,GetParent,GetParent,SendMessageW,SendMessageW,GetStockObject,FillRect,SendMessageW,SelectObject,SetBkMode,GetParent,SendMessageW,GetLocaleInfoW,DrawTextW,RestoreDC,EndPaint,GetWindowLongW,LoadCursorW,SetCursor,GetClientRect,0_2_00440F60
                  Source: C:\Users\user\Desktop\Howard.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Howard.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\Howard.exeCode function: 0_2_004273E0 GetLocalTime,GetSystemTime,SystemTimeToFileTime,LocalFileTimeToFileTime,0_2_004273E0
                  Source: C:\Users\user\Desktop\Howard.exeCode function: 0_2_0044E870 GetUserNameW,0_2_0044E870
                  Source: C:\Users\user\Desktop\Howard.exeCode function: 0_2_004618D5 GetLocalTime,GetSystemTime,GetTimeZoneInformation,0_2_004618D5
                  Source: C:\Users\user\Desktop\Howard.exeCode function: 0_2_0046307E GetVersionExA,GetEnvironmentVariableA,GetModuleFileNameA,0_2_0046307E
                  Source: C:\Users\user\Desktop\Howard.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                  Stealing of Sensitive Information

                  barindex
                  Yara detected Vidar stealer
                  Source: Yara matchFile source: 1.2.MSBuild.exe.700000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.Howard.exe.3e5b3b0.3.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000000.00000002.1899854955.0000000003E5B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: Howard.exe PID: 7380, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: MSBuild.exe PID: 7504, type: MEMORYSTR

                  Remote Access Functionality

                  barindex
                  Yara detected Vidar stealer
                  Source: Yara matchFile source: 1.2.MSBuild.exe.700000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.Howard.exe.3e5b3b0.3.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000000.00000002.1899854955.0000000003E5B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: Howard.exe PID: 7380, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: MSBuild.exe PID: 7504, type: MEMORYSTR

                  Mitre Att&ck Matrix

                  ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                  Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
                  Command and Scripting Interpreter                  		1
                  Scheduled Task/Job                  		1
                  Exploitation for Privilege Escalation                  		1
                  Masquerading                  		OS Credential Dumping12
                  System Time Discovery                  		Remote Services11
                  Archive Collected Data                  		21
                  Encrypted Channel                  		Exfiltration Over Other Network MediumAbuse Accessibility Features
                  CredentialsDomainsDefault Accounts1
                  Scheduled Task/Job                  		1
                  DLL Side-Loading                  		212
                  Process Injection                  		1
                  Virtualization/Sandbox Evasion                  		LSASS Memory111
                  Security Software Discovery                  		Remote Desktop ProtocolData from Removable Media2
                  Ingress Tool Transfer                  		Exfiltration Over BluetoothNetwork Denial of Service
                  Email AddressesDNS ServerDomain Accounts1
                  Native API                  		Logon Script (Windows)1
                  Scheduled Task/Job                  		1
                  Disable or Modify Tools                  		Security Account Manager1
                  Virtualization/Sandbox Evasion                  		SMB/Windows Admin SharesData from Network Shared Drive2
                  Non-Application Layer Protocol                  		Automated ExfiltrationData Encrypted for Impact
                  Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
                  DLL Side-Loading                  		212
                  Process Injection                  		NTDS3
                  Process Discovery                  		Distributed Component Object ModelInput Capture13
                  Application Layer Protocol                  		Traffic DuplicationData Destruction
                  Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script11
                  Deobfuscate/Decode Files or Information                  		LSA Secrets1
                  Account Discovery                  		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                  Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts2
                  Obfuscated Files or Information                  		Cached Domain Credentials1
                  System Owner/User Discovery                  		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                  DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                  Software Packing                  		DCSync1
                  File and Directory Discovery                  		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                  Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                  DLL Side-Loading                  		Proc Filesystem34
                  System Information Discovery                  		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

                  Behavior Graph

                  Hide Legend

                  Legend:

                  • Process
                  • Signature
                  • Created File
                  • DNS/IP Info
                  • Is Dropped
                  • Is Windows Process
                  • Number of created Registry Values
                  • Number of created Files
                  • Visual Basic
                  • Delphi
                  • Java
                  • .Net C# or VB.NET
                  • C, C++ or other language
                  • Is malicious
                  • Internet

                  Screenshots

                  Thumbnails

                  This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                  windows-stand

                  Antivirus, Machine Learning and Genetic Malware Detection

                  Initial Sample

                  SourceDetectionScannerLabelLink
                  Howard.exe5%ReversingLabsWin32.Trojan.Nekark

                  Dropped Files

                  No Antivirus matches

                  Unpacked PE Files

                  No Antivirus matches

                  Domains

                  No Antivirus matches

                  URLs

                  SourceDetectionScannerLabelLink
                  https://m.mail.virgilio.it/m/wmm0%Avira URL Cloudsafe
                  https://ssl-sso.orange.fr/authM0%Avira URL Cloudsafe
                  https://s.y0%Avira URL Cloudsafe
                  https://opbafindi.com/E100%Avira URL Cloudmalware
                  https://95.216.180.186/)100%Avira URL Cloudmalware
                  https://95.216.180.186/0100%Avira URL Cloudmalware
                  https://95.216.180.186/4100%Avira URL Cloudmalware
                  https://checkout.steampowe0%Avira URL Cloudsafe
                  http://www.the-sz.com/Wino0%Avira URL Cloudsafe
                  https://community.cloud0%Avira URL Cloudsafe
                  http://m.o2.pl/0%Avira URL Cloudsafe
                  http://mdsp.orange.fr0%Avira URL Cloudsafe
                  http://www.the-sz.com/F0%Avira URL Cloudsafe
                  http://www.the-sz.com/0%Avira URL Cloudsafe
                  https://opbafindi.com100%Avira URL Cloudmalware

                  Domains and IPs

                  Contacted Domains

                  NameIPActiveMaliciousAntivirus DetectionReputation
                  bg.microsoft.map.fastly.net
                  		199.232.210.172
                  		truefalse
                    		high
                    steamcommunity.com
                    		23.197.127.21
                    		truefalse
                      		high
                      t.me
                      		149.154.167.99
                      		truefalse
                        		high
                        s-part-0017.t-0009.t-msedge.net
                        		13.107.246.45
                        		truefalse
                          		high
                          opbafindi.com
                          		unknown
                          		unknowntrue
                            		unknown

                            Contacted URLs

                            NameMaliciousAntivirus DetectionReputation
                            https://steamcommunity.com/profiles/76561199824159981false
                              		high

                              URLs from Memory and Binaries

                              NameSourceMaliciousAntivirus DetectionReputation
                              https://outlook.live.com/owa/Howard.exefalse
                                		high
                                https://www.linkedin.comHoward.exefalse
                                  		high
                                  http://Mail.Google.comHoward.exefalse
                                    		high
                                    https://www.messenger.com/t/Howard.exefalse
                                      		high
                                      https://www.linkedin.com/uas/loginHoward.exefalse
                                        		high
                                        https://community.cloudflare.steamstatic.com/public/css/globalv2.css?v=N4H9vOOxi8kG&amp;l=english&amMSBuild.exe, 00000001.00000002.3006158595.00000000030A3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3006158595.00000000030C3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmp, 76561199824159981[1].htm0.1.dr, 76561199824159981[1].htm.1.drfalse
                                          		high
                                          https://www.gstatic.cn/recaptcha/MSBuild.exe, 00000001.00000002.3006158595.0000000003080000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A4A000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_global.js?v=L76dql3x7WIMSBuild.exe, 00000001.00000002.3006158595.00000000030A3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3006158595.00000000030C3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmp, 76561199824159981[1].htm0.1.dr, 76561199824159981[1].htm.1.drfalse
                                              		high
                                              https://community.cloudflare.steamstatic.com/public/css/applications/community/main.css?v=isaCx97tvAMSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmp, 76561199824159981[1].htm0.1.dr, 76561199824159981[1].htm.1.drfalse
                                                		high
                                                http://www.valvesoftware.com/legal.htmMSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmp, 76561199824159981[1].htm0.1.dr, 76561199824159981[1].htm.1.drfalse
                                                  		high
                                                  https://community.cloudflare.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=gQHVlrK4-jX-&aMSBuild.exe, 00000001.00000002.3006158595.00000000030A3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3006158595.00000000030C3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmp, 76561199824159981[1].htm0.1.dr, 76561199824159981[1].htm.1.drfalse
                                                    		high
                                                    https://mail.yahoo.com/Howard.exefalse
                                                      		high
                                                      https://www.youtube.comMSBuild.exe, 00000001.00000002.3006158595.0000000003080000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A4A000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://ssl-sso.orange.fr/authMHoward.exefalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        https://community.cloudflare.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2SMSBuild.exe, 00000001.00000002.3006158595.00000000030A3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3006158595.00000000030C3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmp, 76561199824159981[1].htm0.1.dr, 76561199824159981[1].htm.1.drfalse
                                                          		high
                                                          https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=%s&response_type=code&redirHoward.exefalse
                                                            		high
                                                            https://oauth.yandex.com/authorize?client_id=%s&response_type=code&redirect_uri=http%%3A%%2F%%2FlocaHoward.exefalse
                                                              		high
                                                              https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20FeedbackMSBuild.exe, 00000001.00000002.3006158595.00000000030A3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3006158595.00000000030C3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmp, 76561199824159981[1].htm0.1.dr, 76561199824159981[1].htm.1.drfalse
                                                                		high
                                                                https://community.cloudflare.steamstatic.com/public/css/skin_1/fatalerror.css?v=OFUqlcDNiD6y&amp;l=eMSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmp, 76561199824159981[1].htm.1.drfalse
                                                                  		high
                                                                  https://steamcommunity.com/profiles/76561199824159981a110mgzMozilla/5.0MSBuild.exe, 00000001.00000002.3005099023.000000000071D000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://opbafindi.com/EMSBuild.exe, 00000001.00000002.3005428855.0000000000A4A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: malware
                                                                    		unknown
                                                                    https://s.ytimg.com;MSBuild.exe, 00000001.00000002.3006158595.0000000003080000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A4A000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameHoward.exe, 00000000.00000002.1885193672.0000000002DC1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://www.GMX.comHoward.exefalse
                                                                          		high
                                                                          https://checkout.steampoweMSBuild.exe, 00000001.00000002.3006158595.0000000003080000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          https://community.cloudflare.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDMSBuild.exe, 00000001.00000002.3006158595.00000000030A3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3006158595.00000000030C3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmp, 76561199824159981[1].htm0.1.dr, 76561199824159981[1].htm.1.drfalse
                                                                            		high
                                                                            https://avatars.cloudflare.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_4oMSBuild.exe, 00000001.00000002.3005428855.0000000000A8E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://community.cloudMSBuild.exe, 00000001.00000002.3005428855.0000000000A8E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              https://community.cloudflare.steamstatic.com/public/javasMSBuild.exe, 00000001.00000002.3005428855.0000000000A8E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://stackoverflow.com/q/14436606/23354Howard.exe, 00000000.00000002.1885193672.0000000002DC1000.00000004.00000800.00020000.00000000.sdmp, Howard.exe, 00000000.00000002.1899854955.0000000004009000.00000004.00000800.00020000.00000000.sdmp, Howard.exe, 00000000.00000002.1899854955.0000000003DC1000.00000004.00000800.00020000.00000000.sdmp, Howard.exe, 00000000.00000002.1902322964.0000000006070000.00000004.08000000.00040000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://s.yMSBuild.exe, 00000001.00000002.3006158595.0000000003080000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  		unknown
                                                                                  https://community.cloudflare.steamstatic.com/public/shared/css/shared_global.css?v=sd6kCnGQW5Ji&amp;MSBuild.exe, 00000001.00000002.3006158595.00000000030A3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3006158595.00000000030C3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmp, 76561199824159981[1].htm0.1.dr, 76561199824159981[1].htm.1.drfalse
                                                                                    		high
                                                                                    https://messenger.com/t/Howard.exefalse
                                                                                      		high
                                                                                      https://t.me/sok33tna110mgzMozilla/5.0MSBuild.exe, 00000001.00000002.3005099023.000000000071D000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://lv.queniujq.cnMSBuild.exe, 00000001.00000002.3006158595.0000000003080000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A4A000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://www.youtube.com/MSBuild.exe, 00000001.00000002.3006158595.0000000003080000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A4A000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://community.cloudflare.steamstatic.com/public/javascript/modalContent.js?v=XfYrwi9zUC4b&amMSBuild.exe, 00000001.00000002.3005428855.0000000000A8E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://www.the-sz.com/WinoHoward.exefalse
                                                                                              • Avira URL Cloud: safe
                                                                                              		unknown
                                                                                              https://community.cloudflare.steamstatic.com/public/css/skin_1/header.css?v=EZbG2DEumYDH&amp;l=engliMSBuild.exe, 00000001.00000002.3006158595.00000000030A3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3006158595.00000000030C3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmp, 76561199824159981[1].htm0.1.dr, 76561199824159981[1].htm.1.drfalse
                                                                                                		high
                                                                                                https://community.cloudflare.steamstatic.com/public/javascript/modalv2.js?v=zBXEuexVQ0FZ&amp;l=engliMSBuild.exe, 00000001.00000002.3006158595.00000000030A3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3006158595.00000000030C3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmp, 76561199824159981[1].htm0.1.drfalse
                                                                                                  		high
                                                                                                  https://community.cloudflare.steamstatic.com/public/shared/images/responsive/logo_valve_footer.pngMSBuild.exe, 00000001.00000002.3006158595.00000000030A3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3006158595.00000000030C3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmp, 76561199824159981[1].htm0.1.dr, 76561199824159981[1].htm.1.drfalse
                                                                                                    		high
                                                                                                    https://avatars.cloudflare.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_fulMSBuild.exe, 00000001.00000002.3005428855.0000000000A8E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://accounts.zoho.com/cloginHoward.exefalse
                                                                                                        		high
                                                                                                        https://95.216.180.186/)MSBuild.exe, 00000001.00000002.3005428855.0000000000A4A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        • Avira URL Cloud: malware
                                                                                                        		unknown
                                                                                                        https://community.cloudflare.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016MSBuild.exe, 00000001.00000002.3006158595.00000000030A3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3006158595.00000000030C3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmp, 76561199824159981[1].htm0.1.dr, 76561199824159981[1].htm.1.drfalse
                                                                                                          		high
                                                                                                          https://outlook.live.com/mail/inbox/Howard.exefalse
                                                                                                            		high
                                                                                                            https://www.google.com/recaptcha/MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://checkout.steampowered.com/MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://95.216.180.186/0MSBuild.exe, 00000001.00000002.3006158595.0000000003080000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                • Avira URL Cloud: malware
                                                                                                                		unknown
                                                                                                                https://community.cloudflare.steamstatic.com/public/javascript/applications/community/libraries~b28bMSBuild.exe, 00000001.00000002.3006158595.00000000030A3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3006158595.00000000030C3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmp, 76561199824159981[1].htm0.1.dr, 76561199824159981[1].htm.1.drfalse
                                                                                                                  		high
                                                                                                                  https://95.216.180.186/4MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  • Avira URL Cloud: malware
                                                                                                                  		unknown
                                                                                                                  https://community.cloudflare.steamstatic.com/public/javascript/reportedcontent.js?v=-lZqrarogJr8&ampMSBuild.exe, 00000001.00000002.3006158595.00000000030A3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3006158595.00000000030C3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmp, 76561199824159981[1].htm0.1.drfalse
                                                                                                                    		high
                                                                                                                    https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_logo.pngMSBuild.exe, 00000001.00000002.3006158595.00000000030A3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3006158595.00000000030C3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmp, 76561199824159981[1].htm0.1.dr, 76561199824159981[1].htm.1.drfalse
                                                                                                                      		high
                                                                                                                      https://community.cloudflare.steamstatic.com/public/javascript/reportedcontent.js?v=MSBuild.exe, 00000001.00000002.3005428855.0000000000A8E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://www.Outlook.comHoward.exefalse
                                                                                                                          		high
                                                                                                                          https://e.mail.ruHoward.exefalse
                                                                                                                            		high
                                                                                                                            https://outlook.live.com/mail/Howard.exefalse
                                                                                                                              		high
                                                                                                                              https://outlook.live.com/mail/0/Howard.exefalse
                                                                                                                                		high
                                                                                                                                https://community.cloudflare.steamstatic.com/public/css/promo/summer2017/stickers.css?v=INiZALwvDIbbMSBuild.exe, 00000001.00000002.3006158595.00000000030A3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3006158595.00000000030C3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmp, 76561199824159981[1].htm0.1.drfalse
                                                                                                                                  		high
                                                                                                                                  https://help.steampowered.com/en/MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmp, 76561199824159981[1].htm0.1.dr, 76561199824159981[1].htm.1.drfalse
                                                                                                                                    		high
                                                                                                                                    https://m.mail.virgilio.it/m/wmmHoward.exefalse
                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                    		unknown
                                                                                                                                    http://m.o2.pl/Howard.exefalse
                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                    		unknown
                                                                                                                                    http://mdsp.orange.frHoward.exefalse
                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                    		unknown
                                                                                                                                    https://community.cloudflare.steamstatic.com/public/javascript/global.js?v=3W_ge11SZngF&amp;l=englisMSBuild.exe, 00000001.00000002.3006158595.00000000030A3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3006158595.00000000030C3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmp, 76561199824159981[1].htm0.1.dr, 76561199824159981[1].htm.1.drfalse
                                                                                                                                      		high
                                                                                                                                      https://community.cloudflare.steamstatic.com/public/javascript/applications/community/manifest.js?v=MSBuild.exe, 00000001.00000002.3006158595.00000000030A3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3006158595.00000000030C3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmp, 76561199824159981[1].htm0.1.dr, 76561199824159981[1].htm.1.drfalse
                                                                                                                                        		high
                                                                                                                                        https://recaptcha.net/recaptcha/;MSBuild.exe, 00000001.00000002.3006158595.0000000003080000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A4A000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          http://www.the-sz.com/FHoward.exefalse
                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                          		unknown
                                                                                                                                          https://autologon.microsoftazuread-sso.com/class=Howard.exefalse
                                                                                                                                            		high
                                                                                                                                            http://www.the-sz.com/Howard.exefalse
                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                            		unknown
                                                                                                                                            https://e.mail.ru/loginHoward.exefalse
                                                                                                                                              		high
                                                                                                                                              https://broadcast.st.dl.eccdnx.comMSBuild.exe, 00000001.00000002.3006158595.0000000003080000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A4A000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://community.cloudflare.steamstatic.com/public/images/skin_1/arrowDn9x5.gifMSBuild.exe, 00000001.00000002.3006158595.00000000030A3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3006158595.00000000030C3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmp, 76561199824159981[1].htm0.1.drfalse
                                                                                                                                                  		high
                                                                                                                                                  https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?vMSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmp, 76561199824159981[1].htm0.1.dr, 76561199824159981[1].htm.1.drfalse
                                                                                                                                                    		high
                                                                                                                                                    https://community.cloudflare.steamstatic.com/public/css/skin_1/profilev2.css?v=l1VAyDrxeeyo&amp;l=enMSBuild.exe, 00000001.00000002.3006158595.00000000030A3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3006158595.00000000030C3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmp, 76561199824159981[1].htm0.1.drfalse
                                                                                                                                                      		high
                                                                                                                                                      https://stackoverflow.com/q/11564914/23354;Howard.exe, 00000000.00000002.1899854955.0000000004009000.00000004.00000800.00020000.00000000.sdmp, Howard.exe, 00000000.00000002.1899854955.0000000003DC1000.00000004.00000800.00020000.00000000.sdmp, Howard.exe, 00000000.00000002.1902322964.0000000006070000.00000004.08000000.00040000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.pMSBuild.exe, 00000001.00000002.3006158595.00000000030A3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3006158595.00000000030C3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmp, 76561199824159981[1].htm0.1.dr, 76561199824159981[1].htm.1.drfalse
                                                                                                                                                          		high
                                                                                                                                                          https://outlook.office365.com/mail/Howard.exefalse
                                                                                                                                                            		high
                                                                                                                                                            https://t.me/sok33tnUMSBuild.exe, 00000001.00000002.3005428855.0000000000A4A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://steamcommunity.com/workshop/MSBuild.exe, 00000001.00000002.3006158595.00000000030A3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3006158595.00000000030C3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmp, 76561199824159981[1].htm0.1.dr, 76561199824159981[1].htm.1.drfalse
                                                                                                                                                                		high
                                                                                                                                                                https://login.steampowered.com/MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://steamcommunity.com/7MSBuild.exe, 00000001.00000002.3005428855.0000000000A4A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://store.steampowered.com/legal/MSBuild.exe, 00000001.00000002.3006158595.00000000030A3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3006158595.00000000030C3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmp, 76561199824159981[1].htm0.1.dr, 76561199824159981[1].htm.1.drfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://opbafindi.comMSBuild.exe, 00000001.00000002.3005428855.0000000000A16000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      • Avira URL Cloud: malware
                                                                                                                                                                      		unknown
                                                                                                                                                                      https://t.me/sok33tniMSBuild.exe, 00000001.00000002.3005428855.0000000000A4A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://mail.google.com/mail/feed/atom/%sHoward.exefalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://github.com/mgravell/protobuf-netHoward.exe, 00000000.00000002.1899854955.0000000004009000.00000004.00000800.00020000.00000000.sdmp, Howard.exe, 00000000.00000002.1899854955.0000000003DC1000.00000004.00000800.00020000.00000000.sdmp, Howard.exe, 00000000.00000002.1902322964.0000000006070000.00000004.08000000.00040000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://store.steampowered.com/76561199824159981[1].htm.1.drfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://twitter.com/Howard.exefalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://steamcommunity.comMSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmp, 76561199824159981[1].htm.1.drfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://t.me/sok33tnyMSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    http://127.0.0.1:27060MSBuild.exe, 00000001.00000002.3006158595.0000000003080000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A4A000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://mail.google.com/Howard.exefalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://t.me/sok33tnpMSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          http://www.orange.fr/Howard.exefalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://inbox.google.com/Howard.exefalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://outlook.live.comHoward.exefalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://community.cloudflare.steamstatic.com/public/shared/css/shared_responsive.css?v=n4_f9JKDa7wP&MSBuild.exe, 00000001.00000002.3006158595.00000000030A3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3006158595.00000000030C3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmp, 76561199824159981[1].htm0.1.dr, 76561199824159981[1].htm.1.drfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  https://outlook.live.com/owa/logoff.owaHoward.exefalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    https://community.cloudflare.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&amp;MSBuild.exe, 00000001.00000002.3006158595.00000000030A3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3006158595.00000000030C3000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000001.00000002.3005428855.0000000000A9A000.00000004.00000020.00020000.00000000.sdmp, 76561199824159981[1].htm0.1.dr, 76561199824159981[1].htm.1.drfalse
                                                                                                                                                                                                      		high

                                                                                                                                                                                                      World Map of Contacted IPs

                                                                                                                                                                                                      • No. of IPs < 25%
                                                                                                                                                                                                      • 25% < No. of IPs < 50%
                                                                                                                                                                                                      • 50% < No. of IPs < 75%
                                                                                                                                                                                                      • 75% < No. of IPs

                                                                                                                                                                                                      Public IPs

                                                                                                                                                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                      23.197.127.21
                                                                                                                                                                                                      		steamcommunity.comUnited States
                                                                                                                                                                                                      		20940AKAMAI-ASN1EUfalse
                                                                                                                                                                                                      95.216.180.186
                                                                                                                                                                                                      		unknownGermany
                                                                                                                                                                                                      		24940HETZNER-ASDEfalse
                                                                                                                                                                                                      149.154.167.99
                                                                                                                                                                                                      		t.meUnited Kingdom
                                                                                                                                                                                                      		62041TELEGRAMRUfalse

                                                                                                                                                                                                      General Information

                                                                                                                                                                                                      Joe Sandbox version:42.0.0 Malachite
                                                                                                                                                                                                      Analysis ID:1614812
                                                                                                                                                                                                      Start date and time:2025-02-14 06:30:20 +01:00
                                                                                                                                                                                                      Joe Sandbox product:CloudBasic
                                                                                                                                                                                                      Overall analysis duration:0h 7m 8s
                                                                                                                                                                                                      Hypervisor based Inspection enabled:false
                                                                                                                                                                                                      Report type:full
                                                                                                                                                                                                      Cookbook file name:default.jbs
                                                                                                                                                                                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                      Number of analysed new started processes analysed:6
                                                                                                                                                                                                      Number of new started drivers analysed:0
                                                                                                                                                                                                      Number of existing processes analysed:0
                                                                                                                                                                                                      Number of existing drivers analysed:0
                                                                                                                                                                                                      Number of injected processes analysed:0
                                                                                                                                                                                                      Technologies:
                                                                                                                                                                                                      • HCA enabled
                                                                                                                                                                                                      • EGA enabled
                                                                                                                                                                                                      • AMSI enabled
                                                                                                                                                                                                      Analysis Mode:default
                                                                                                                                                                                                      Analysis stop reason:Timeout
                                                                                                                                                                                                      Sample name:Howard.exe
                                                                                                                                                                                                      Detection:MAL
                                                                                                                                                                                                      Classification:mal100.troj.evad.winEXE@3/2@15/3
                                                                                                                                                                                                      EGA Information:
                                                                                                                                                                                                      • Successful, ratio: 100%
                                                                                                                                                                                                      HCA Information:
                                                                                                                                                                                                      • Successful, ratio: 94%
                                                                                                                                                                                                      • Number of executed functions: 75
                                                                                                                                                                                                      • Number of non-executed functions: 322
                                                                                                                                                                                                      Cookbook Comments:
                                                                                                                                                                                                      • Found application associated with file extension: .exe

                                                                                                                                                                                                      Warnings

                                                                                                                                                                                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                                                                                                                                                                      • Excluded IPs from analysis (whitelisted): 172.202.163.200, 199.232.210.172, 2.23.77.188, 13.95.31.18, 13.85.23.206, 52.149.20.212, 13.107.246.45
                                                                                                                                                                                                      • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, otelrules.azureedge.net, e3913.cd.akamaiedge.net, otelrules.afd.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com, cac-ocsp.digicert.com.edgekey.net, fe3.delivery.mp.microsoft.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, azureedge-t-prod.trafficmanager.net, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net
                                                                                                                                                                                                      • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                      • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                      • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                                                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                      • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                                                                                                                                      Simulations

                                                                                                                                                                                                      Behavior and APIs

                                                                                                                                                                                                      TimeTypeDescription
                                                                                                                                                                                                      00:32:52API Interceptor1x Sleep call for process: MSBuild.exe modified

                                                                                                                                                                                                      Joe Sandbox View / Context

                                                                                                                                                                                                      IPs

                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                      23.197.127.21http://steamcomunity.aiq.ru/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                      • steamcommunity.com/
                                                                                                                                                                                                      95.216.180.186Howard_patched.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                        149.154.167.99http://45.142.208.144.sslip.io/blog/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • telegram.org/img/emoji/40/F09F9889.png
                                                                                                                                                                                                        http://xn--r1a.website/s/ogorodruGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • telegram.org/img/favicon.ico
                                                                                                                                                                                                        http://cryptorabotakzz.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • telegram.org/
                                                                                                                                                                                                        http://cache.netflix.com.id1.wuush.us.kg/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • telegram.org/dl?tme=fe3233c08ff79d4814_5062105595184761217
                                                                                                                                                                                                        http://investors.spotify.com.sg2.wuush.us.kg/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • telegram.org/
                                                                                                                                                                                                        http://bekaaviator.kz/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • telegram.org/
                                                                                                                                                                                                        http://telegramtw1.org/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • telegram.org/?setln=pl
                                                                                                                                                                                                        http://makkko.kz/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • telegram.org/
                                                                                                                                                                                                        http://telegram.dogGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • telegram.dog/
                                                                                                                                                                                                        LnSNtO8JIa.exeGet hashmaliciousCinoshi StealerBrowse
                                                                                                                                                                                                        • t.me/cinoshibot

                                                                                                                                                                                                        Domains

                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                        t.mehttps://woodfordservicecentre.craft.me/iz204wmfgdyEOmGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 104.21.27.108
                                                                                                                                                                                                        http://result526.top/Get hashmaliciousTelegram PhisherBrowse
                                                                                                                                                                                                        • 149.154.167.99
                                                                                                                                                                                                        http://telegram.outsmarttookurmoney.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 149.154.167.99
                                                                                                                                                                                                        https://coinatrx.top/Get hashmaliciousTelegram PhisherBrowse
                                                                                                                                                                                                        • 149.154.167.99
                                                                                                                                                                                                        https://waaws.icu/Get hashmaliciousTelegram PhisherBrowse
                                                                                                                                                                                                        • 149.154.167.99
                                                                                                                                                                                                        Howard_patched.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                        • 149.154.167.99
                                                                                                                                                                                                        main.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                        • 149.154.167.99
                                                                                                                                                                                                        qNXDfsU2K7.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 149.154.167.99
                                                                                                                                                                                                        H5S6rm5oQ9.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 149.154.167.99
                                                                                                                                                                                                        r55vKh3Gns.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                        • 149.154.167.99
                                                                                                                                                                                                        s-part-0017.t-0009.t-msedge.netevix.xllGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 13.107.246.45
                                                                                                                                                                                                        orden de compra_76534678453453564737543745346376.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                        • 13.107.246.45
                                                                                                                                                                                                        http://liefrung.neu.planen.18-193-117-123.cprapid.com/app/update.php?3Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 13.107.246.45
                                                                                                                                                                                                        http://cgcudtuctydcgujtd.d3e0e9479pu9h0.amplifyapp.com/Get hashmaliciousTechSupportScamBrowse
                                                                                                                                                                                                        • 13.107.246.45
                                                                                                                                                                                                        https://infocorporacion.pe/Kennyiryiio/COCOPOOOUT.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                        • 13.107.246.45
                                                                                                                                                                                                        devuelto_896764645764856458764646465433467574687744.bat.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                        • 13.107.246.45
                                                                                                                                                                                                        http://bafkreihpneoaanrtqm7jws6g2sgj3mto5db5vxnqqbquwhbtynkanbusfa.ipfs.flk-ipfs.xyz/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                        • 13.107.246.45
                                                                                                                                                                                                        https://login.implentedgucedirectory.com/TGUnenIP#a@b.comGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                        • 13.107.246.45
                                                                                                                                                                                                        Howard_patched.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                        • 13.107.246.45
                                                                                                                                                                                                        https://app.powerbi.com/view?r=eyJrIjoiYTg1YmYxMjMtODA5Mi00MWMwLTg1ZTItZTg2MGU1MzE5ODkxIiwidCI6IjE1MWMxNjZlLWM3ZWEtNGI1ZC1hMjQ3LTNkMTAyNTEzY2IwMyJ9Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 13.107.246.45
                                                                                                                                                                                                        bg.microsoft.map.fastly.netevix.xllGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 199.232.214.172
                                                                                                                                                                                                        orden de compra_76534678453453564737543745346376.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                        • 199.232.214.172
                                                                                                                                                                                                        http://cgcudtuctydcgujtd.d3e0e9479pu9h0.amplifyapp.com/Get hashmaliciousTechSupportScamBrowse
                                                                                                                                                                                                        • 199.232.210.172
                                                                                                                                                                                                        devuelto_896764645764856458764646465433467574687744.bat.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                        • 199.232.214.172
                                                                                                                                                                                                        smartopenpdf.7zGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 199.232.210.172
                                                                                                                                                                                                        Howard_patched.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                        • 199.232.210.172
                                                                                                                                                                                                        yD8vodG7cp.exeGet hashmaliciousAsyncRATBrowse
                                                                                                                                                                                                        • 199.232.210.172
                                                                                                                                                                                                        SASABB051008555001_13092023170716B8.pdfGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                        • 199.232.210.172
                                                                                                                                                                                                        SecuriteInfo.com.BackDoor.AsyncRATNET.2.748.4011.exeGet hashmaliciousAsyncRAT, DcRatBrowse
                                                                                                                                                                                                        • 199.232.210.172
                                                                                                                                                                                                        SecuriteInfo.com.FileRepMalware.18792.6243.exeGet hashmaliciousXmrigBrowse
                                                                                                                                                                                                        • 199.232.210.172
                                                                                                                                                                                                        steamcommunity.comhttps://stedmccommnunlty.com/stediotp/comein/gofotGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 23.197.127.21
                                                                                                                                                                                                        Howard_patched.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                        • 104.102.49.254
                                                                                                                                                                                                        qNXDfsU2K7.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 104.102.49.254
                                                                                                                                                                                                        H5S6rm5oQ9.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 104.102.49.254
                                                                                                                                                                                                        r55vKh3Gns.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                        • 104.73.234.102
                                                                                                                                                                                                        1.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 104.102.49.254
                                                                                                                                                                                                        qNXDfsU2K7.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 23.210.122.61
                                                                                                                                                                                                        H5S6rm5oQ9.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 23.210.122.61
                                                                                                                                                                                                        r55vKh3Gns.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                        • 104.102.49.254
                                                                                                                                                                                                        ThsoAuzU1L.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 23.197.127.21

                                                                                                                                                                                                        ASNs

                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                        TELEGRAMRUSecuriteInfo.com.MSIL.Kryptik.AIWZ.tr.7688.26874.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                        • 149.154.167.220
                                                                                                                                                                                                        rDHLShippingDetailsRefID44633179800.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                        • 149.154.167.220
                                                                                                                                                                                                        2146_45433434565534_453442334454653_422334345465.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                        • 149.154.167.220
                                                                                                                                                                                                        pQ31QBQcuN.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                        • 149.154.167.220
                                                                                                                                                                                                        http://result526.top/Get hashmaliciousTelegram PhisherBrowse
                                                                                                                                                                                                        • 149.154.167.99
                                                                                                                                                                                                        http://telegram.outsmarttookurmoney.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 149.154.167.99
                                                                                                                                                                                                        https://coinatrx.top/Get hashmaliciousTelegram PhisherBrowse
                                                                                                                                                                                                        • 149.154.167.99
                                                                                                                                                                                                        https://waaws.icu/Get hashmaliciousTelegram PhisherBrowse
                                                                                                                                                                                                        • 149.154.167.99
                                                                                                                                                                                                        https://s3.us-east-2.amazonaws.com/rackspace.supportadmin.blob.core.windows.net.web8983937473939/index.html?EMAIL=Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                        • 149.154.167.220
                                                                                                                                                                                                        http://valikyt.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 149.154.167.99
                                                                                                                                                                                                        HETZNER-ASDEna.elfGet hashmaliciousPrometeiBrowse
                                                                                                                                                                                                        • 88.198.246.242
                                                                                                                                                                                                        na.elfGet hashmaliciousPrometeiBrowse
                                                                                                                                                                                                        • 88.198.246.242
                                                                                                                                                                                                        na.elfGet hashmaliciousPrometeiBrowse
                                                                                                                                                                                                        • 88.198.246.242
                                                                                                                                                                                                        na.elfGet hashmaliciousPrometeiBrowse
                                                                                                                                                                                                        • 88.198.246.242
                                                                                                                                                                                                        na.elfGet hashmaliciousPrometeiBrowse
                                                                                                                                                                                                        • 88.198.246.242
                                                                                                                                                                                                        na.elfGet hashmaliciousPrometeiBrowse
                                                                                                                                                                                                        • 88.198.246.242
                                                                                                                                                                                                        res.mpsl.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 78.47.94.117
                                                                                                                                                                                                        na.elfGet hashmaliciousPrometeiBrowse
                                                                                                                                                                                                        • 88.198.246.242
                                                                                                                                                                                                        na.elfGet hashmaliciousPrometeiBrowse
                                                                                                                                                                                                        • 88.198.246.242
                                                                                                                                                                                                        na.elfGet hashmaliciousPrometeiBrowse
                                                                                                                                                                                                        • 88.198.246.242
                                                                                                                                                                                                        AKAMAI-ASN1EUhttp://mm-2.uxr919zm.eu.org/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 2.21.65.135
                                                                                                                                                                                                        http://liefrung.neu.planen.18-193-117-123.cprapid.com/app/update.php?3Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 2.22.242.138
                                                                                                                                                                                                        https://bodensee.immo/verifyGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 2.22.242.121
                                                                                                                                                                                                        http://cgcudtuctydcgujtd.d3e0e9479pu9h0.amplifyapp.com/Get hashmaliciousTechSupportScamBrowse
                                                                                                                                                                                                        • 23.215.18.210
                                                                                                                                                                                                        http://case0125786-handling-help.vercel.app/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 23.67.132.99
                                                                                                                                                                                                        https://metaiimask_us_log9.godaddysites.com/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                        • 95.101.182.74
                                                                                                                                                                                                        https://tbhe.pages.dev/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                        • 88.221.110.227
                                                                                                                                                                                                        https://stedmccommnunlty.com/stediotp/comein/gofotGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 95.101.149.47
                                                                                                                                                                                                        AWB34900 Shipment Package.htmGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 2.22.242.81
                                                                                                                                                                                                        https://infocorporacion.pe/Kennyiryiio/COCOPOOOUT.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                        • 2.16.164.43

                                                                                                                                                                                                        JA3 Fingerprints

                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                        37f463bf4616ecd445d4a1937da06e19#U8f6f#U4ef6#U53051.0.1.exeGet hashmaliciousGhostRatBrowse
                                                                                                                                                                                                        • 23.197.127.21
                                                                                                                                                                                                        • 149.154.167.99
                                                                                                                                                                                                        Feb2025-Auction.pdf.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 23.197.127.21
                                                                                                                                                                                                        • 149.154.167.99
                                                                                                                                                                                                        Howard_patched.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                        • 23.197.127.21
                                                                                                                                                                                                        • 149.154.167.99
                                                                                                                                                                                                        rtransferencia_345335.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                        • 23.197.127.21
                                                                                                                                                                                                        • 149.154.167.99
                                                                                                                                                                                                        56782432-PDF.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                                                                                        • 23.197.127.21
                                                                                                                                                                                                        • 149.154.167.99
                                                                                                                                                                                                        56782432-PDF.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                                                                                        • 23.197.127.21
                                                                                                                                                                                                        • 149.154.167.99
                                                                                                                                                                                                        Hydroponically.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                                                                                        • 23.197.127.21
                                                                                                                                                                                                        • 149.154.167.99
                                                                                                                                                                                                        main.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                        • 23.197.127.21
                                                                                                                                                                                                        • 149.154.167.99
                                                                                                                                                                                                        SecuriteInfo.com.FileRepMalware.20861.8466.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                                                                                        • 23.197.127.21
                                                                                                                                                                                                        • 149.154.167.99
                                                                                                                                                                                                        Cubistic.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                                                                                        • 23.197.127.21
                                                                                                                                                                                                        • 149.154.167.99

                                                                                                                                                                                                        Dropped Files

                                                                                                                                                                                                        No context

                                                                                                                                                                                                        Created / dropped Files

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\76561199824159981[1].htm

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                        File Type:HTML document, Unicode text, UTF-8 text, with very long lines (3248)
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):25927
                                                                                                                                                                                                        Entropy (8bit):5.316523297949534
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:768:p5pq/Ku4mml+3aXfsW9l+X9hJYFn5OMF5CBHxaXfsW9l+X9hJYM20vpLW7HhP3U:p58/Ku4mml+3aXfsW9l+X9hJYF5OMF5q
                                                                                                                                                                                                        MD5:C2D5FC5A803CBD19244726FDB8143D79
                                                                                                                                                                                                        SHA1:54B0389BE3D0A06A06F1884A6EB18D67744B760B
                                                                                                                                                                                                        SHA-256:282B4E41C82595B95D8E5F7949D438C04FB36F10ECAFB9DBF2DFF4FB1AD500EA
                                                                                                                                                                                                        SHA-512:5B2AEED2273CCACB1D410B7CFE1510BC7AFA4D54761EF4A84B13AC755AEEC5D4F4E8AAAC4A2600B8C3D374BA1513EF8ACE480FCBDDB8DE4718EC9FD3FE99E73E
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                        Preview:<!DOCTYPE html>.<html class=" responsive DesktopUI" lang="en">.<head>..<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">....<meta name="viewport" content="width=device-width,initial-scale=1">...<meta name="theme-color" content="#171a21">...<title>Steam Community :: Error</title>..<link rel="shortcut icon" href="/favicon.ico" type="image/x-icon">.......<link href="https://community.cloudflare.steamstatic.com/public/shared/css/motiva_sans.css?v=nc69vwog8R9p&amp;l=english&amp;_cdn=cloudflare" rel="stylesheet" type="text/css">.<link href="https://community.cloudflare.steamstatic.com/public/shared/css/buttons.css?v=G3UTKgHH4xLD&amp;l=english&amp;_cdn=cloudflare" rel="stylesheet" type="text/css">.<link href="https://community.cloudflare.steamstatic.com/public/shared/css/shared_global.css?v=sd6kCnGQW5Ji&amp;l=english&amp;_cdn=cloudflare" rel="stylesheet" type="text/css">.<link href="https://community.cloudflare.steamstatic.com/public/css/globalv2.css?v=N4H9vOOxi8kG&amp;l=eng

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\76561199824159981[1].htm

                                                                                                                                                                                                        Download File
                                                                                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                        File Type:HTML document, Unicode text, UTF-8 text, with very long lines (3248)
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):35607
                                                                                                                                                                                                        Entropy (8bit):5.372491537812889
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:768:M5pq/Ku4mmBC5ReOpMTzQlF3aXfsW9l+X9hJYFn5OMF5CBHxaXfsW9l+X9hJYM2s:M58/Ku4mmBC5ReOpMTa3aXfsW9l+X9h9
                                                                                                                                                                                                        MD5:CD5E1CEC621C72988C5B86971E2F1C13
                                                                                                                                                                                                        SHA1:AFFB5B97C526A7FED1ABD63CA2111B79BEC97A3E
                                                                                                                                                                                                        SHA-256:C4E2AF4E5C72A7DE70277D682459FD67244742C7895125ECF4EFC7DF2BDF1FEE
                                                                                                                                                                                                        SHA-512:66386D6F61C845141C5B1E72FCA427AC3D4C409F1ED89ADE2EE5619103103D07364A4551F330DA0A6B679009A39F2A2A3AD259437B1F545E1C76AADCC3FFF918
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                        Preview:<!DOCTYPE html>.<html class=" responsive DesktopUI" lang="en">.<head>..<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">....<meta name="viewport" content="width=device-width,initial-scale=1">...<meta name="theme-color" content="#171a21">...<title>Steam Community :: a110mgz https://95.216.180.186|</title>..<link rel="shortcut icon" href="/favicon.ico" type="image/x-icon">.......<link href="https://community.cloudflare.steamstatic.com/public/shared/css/motiva_sans.css?v=nc69vwog8R9p&amp;l=english&amp;_cdn=cloudflare" rel="stylesheet" type="text/css">.<link href="https://community.cloudflare.steamstatic.com/public/shared/css/buttons.css?v=G3UTKgHH4xLD&amp;l=english&amp;_cdn=cloudflare" rel="stylesheet" type="text/css">.<link href="https://community.cloudflare.steamstatic.com/public/shared/css/shared_global.css?v=sd6kCnGQW5Ji&amp;l=english&amp;_cdn=cloudflare" rel="stylesheet" type="text/css">.<link href="https://community.cloudflare.steamstatic.com/public/css/globalv2.cs

                                                                                                                                                                                                        Static File Info

                                                                                                                                                                                                        General

                                                                                                                                                                                                        File type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                        Entropy (8bit):6.930965591708274
                                                                                                                                                                                                        TrID:
                                                                                                                                                                                                        • Win32 Executable (generic) a (10002005/4) 99.53%
                                                                                                                                                                                                        • InstallShield setup (43055/19) 0.43%
                                                                                                                                                                                                        • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                        • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                        File name:Howard.exe
                                                                                                                                                                                                        File size:2'711'552 bytes
                                                                                                                                                                                                        MD5:262dfb3c2333afb399b1a384fa65bdeb
                                                                                                                                                                                                        SHA1:4814f86089987b8bd083cf6212c3cb7d2ace58f6
                                                                                                                                                                                                        SHA256:80a2df6d67c251c6ae13dae5e9189500f9f22ed52928e6484082413ccf9e14db
                                                                                                                                                                                                        SHA512:d4b410a13f3e1a945d24cf0043be132383e0788008b990b539eee8d6a3ab56b80957ec10d7e1cb38900465c461caac49184adc6c6b410ee32d536599a4dc3dab
                                                                                                                                                                                                        SSDEEP:49152:Qq91oXkg/tJbF4AEv/Uk9YzZzi4rPUUxv:D91AtFJSAUzYzZzfrPUU
                                                                                                                                                                                                        TLSH:DDC5C001B6E780A0E7591A3008B6AB785B3E7DA51F31CA8B2754FE5DBD321E17D35322
                                                                                                                                                                                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........u.....G...G...G~..G...G...G...G...G...G.6.G...G.2.GU..G.6.G...GL7.G...Gl7.G...G...Gm..G.2.G...GQ..G...GRich...G........PE..L..

                                                                                                                                                                                                        File Icon

                                                                                                                                                                                                        Icon Hash:0e47256d6d25070c

                                                                                                                                                                                                        Static PE Info

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Entrypoint:0x46095a
                                                                                                                                                                                                        Entrypoint Section:.text
                                                                                                                                                                                                        Digitally signed:true
                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                        Subsystem:windows gui
                                                                                                                                                                                                        Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
                                                                                                                                                                                                        DLL Characteristics:
                                                                                                                                                                                                        Time Stamp:0x679F96E9 [Sun Feb 2 16:01:45 2025 UTC]
                                                                                                                                                                                                        TLS Callbacks:
                                                                                                                                                                                                        CLR (.Net) Version:
                                                                                                                                                                                                        OS Version Major:4
                                                                                                                                                                                                        OS Version Minor:0
                                                                                                                                                                                                        File Version Major:4
                                                                                                                                                                                                        File Version Minor:0
                                                                                                                                                                                                        Subsystem Version Major:4
                                                                                                                                                                                                        Subsystem Version Minor:0
                                                                                                                                                                                                        Import Hash:fe42871ff8912bb928dd62980b167abf

                                                                                                                                                                                                        Authenticode Signature

                                                                                                                                                                                                        Signature Valid:
                                                                                                                                                                                                        Signature Issuer:
                                                                                                                                                                                                        Signature Validation Error:
                                                                                                                                                                                                        Error Number:
                                                                                                                                                                                                        Not Before, Not After
                                                                                                                                                                                                          Subject Chain
                                                                                                                                                                                                            Version:
                                                                                                                                                                                                            Thumbprint MD5:
                                                                                                                                                                                                            Thumbprint SHA-1:
                                                                                                                                                                                                            Thumbprint SHA-256:
                                                                                                                                                                                                            Serial:

                                                                                                                                                                                                            Entrypoint Preview

                                                                                                                                                                                                            Instruction
                                                                                                                                                                                                            push ebp
                                                                                                                                                                                                            mov ebp, esp
                                                                                                                                                                                                            push FFFFFFFFh
                                                                                                                                                                                                            push 0047BED0h
                                                                                                                                                                                                            push 00461490h
                                                                                                                                                                                                            mov eax, dword ptr fs:[00000000h]
                                                                                                                                                                                                            push eax
                                                                                                                                                                                                            mov dword ptr fs:[00000000h], esp
                                                                                                                                                                                                            sub esp, 58h
                                                                                                                                                                                                            push ebx
                                                                                                                                                                                                            push esi
                                                                                                                                                                                                            push edi
                                                                                                                                                                                                            mov dword ptr [ebp-18h], esp
                                                                                                                                                                                                            call dword ptr [00476258h]
                                                                                                                                                                                                            xor edx, edx
                                                                                                                                                                                                            mov dl, ah
                                                                                                                                                                                                            mov dword ptr [004A3784h], edx
                                                                                                                                                                                                            mov ecx, eax
                                                                                                                                                                                                            and ecx, 000000FFh
                                                                                                                                                                                                            mov dword ptr [004A3780h], ecx
                                                                                                                                                                                                            shl ecx, 08h
                                                                                                                                                                                                            add ecx, edx
                                                                                                                                                                                                            mov dword ptr [004A377Ch], ecx
                                                                                                                                                                                                            shr eax, 10h
                                                                                                                                                                                                            mov dword ptr [004A3778h], eax
                                                                                                                                                                                                            push 00000001h
                                                                                                                                                                                                            call 00007F9644B4D7F3h
                                                                                                                                                                                                            pop ecx
                                                                                                                                                                                                            test eax, eax
                                                                                                                                                                                                            jne 00007F9644B4AFEAh
                                                                                                                                                                                                            push 0000001Ch
                                                                                                                                                                                                            call 00007F9644B4B0A8h
                                                                                                                                                                                                            pop ecx
                                                                                                                                                                                                            call 00007F9644B4D4E7h
                                                                                                                                                                                                            test eax, eax
                                                                                                                                                                                                            jne 00007F9644B4AFEAh
                                                                                                                                                                                                            push 00000010h
                                                                                                                                                                                                            call 00007F9644B4B097h
                                                                                                                                                                                                            pop ecx
                                                                                                                                                                                                            xor esi, esi
                                                                                                                                                                                                            mov dword ptr [ebp-04h], esi
                                                                                                                                                                                                            call 00007F9644B505B6h
                                                                                                                                                                                                            call dword ptr [004762A4h]
                                                                                                                                                                                                            mov dword ptr [004A4E64h], eax
                                                                                                                                                                                                            call 00007F9644B50474h
                                                                                                                                                                                                            mov dword ptr [004A36B0h], eax
                                                                                                                                                                                                            call 00007F9644B5021Dh
                                                                                                                                                                                                            call 00007F9644B5015Fh
                                                                                                                                                                                                            call 00007F9644B4FB3Dh
                                                                                                                                                                                                            mov dword ptr [ebp-30h], esi
                                                                                                                                                                                                            lea eax, dword ptr [ebp-5Ch]
                                                                                                                                                                                                            push eax
                                                                                                                                                                                                            call dword ptr [004762A0h]
                                                                                                                                                                                                            call 00007F9644B500F0h
                                                                                                                                                                                                            mov dword ptr [ebp-64h], eax
                                                                                                                                                                                                            test byte ptr [ebp-30h], 00000001h
                                                                                                                                                                                                            je 00007F9644B4AFE8h
                                                                                                                                                                                                            movzx eax, word ptr [ebp+00h]

                                                                                                                                                                                                            Rich Headers

                                                                                                                                                                                                            Programming Language:
                                                                                                                                                                                                            • [ C ] VS98 (6.0) build 8168
                                                                                                                                                                                                            • [ C ] VS98 (6.0) SP6 build 8804
                                                                                                                                                                                                            • [C++] VS98 (6.0) SP6 build 8804
                                                                                                                                                                                                            • [EXP] VC++ 6.0 SP5 build 8804

                                                                                                                                                                                                            Data Directories

                                                                                                                                                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x845580xf0.rdata
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0xa50000x1fb000.rsrc
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x1fa72fb00x5a70
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x766a00x1c.rdata
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x760000x6a0.rdata
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                            Sections

                                                                                                                                                                                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                            .text0x10000x746350x750000e91eaf0e1ec28067ac66d5eda21584bFalse0.4940342047275641data6.415125818898333IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                            .rdata0x760000x1092a0x11000203508c781e56323d4344e29f076e797False0.44251206341911764data5.524289878699602IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                            .data0x870000x1de680x140004e792c5bfd3d1d083c9131531a86ecf5False0.23115234375data3.715844750313918IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                            .rsrc0xa50000x1fb0000x1fb000ff03a263e69f284dcb676c66b5505962unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                            Resources

                                                                                                                                                                                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                            RT_CURSOR0x1539780x8acTarga image data - Map 64 x 65536 x 1 +32 "\010"GermanGermany0.26666666666666666
                                                                                                                                                                                                            RT_ICON0xac2a00xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colorsGermanGermany0.23054371002132196
                                                                                                                                                                                                            RT_ICON0xad1480x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsGermanGermany0.27120938628158847
                                                                                                                                                                                                            RT_ICON0xad9f00x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colorsGermanGermany0.2834101382488479
                                                                                                                                                                                                            RT_ICON0xae0b80x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsGermanGermany0.2615606936416185
                                                                                                                                                                                                            RT_ICON0xae6200x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600GermanGermany0.23568464730290456
                                                                                                                                                                                                            RT_ICON0xb0bc80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224GermanGermany0.2947936210131332
                                                                                                                                                                                                            RT_ICON0xb1c700x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400GermanGermany0.3622950819672131
                                                                                                                                                                                                            RT_ICON0xb25f80x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088GermanGermany0.5212765957446809
                                                                                                                                                                                                            RT_ICON0xb2ad80x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsGermanGermany0.5699458483754513
                                                                                                                                                                                                            RT_ICON0xb33800x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsGermanGermany0.3511560693641618
                                                                                                                                                                                                            RT_ICON0xb38e80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224GermanGermany0.46669793621013134
                                                                                                                                                                                                            RT_ICON0xb49900x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088GermanGermany0.6675531914893617
                                                                                                                                                                                                            RT_ICON0xb4e380x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224GermanGermany0.18128517823639775
                                                                                                                                                                                                            RT_ICON0xb5ee00x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088GermanGermany0.2624113475177305
                                                                                                                                                                                                            RT_ICON0xb63700x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsGermanGermany0.09386281588447654
                                                                                                                                                                                                            RT_ICON0xb6c180x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colorsGermanGermany0.10368663594470046
                                                                                                                                                                                                            RT_ICON0xb72e00x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsGermanGermany0.49421965317919075
                                                                                                                                                                                                            RT_ICON0xb78480x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224GermanGermany0.1571294559099437
                                                                                                                                                                                                            RT_ICON0xb88f00x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400GermanGermany0.2098360655737705
                                                                                                                                                                                                            RT_ICON0xb92780x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088GermanGermany0.24911347517730498
                                                                                                                                                                                                            RT_ICON0xb97400x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsGermanGermany0.22788808664259927
                                                                                                                                                                                                            RT_ICON0xb9fe80x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colorsGermanGermany0.2171658986175115
                                                                                                                                                                                                            RT_ICON0xba6b00x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsGermanGermany0.20158959537572255
                                                                                                                                                                                                            RT_ICON0xbac180x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224GermanGermany0.17190431519699811
                                                                                                                                                                                                            RT_ICON0xbbcc00x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400GermanGermany0.2278688524590164
                                                                                                                                                                                                            RT_ICON0xbc6480x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088GermanGermany0.2765957446808511
                                                                                                                                                                                                            RT_ICON0xbcb100x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsGermanGermany0.15072202166064982
                                                                                                                                                                                                            RT_ICON0xbd3b80x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colorsGermanGermany0.13536866359447006
                                                                                                                                                                                                            RT_ICON0xbda800x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsGermanGermany0.1430635838150289
                                                                                                                                                                                                            RT_ICON0xbdfe80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224GermanGermany0.13180112570356473
                                                                                                                                                                                                            RT_ICON0xbf0900x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400GermanGermany0.16598360655737704
                                                                                                                                                                                                            RT_ICON0xbfa180x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088GermanGermany0.20656028368794327
                                                                                                                                                                                                            RT_ICON0xbfee00x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsGermanGermany0.18637184115523467
                                                                                                                                                                                                            RT_ICON0xc07880x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colorsGermanGermany0.12960829493087558
                                                                                                                                                                                                            RT_ICON0xc0e500x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsGermanGermany0.13222543352601157
                                                                                                                                                                                                            RT_ICON0xc13b80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224GermanGermany0.13227016885553472
                                                                                                                                                                                                            RT_ICON0xc24600x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400GermanGermany0.16598360655737704
                                                                                                                                                                                                            RT_ICON0xc2de80x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088GermanGermany0.20124113475177305
                                                                                                                                                                                                            RT_ICON0xc32b00x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsGermanGermany0.06814079422382671
                                                                                                                                                                                                            RT_ICON0xc3b580x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colorsGermanGermany0.0748847926267281
                                                                                                                                                                                                            RT_ICON0xc42200x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsGermanGermany0.4819364161849711
                                                                                                                                                                                                            RT_ICON0xc47880x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224GermanGermany0.1125703564727955
                                                                                                                                                                                                            RT_ICON0xc58300x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400GermanGermany0.14959016393442623
                                                                                                                                                                                                            RT_ICON0xc61b80x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088GermanGermany0.16843971631205673
                                                                                                                                                                                                            RT_ICON0xc66800x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsGermanGermany0.753158844765343
                                                                                                                                                                                                            RT_ICON0xc6f280x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colorsGermanGermany0.7880184331797235
                                                                                                                                                                                                            RT_ICON0xc75f00x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsGermanGermany0.44653179190751446
                                                                                                                                                                                                            RT_ICON0xc7b580x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224GermanGermany0.5823170731707317
                                                                                                                                                                                                            RT_ICON0xc8c000x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400GermanGermany0.7204918032786886
                                                                                                                                                                                                            RT_ICON0xc95880x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088GermanGermany0.5726950354609929
                                                                                                                                                                                                            RT_ICON0xc9a500x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsGermanGermany0.753158844765343
                                                                                                                                                                                                            RT_ICON0xca2f80x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colorsGermanGermany0.7880184331797235
                                                                                                                                                                                                            RT_ICON0xca9c00x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsGermanGermany0.5390173410404624
                                                                                                                                                                                                            RT_ICON0xcaf280x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224GermanGermany0.5823170731707317
                                                                                                                                                                                                            RT_ICON0xcbfd00x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400GermanGermany0.7204918032786886
                                                                                                                                                                                                            RT_ICON0xcc9580x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088GermanGermany0.6462765957446809
                                                                                                                                                                                                            RT_ICON0xcce200x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsGermanGermany0.21931407942238268
                                                                                                                                                                                                            RT_ICON0xcd6c80x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colorsGermanGermany0.2056451612903226
                                                                                                                                                                                                            RT_ICON0xcdd900x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsGermanGermany0.18713872832369943
                                                                                                                                                                                                            RT_ICON0xce2f80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224GermanGermany0.17331144465290807
                                                                                                                                                                                                            RT_ICON0xcf3a00x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400GermanGermany0.22254098360655739
                                                                                                                                                                                                            RT_ICON0xcfd280x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088GermanGermany0.2624113475177305
                                                                                                                                                                                                            RT_ICON0xd01f00x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsGermanGermany0.7739169675090253
                                                                                                                                                                                                            RT_ICON0xd0a980x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsGermanGermany0.6625722543352601
                                                                                                                                                                                                            RT_ICON0xd10000x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224GermanGermany0.6402439024390244
                                                                                                                                                                                                            RT_ICON0xd20a80x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088GermanGermany0.7872340425531915
                                                                                                                                                                                                            RT_ICON0xd25500x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsGermanGermany0.644404332129964
                                                                                                                                                                                                            RT_ICON0xd2df80x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsGermanGermany0.5874277456647399
                                                                                                                                                                                                            RT_ICON0xd33600x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224GermanGermany0.48592870544090055
                                                                                                                                                                                                            RT_ICON0xd44080x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088GermanGermany0.6382978723404256
                                                                                                                                                                                                            RT_ICON0xd48b00x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsGermanGermany0.6723826714801444
                                                                                                                                                                                                            RT_ICON0xd51580x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsGermanGermany0.4060693641618497
                                                                                                                                                                                                            RT_ICON0xd56c00x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224GermanGermany0.4638836772983114
                                                                                                                                                                                                            RT_ICON0xd67680x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088GermanGermany0.6436170212765957
                                                                                                                                                                                                            RT_ICON0xd6c100x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsGermanGermany0.2305956678700361
                                                                                                                                                                                                            RT_ICON0xd74b80x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colorsGermanGermany0.25057603686635943
                                                                                                                                                                                                            RT_ICON0xd7b800x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsGermanGermany0.217485549132948
                                                                                                                                                                                                            RT_ICON0xd80e80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224GermanGermany0.16955909943714823
                                                                                                                                                                                                            RT_ICON0xd91900x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400GermanGermany0.23770491803278687
                                                                                                                                                                                                            RT_ICON0xd9b180x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088GermanGermany0.3191489361702128
                                                                                                                                                                                                            RT_ICON0xd9fe00x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsGermanGermany0.22202166064981949
                                                                                                                                                                                                            RT_ICON0xda8880x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsGermanGermany0.1791907514450867
                                                                                                                                                                                                            RT_ICON0xdadf00x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224GermanGermany0.11069418386491557
                                                                                                                                                                                                            RT_ICON0xdbe980x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088GermanGermany0.3608156028368794
                                                                                                                                                                                                            RT_ICON0xdc3400x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsGermanGermany0.29783393501805056
                                                                                                                                                                                                            RT_ICON0xdcbe80x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsGermanGermany0.2796242774566474
                                                                                                                                                                                                            RT_ICON0xdd1500x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224GermanGermany0.26313320825515946
                                                                                                                                                                                                            RT_ICON0xde1f80x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088GermanGermany0.43351063829787234
                                                                                                                                                                                                            RT_ICON0xde6a00x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsGermanGermany0.2666967509025271
                                                                                                                                                                                                            RT_ICON0xdef480x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colorsGermanGermany0.30184331797235026
                                                                                                                                                                                                            RT_ICON0xdf6100x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsGermanGermany0.26011560693641617
                                                                                                                                                                                                            RT_ICON0xdfb780x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224GermanGermany0.16088180112570358
                                                                                                                                                                                                            RT_ICON0xe0c200x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400GermanGermany0.23442622950819672
                                                                                                                                                                                                            RT_ICON0xe15a80x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088GermanGermany0.3191489361702128
                                                                                                                                                                                                            RT_ICON0xe1a700x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsGermanGermany0.2111913357400722
                                                                                                                                                                                                            RT_ICON0xe23180x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colorsGermanGermany0.21313364055299538
                                                                                                                                                                                                            RT_ICON0xe29e00x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsGermanGermany0.20014450867052022
                                                                                                                                                                                                            RT_ICON0xe2f480x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224GermanGermany0.1174953095684803
                                                                                                                                                                                                            RT_ICON0xe3ff00x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400GermanGermany0.1569672131147541
                                                                                                                                                                                                            RT_ICON0xe49780x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088GermanGermany0.21631205673758866
                                                                                                                                                                                                            RT_ICON0xe4e400x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsGermanGermany0.7793321299638989
                                                                                                                                                                                                            RT_ICON0xe56e80x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsGermanGermany0.6394508670520231
                                                                                                                                                                                                            RT_ICON0xe5c500x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224GermanGermany0.601782363977486
                                                                                                                                                                                                            RT_ICON0xe6cf80x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088GermanGermany0.8014184397163121
                                                                                                                                                                                                            RT_ICON0xe71a00x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsGermanGermany0.5771660649819494
                                                                                                                                                                                                            RT_ICON0xe7a480x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsGermanGermany0.7095375722543352
                                                                                                                                                                                                            RT_ICON0xe7fb00x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224GermanGermany0.22889305816135083
                                                                                                                                                                                                            RT_ICON0xe90580x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088GermanGermany0.40868794326241137
                                                                                                                                                                                                            RT_ICON0xe95000x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsGermanGermany0.7703068592057761
                                                                                                                                                                                                            RT_ICON0xe9da80x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsGermanGermany0.5751445086705202
                                                                                                                                                                                                            RT_ICON0xea3100x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224GermanGermany0.6165572232645403
                                                                                                                                                                                                            RT_ICON0xeb3b80x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088GermanGermany0.7021276595744681
                                                                                                                                                                                                            RT_ICON0xeb8600x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsGermanGermany0.753158844765343
                                                                                                                                                                                                            RT_ICON0xec1080x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsGermanGermany0.5924855491329479
                                                                                                                                                                                                            RT_ICON0xec6700x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224GermanGermany0.6064727954971857
                                                                                                                                                                                                            RT_ICON0xed7180x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088GermanGermany0.8466312056737588
                                                                                                                                                                                                            RT_ICON0xedbc00x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsGermanGermany0.5654332129963899
                                                                                                                                                                                                            RT_ICON0xee4680x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsGermanGermany0.26445086705202314
                                                                                                                                                                                                            RT_ICON0xee9d00x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224GermanGermany0.5272045028142589
                                                                                                                                                                                                            RT_ICON0xefa780x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088GermanGermany0.6843971631205674
                                                                                                                                                                                                            RT_ICON0xeff200x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsGermanGermany0.6999097472924187
                                                                                                                                                                                                            RT_ICON0xf07c80x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsGermanGermany0.5339595375722543
                                                                                                                                                                                                            RT_ICON0xf0d300x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224GermanGermany0.4948405253283302
                                                                                                                                                                                                            RT_ICON0xf1dd80x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088GermanGermany0.6187943262411347
                                                                                                                                                                                                            RT_ICON0xf22800x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsGermanGermany0.22021660649819494
                                                                                                                                                                                                            RT_ICON0xf2b280x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colorsGermanGermany0.24827188940092165
                                                                                                                                                                                                            RT_ICON0xf31f00x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsGermanGermany0.24638728323699421
                                                                                                                                                                                                            RT_ICON0xf37580x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224GermanGermany0.23287992495309567
                                                                                                                                                                                                            RT_ICON0xf48000x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400GermanGermany0.32131147540983607
                                                                                                                                                                                                            RT_ICON0xf51880x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088GermanGermany0.50177304964539
                                                                                                                                                                                                            RT_ICON0xf56500x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsGermanGermany0.42554151624548736
                                                                                                                                                                                                            RT_ICON0xf5ef80x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsGermanGermany0.3020231213872832
                                                                                                                                                                                                            RT_ICON0xf64600x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224GermanGermany0.3822701688555347
                                                                                                                                                                                                            RT_ICON0xf75080x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088GermanGermany0.5682624113475178
                                                                                                                                                                                                            RT_ICON0xf79b00x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsGermanGermany0.3916967509025271
                                                                                                                                                                                                            RT_ICON0xf82580x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsGermanGermany0.35332369942196534
                                                                                                                                                                                                            RT_ICON0xf87c00x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224GermanGermany0.2898686679174484
                                                                                                                                                                                                            RT_ICON0xf98680x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088GermanGermany0.5088652482269503
                                                                                                                                                                                                            RT_ICON0xf9d100x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsGermanGermany0.14530685920577618
                                                                                                                                                                                                            RT_ICON0xfa5b80x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsGermanGermany0.17413294797687862
                                                                                                                                                                                                            RT_ICON0xfab200x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224GermanGermany0.07176360225140713
                                                                                                                                                                                                            RT_ICON0xfbbc80x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088GermanGermany0.17641843971631205
                                                                                                                                                                                                            RT_ICON0xfc0700x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsGermanGermany0.20126353790613719
                                                                                                                                                                                                            RT_ICON0xfc9180x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsGermanGermany0.18858381502890173
                                                                                                                                                                                                            RT_ICON0xfce800x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224GermanGermany0.18832082551594748
                                                                                                                                                                                                            RT_ICON0xfdf280x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088GermanGermany0.29432624113475175
                                                                                                                                                                                                            RT_ICON0xfe3d00x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsGermanGermany0.25902527075812276
                                                                                                                                                                                                            RT_ICON0xfec780x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colorsGermanGermany0.2759216589861751
                                                                                                                                                                                                            RT_ICON0xff3400x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsGermanGermany0.2023121387283237
                                                                                                                                                                                                            RT_ICON0xff8a80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224GermanGermany0.1573639774859287
                                                                                                                                                                                                            RT_ICON0x1009500x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400GermanGermany0.21434426229508197
                                                                                                                                                                                                            RT_ICON0x1012d80x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088GermanGermany0.2322695035460993
                                                                                                                                                                                                            RT_ICON0x1017a00x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsGermanGermany0.6299638989169675
                                                                                                                                                                                                            RT_ICON0x1020480x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsGermanGermany0.3880057803468208
                                                                                                                                                                                                            RT_ICON0x1025b00x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224GermanGermany0.47209193245778613
                                                                                                                                                                                                            RT_ICON0x1036580x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088GermanGermany0.5390070921985816
                                                                                                                                                                                                            RT_ICON0x103b000x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsGermanGermany0.5058664259927798
                                                                                                                                                                                                            RT_ICON0x1043a80x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colorsGermanGermany0.36002304147465436
                                                                                                                                                                                                            RT_ICON0x104a700x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsGermanGermany0.32008670520231214
                                                                                                                                                                                                            RT_ICON0x104fd80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224GermanGermany0.38907129455909945
                                                                                                                                                                                                            RT_ICON0x1060800x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400GermanGermany0.3073770491803279
                                                                                                                                                                                                            RT_ICON0x106a080x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088GermanGermany0.43617021276595747
                                                                                                                                                                                                            RT_ICON0x106ed00x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224GermanGermany0.48897748592870544
                                                                                                                                                                                                            RT_ICON0x107f780x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400GermanGermany0.3614754098360656
                                                                                                                                                                                                            RT_ICON0x1089000x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088GermanGermany0.48226950354609927
                                                                                                                                                                                                            RT_ICON0x108d980x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224GermanGermany0.05276735459662289
                                                                                                                                                                                                            RT_ICON0x109e400x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400GermanGermany0.09098360655737706
                                                                                                                                                                                                            RT_ICON0x10a7c80x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088GermanGermany0.10815602836879433
                                                                                                                                                                                                            RT_ICON0x10ac600x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsGermanGermany0.7536101083032491
                                                                                                                                                                                                            RT_ICON0x10b5080x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsGermanGermany0.6062138728323699
                                                                                                                                                                                                            RT_ICON0x10ba700x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224GermanGermany0.5117260787992496
                                                                                                                                                                                                            RT_ICON0x10cb180x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088GermanGermany0.7145390070921985
                                                                                                                                                                                                            RT_ICON0x10cfc00x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsGermanGermany0.45126353790613716
                                                                                                                                                                                                            RT_ICON0x10d8680x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsGermanGermany0.38078034682080925
                                                                                                                                                                                                            RT_ICON0x10ddd00x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224GermanGermany0.30863039399624764
                                                                                                                                                                                                            RT_ICON0x10ee780x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088GermanGermany0.648936170212766
                                                                                                                                                                                                            RT_ICON0x10f3200x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsGermanGermany0.27481949458483756
                                                                                                                                                                                                            RT_ICON0x10fbc80x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colorsGermanGermany0.28513824884792627
                                                                                                                                                                                                            RT_ICON0x1102900x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsGermanGermany0.22976878612716764
                                                                                                                                                                                                            RT_ICON0x1107f80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224GermanGermany0.2298311444652908
                                                                                                                                                                                                            RT_ICON0x1118a00x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400GermanGermany0.2913934426229508
                                                                                                                                                                                                            RT_ICON0x1122280x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088GermanGermany0.40070921985815605
                                                                                                                                                                                                            RT_ICON0x1126f00x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsGermanGermany0.16787003610108303
                                                                                                                                                                                                            RT_ICON0x112f980x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colorsGermanGermany0.17453917050691245
                                                                                                                                                                                                            RT_ICON0x1136600x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsGermanGermany0.15895953757225434
                                                                                                                                                                                                            RT_ICON0x113bc80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224GermanGermany0.1378986866791745
                                                                                                                                                                                                            RT_ICON0x114c700x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400GermanGermany0.15368852459016394
                                                                                                                                                                                                            RT_ICON0x1155f80x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088GermanGermany0.20212765957446807
                                                                                                                                                                                                            RT_ICON0x115ac00x568Device independent bitmap graphic, 16 x 32 x 8, image size 320GermanGermany0.24927745664739884
                                                                                                                                                                                                            RT_ICON0x1160280x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1152GermanGermany0.5523465703971119
                                                                                                                                                                                                            RT_ICON0x1168f80x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsGermanGermany0.7477436823104693
                                                                                                                                                                                                            RT_ICON0x1171a00x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsGermanGermany0.6134393063583815
                                                                                                                                                                                                            RT_ICON0x1177080x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224GermanGermany0.5841932457786116
                                                                                                                                                                                                            RT_ICON0x1187b00x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088GermanGermany0.7969858156028369
                                                                                                                                                                                                            RT_ICON0x118c580x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsGermanGermany0.6001805054151624
                                                                                                                                                                                                            RT_ICON0x1195000x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsGermanGermany0.4407514450867052
                                                                                                                                                                                                            RT_ICON0x119a680x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224GermanGermany0.3728893058161351
                                                                                                                                                                                                            RT_ICON0x11ab100x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088GermanGermany0.4627659574468085
                                                                                                                                                                                                            RT_ICON0x11afb80x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsGermanGermany0.09882671480144405
                                                                                                                                                                                                            RT_ICON0x11b8600x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colorsGermanGermany0.10368663594470046
                                                                                                                                                                                                            RT_ICON0x11bf280x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsGermanGermany0.08959537572254335
                                                                                                                                                                                                            RT_ICON0x11c4900x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224GermanGermany0.14939024390243902
                                                                                                                                                                                                            RT_ICON0x11d5380x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400GermanGermany0.20532786885245902
                                                                                                                                                                                                            RT_ICON0x11dec00x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088GermanGermany0.26063829787234044
                                                                                                                                                                                                            RT_ICON0x11e3880x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsGermanGermany0.730595667870036
                                                                                                                                                                                                            RT_ICON0x11ec300x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsGermanGermany0.5447976878612717
                                                                                                                                                                                                            RT_ICON0x11f1980x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224GermanGermany0.6057692307692307
                                                                                                                                                                                                            RT_ICON0x1202400x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088GermanGermany0.7854609929078015
                                                                                                                                                                                                            RT_ICON0x1206e80x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsGermanGermany0.6493682310469314
                                                                                                                                                                                                            RT_ICON0x120f900x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsGermanGermany0.4291907514450867
                                                                                                                                                                                                            RT_ICON0x1214f80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224GermanGermany0.6836303939962477
                                                                                                                                                                                                            RT_ICON0x1225a00x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088GermanGermany0.7801418439716312
                                                                                                                                                                                                            RT_ICON0x122a480x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsGermanGermany0.6001805054151624
                                                                                                                                                                                                            RT_ICON0x1232f00x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsGermanGermany0.4407514450867052
                                                                                                                                                                                                            RT_ICON0x1238580x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224GermanGermany0.3728893058161351
                                                                                                                                                                                                            RT_ICON0x1249000x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088GermanGermany0.4627659574468085
                                                                                                                                                                                                            RT_ICON0x124da80x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsGermanGermany0.31498194945848373
                                                                                                                                                                                                            RT_ICON0x1256500x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colorsGermanGermany0.2903225806451613
                                                                                                                                                                                                            RT_ICON0x125d180x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsGermanGermany0.29624277456647397
                                                                                                                                                                                                            RT_ICON0x1262800x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224GermanGermany0.21177298311444653
                                                                                                                                                                                                            RT_ICON0x1273280x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400GermanGermany0.25901639344262295
                                                                                                                                                                                                            RT_ICON0x127cb00x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088GermanGermany0.3803191489361702
                                                                                                                                                                                                            RT_ICON0x1281780x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsGermanGermany0.19133574007220217
                                                                                                                                                                                                            RT_ICON0x128a200x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colorsGermanGermany0.18778801843317972
                                                                                                                                                                                                            RT_ICON0x1290e80x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsGermanGermany0.16835260115606937
                                                                                                                                                                                                            RT_ICON0x1296500x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224GermanGermany0.1622889305816135
                                                                                                                                                                                                            RT_ICON0x12a6f80x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400GermanGermany0.2569672131147541
                                                                                                                                                                                                            RT_ICON0x12b0800x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088GermanGermany0.3173758865248227
                                                                                                                                                                                                            RT_ICON0x12b5480x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsGermanGermany0.2648916967509025
                                                                                                                                                                                                            RT_ICON0x12bdf00x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colorsGermanGermany0.2574884792626728
                                                                                                                                                                                                            RT_ICON0x12c4b80x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsGermanGermany0.24060693641618497
                                                                                                                                                                                                            RT_ICON0x12ca200x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224GermanGermany0.21599437148217637
                                                                                                                                                                                                            RT_ICON0x12dac80x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400GermanGermany0.2360655737704918
                                                                                                                                                                                                            RT_ICON0x12e4500x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088GermanGermany0.35106382978723405
                                                                                                                                                                                                            RT_ICON0x12e9180x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsGermanGermany0.16064981949458484
                                                                                                                                                                                                            RT_ICON0x12f1c00x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colorsGermanGermany0.17223502304147464
                                                                                                                                                                                                            RT_ICON0x12f8880x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsGermanGermany0.17052023121387283
                                                                                                                                                                                                            RT_ICON0x12fdf00x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224GermanGermany0.18644465290806755
                                                                                                                                                                                                            RT_ICON0x130e980x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400GermanGermany0.21475409836065573
                                                                                                                                                                                                            RT_ICON0x1318200x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088GermanGermany0.34574468085106386
                                                                                                                                                                                                            RT_ICON0x131ce80x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1152GermanGermany0.26805054151624547
                                                                                                                                                                                                            RT_ICON0x1325900x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsGermanGermany0.26011560693641617
                                                                                                                                                                                                            RT_ICON0x132af80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224GermanGermany0.16088180112570358
                                                                                                                                                                                                            RT_ICON0x133ba00x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088GermanGermany0.3191489361702128
                                                                                                                                                                                                            RT_ICON0x1340480x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsGermanGermany0.6213898916967509
                                                                                                                                                                                                            RT_ICON0x1348f00x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsGermanGermany0.40534682080924855
                                                                                                                                                                                                            RT_ICON0x134e580x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224GermanGermany0.501641651031895
                                                                                                                                                                                                            RT_ICON0x135f000x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088GermanGermany0.4849290780141844
                                                                                                                                                                                                            RT_ICON0x1363a80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224GermanGermany0.14610694183864917
                                                                                                                                                                                                            RT_ICON0x1374500x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400GermanGermany0.17131147540983607
                                                                                                                                                                                                            RT_ICON0x137dd80x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088GermanGermany0.2925531914893617
                                                                                                                                                                                                            RT_ICON0x1382700x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0GermanGermany0.150093808630394
                                                                                                                                                                                                            RT_ICON0x1393180x988Device independent bitmap graphic, 24 x 48 x 32, image size 0GermanGermany0.18114754098360655
                                                                                                                                                                                                            RT_ICON0x139ca00x468Device independent bitmap graphic, 16 x 32 x 32, image size 0GermanGermany0.3191489361702128
                                                                                                                                                                                                            RT_ICON0x13a1380x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600GermanGermany0.1037344398340249
                                                                                                                                                                                                            RT_ICON0x13c6e00x1a68Device independent bitmap graphic, 40 x 80 x 32, image size 6720GermanGermany0.1257396449704142
                                                                                                                                                                                                            RT_ICON0x13e1480x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224GermanGermany0.1573639774859287
                                                                                                                                                                                                            RT_ICON0x13f1f00x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400GermanGermany0.20532786885245902
                                                                                                                                                                                                            RT_ICON0x13fb780x6b8Device independent bitmap graphic, 20 x 40 x 32, image size 1680GermanGermany0.24941860465116278
                                                                                                                                                                                                            RT_ICON0x1402300x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088GermanGermany0.300531914893617
                                                                                                                                                                                                            RT_ICON0x1406f80x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsGermanGermany0.18637184115523467
                                                                                                                                                                                                            RT_ICON0x140fa00x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colorsGermanGermany0.23329493087557604
                                                                                                                                                                                                            RT_ICON0x1416680x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsGermanGermany0.17413294797687862
                                                                                                                                                                                                            RT_ICON0x141bd00x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224GermanGermany0.14094746716697937
                                                                                                                                                                                                            RT_ICON0x142c780x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400GermanGermany0.22581967213114754
                                                                                                                                                                                                            RT_ICON0x1436000x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088GermanGermany0.26152482269503546
                                                                                                                                                                                                            RT_ICON0x143ac80x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsGermanGermany0.3334837545126354
                                                                                                                                                                                                            RT_ICON0x1443700x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colorsGermanGermany0.08352534562211981
                                                                                                                                                                                                            RT_ICON0x144a380x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsGermanGermany0.4934971098265896
                                                                                                                                                                                                            RT_ICON0x144fa00x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224GermanGermany0.1149155722326454
                                                                                                                                                                                                            RT_ICON0x1460480x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400GermanGermany0.1971311475409836
                                                                                                                                                                                                            RT_ICON0x1469d00x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088GermanGermany0.2225177304964539
                                                                                                                                                                                                            RT_ICON0x146e980x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsGermanGermany0.5771660649819494
                                                                                                                                                                                                            RT_ICON0x1477400x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsGermanGermany0.7095375722543352
                                                                                                                                                                                                            RT_ICON0x147ca80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224GermanGermany0.22889305816135083
                                                                                                                                                                                                            RT_ICON0x148d500x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088GermanGermany0.40868794326241137
                                                                                                                                                                                                            RT_ICON0x1491f80x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsGermanGermany0.19359205776173286
                                                                                                                                                                                                            RT_ICON0x149aa00x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsGermanGermany0.20014450867052022
                                                                                                                                                                                                            RT_ICON0x14a0080x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224GermanGermany0.15830206378986866
                                                                                                                                                                                                            RT_ICON0x14b0b00x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088GermanGermany0.32890070921985815
                                                                                                                                                                                                            RT_ICON0x14b5580x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsGermanGermany0.2879061371841155
                                                                                                                                                                                                            RT_ICON0x14be000x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colorsGermanGermany0.25806451612903225
                                                                                                                                                                                                            RT_ICON0x14c4c80x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsGermanGermany0.23627167630057805
                                                                                                                                                                                                            RT_ICON0x14ca300x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224GermanGermany0.1425891181988743
                                                                                                                                                                                                            RT_ICON0x14dad80x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400GermanGermany0.18934426229508197
                                                                                                                                                                                                            RT_ICON0x14e4600x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088GermanGermany0.2641843971631206
                                                                                                                                                                                                            RT_ICON0x14e9280x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsGermanGermany0.2806859205776173
                                                                                                                                                                                                            RT_ICON0x14f1d00x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsGermanGermany0.2658959537572254
                                                                                                                                                                                                            RT_ICON0x14f7380x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224GermanGermany0.17073170731707318
                                                                                                                                                                                                            RT_ICON0x1507e00x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088GermanGermany0.37677304964539005
                                                                                                                                                                                                            RT_ICON0x150c880x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsGermanGermany0.5239169675090253
                                                                                                                                                                                                            RT_ICON0x1515300x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsGermanGermany0.45014450867052025
                                                                                                                                                                                                            RT_ICON0x151a980x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224GermanGermany0.34638836772983117
                                                                                                                                                                                                            RT_ICON0x152b400x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088GermanGermany0.5718085106382979
                                                                                                                                                                                                            RT_MENU0x152fe80x284Matlab v4 mat-file (little endian) p, numeric, rows 4391056, columns 5767252GermanGermany0.33229813664596275
                                                                                                                                                                                                            RT_DIALOG0xaa9100x42dataGermanGermany0.8484848484848485
                                                                                                                                                                                                            RT_DIALOG0xaa9580xf2dataGermanGermany0.7024793388429752
                                                                                                                                                                                                            RT_DIALOG0xaab980x3badataGermanGermany0.47064989517819705
                                                                                                                                                                                                            RT_DIALOG0xaaa500x142dataGermanGermany0.6180124223602484
                                                                                                                                                                                                            RT_DIALOG0xab0080x162dataGermanGermany0.6073446327683616
                                                                                                                                                                                                            RT_DIALOG0xaaf580xaadataGermanGermany0.7764705882352941
                                                                                                                                                                                                            RT_DIALOG0xab1700xaadataGermanGermany0.7588235294117647
                                                                                                                                                                                                            RT_DIALOG0xab2200xaedataGermanGermany0.7413793103448276
                                                                                                                                                                                                            RT_DIALOG0xab2d00x42dataGermanGermany0.8333333333333334
                                                                                                                                                                                                            RT_DIALOG0xab3180x102dataGermanGermany0.6821705426356589
                                                                                                                                                                                                            RT_DIALOG0xab4200xaadataGermanGermany0.7647058823529411
                                                                                                                                                                                                            RT_DIALOG0xab4d00x112dataGermanGermany0.6459854014598541
                                                                                                                                                                                                            RT_DIALOG0xab5e80xcadataGermanGermany0.7178217821782178
                                                                                                                                                                                                            RT_DIALOG0xab6b80xb2dataGermanGermany0.7584269662921348
                                                                                                                                                                                                            RT_DIALOG0xab7700xb2dataGermanGermany0.7584269662921348
                                                                                                                                                                                                            RT_DIALOG0xab8280x42dataGermanGermany0.8333333333333334
                                                                                                                                                                                                            RT_DIALOG0xab8700xb2dataGermanGermany0.7528089887640449
                                                                                                                                                                                                            RT_DIALOG0xab9280xecdataGermanGermany0.6949152542372882
                                                                                                                                                                                                            RT_DIALOG0xaba180xa6dataGermanGermany0.7650602409638554
                                                                                                                                                                                                            RT_DIALOG0xabac00x292dataGermanGermany0.5121580547112462
                                                                                                                                                                                                            RT_DIALOG0xabd580x17adataGermanGermany0.5502645502645502
                                                                                                                                                                                                            RT_DIALOG0xabed80xaadataGermanGermany0.7647058823529411
                                                                                                                                                                                                            RT_DIALOG0xabf880x15edataGermanGermany0.62
                                                                                                                                                                                                            RT_DIALOG0xac0e80x1b6dataGermanGermany0.5296803652968036
                                                                                                                                                                                                            RT_STRING0x180a380x292dataArabicSaudi Arabia0.506079027355623
                                                                                                                                                                                                            RT_STRING0x17c1280x2b8dataCzechCzech Republic0.507183908045977
                                                                                                                                                                                                            RT_STRING0x177ed00x288dataGermanGermany0.4691358024691358
                                                                                                                                                                                                            RT_STRING0x17d1d00x324dataGreekGreece0.5149253731343284
                                                                                                                                                                                                            RT_STRING0x1787280x23edataEnglishUnited States0.5104529616724739
                                                                                                                                                                                                            RT_STRING0x178e800x2cadataSpanishSpain0.4565826330532213
                                                                                                                                                                                                            RT_STRING0x1796e00x324dataFrenchFrance0.4490049751243781
                                                                                                                                                                                                            RT_STRING0x17a0c80x296dataItalianItaly0.48036253776435045
                                                                                                                                                                                                            RT_STRING0x17e3480x198dataJapaneseJapan0.7401960784313726
                                                                                                                                                                                                            RT_STRING0x17a9200x2b8dataDutchNetherlands0.46551724137931033
                                                                                                                                                                                                            RT_STRING0x17b1a00x246dataNorwegianNorway0.4948453608247423
                                                                                                                                                                                                            RT_STRING0x17db100x2badataPolishPoland0.4699140401146132
                                                                                                                                                                                                            RT_STRING0x17f1a00x2a6dataPortugueseBrazil0.4970501474926254
                                                                                                                                                                                                            RT_STRING0x17e9680x29edataRussianRussia0.5283582089552239
                                                                                                                                                                                                            RT_STRING0x17b9080x2a4dataSwedishSweden0.45710059171597633
                                                                                                                                                                                                            RT_STRING0x17c9780x2bedataTurkishTurkey0.50997150997151
                                                                                                                                                                                                            RT_STRING0x17f9c00x29cdataUkrainianUkrain0.5224550898203593
                                                                                                                                                                                                            RT_STRING0x1801f00x2cadataSlovenianSlovenia0.47759103641456585
                                                                                                                                                                                                            RT_STRING0x180cd00x2c2dataArabicSaudi Arabia0.4405099150141643
                                                                                                                                                                                                            RT_STRING0x17c3e00x276dataCzechCzech Republic0.5126984126984127
                                                                                                                                                                                                            RT_STRING0x1781580x2bedataGermanGermany0.48575498575498577
                                                                                                                                                                                                            RT_STRING0x17d4f80x2e0dataGreekGreece0.5027173913043478
                                                                                                                                                                                                            RT_STRING0x1789680x238dataEnglishUnited States0.5105633802816901
                                                                                                                                                                                                            RT_STRING0x1791500x2aedataSpanishSpain0.4650145772594752
                                                                                                                                                                                                            RT_STRING0x179a080x370dataFrenchFrance0.42727272727272725
                                                                                                                                                                                                            RT_STRING0x17a3600x29cdataItalianItaly0.4535928143712575
                                                                                                                                                                                                            RT_STRING0x17e4e00x1a2dataJapaneseJapan0.6913875598086124
                                                                                                                                                                                                            RT_STRING0x17abd80x2cedataDutchNetherlands0.4401114206128134
                                                                                                                                                                                                            RT_STRING0x17b3e80x240dataNorwegianNorway0.5069444444444444
                                                                                                                                                                                                            RT_STRING0x17ddd00x296dataPolishPoland0.5060422960725075
                                                                                                                                                                                                            RT_STRING0x17f4480x296dataPortugueseBrazil0.48338368580060426
                                                                                                                                                                                                            RT_STRING0x17ec080x2aadataRussianRussia0.4868035190615836
                                                                                                                                                                                                            RT_STRING0x17bbb00x292dataSwedishSweden0.49848024316109424
                                                                                                                                                                                                            RT_STRING0x17cc380x2b4dataTurkishTurkey0.5072254335260116
                                                                                                                                                                                                            RT_STRING0x17fc600x2aadataUkrainianUkrain0.4912023460410557
                                                                                                                                                                                                            RT_STRING0x1804c00x278dataSlovenianSlovenia0.49683544303797467
                                                                                                                                                                                                            RT_STRING0x180f980x2d4dataArabicSaudi Arabia0.4986187845303867
                                                                                                                                                                                                            RT_STRING0x17c6580x2eadataCzechCzech Republic0.5013404825737265
                                                                                                                                                                                                            RT_STRING0x1784180x2d2dataGermanGermany0.4986149584487535
                                                                                                                                                                                                            RT_STRING0x17d7d80x306dataGreekGreece0.5465116279069767
                                                                                                                                                                                                            RT_STRING0x178ba00x2aadataEnglishUnited States0.49266862170087977
                                                                                                                                                                                                            RT_STRING0x1794000x2aadataSpanishSpain0.49266862170087977
                                                                                                                                                                                                            RT_STRING0x179d780x31cdataFrenchFrance0.4748743718592965
                                                                                                                                                                                                            RT_STRING0x17a6000x2ecdataItalianItaly0.4786096256684492
                                                                                                                                                                                                            RT_STRING0x17e6880x2aadataJapaneseJapan0.49266862170087977
                                                                                                                                                                                                            RT_STRING0x17aea80x2c4dataDutchNetherlands0.4971751412429379
                                                                                                                                                                                                            RT_STRING0x17b6280x2aadataNorwegianNorway0.49266862170087977
                                                                                                                                                                                                            RT_STRING0x17e0680x2aadataPolishPoland0.49266862170087977
                                                                                                                                                                                                            RT_STRING0x17f6e00x2aadataPortugueseBrazil0.49266862170087977
                                                                                                                                                                                                            RT_STRING0x17eeb80x2b6dataRussianRussia0.5288184438040345
                                                                                                                                                                                                            RT_STRING0x17be480x2aadataSwedishSweden0.49266862170087977
                                                                                                                                                                                                            RT_STRING0x17cef00x2aadataTurkishTurkey0.49266862170087977
                                                                                                                                                                                                            RT_STRING0x17ff100x2b0dataUkrainianUkrain0.5130813953488372
                                                                                                                                                                                                            RT_STRING0x1807380x2d0dataSlovenianSlovenia0.4930555555555556
                                                                                                                                                                                                            RT_STRING0x1812700x2edataArabicSaudi Arabia0.5217391304347826
                                                                                                                                                                                                            RT_STRING0x17c9480x2edataCzechCzech Republic0.5217391304347826
                                                                                                                                                                                                            RT_STRING0x1786f00x32dataGermanGermany0.54
                                                                                                                                                                                                            RT_STRING0x17dae00x2edataGreekGreece0.5217391304347826
                                                                                                                                                                                                            RT_STRING0x178e500x2edataEnglishUnited States0.5217391304347826
                                                                                                                                                                                                            RT_STRING0x1796b00x2edataSpanishSpain0.5217391304347826
                                                                                                                                                                                                            RT_STRING0x17a0980x2edataFrenchFrance0.5217391304347826
                                                                                                                                                                                                            RT_STRING0x17a8f00x2edataItalianItaly0.5217391304347826
                                                                                                                                                                                                            RT_STRING0x17e9380x2edataJapaneseJapan0.5217391304347826
                                                                                                                                                                                                            RT_STRING0x17b1700x2edataDutchNetherlands0.5217391304347826
                                                                                                                                                                                                            RT_STRING0x17b8d80x2edataNorwegianNorway0.5217391304347826
                                                                                                                                                                                                            RT_STRING0x17e3180x2edataPolishPoland0.5217391304347826
                                                                                                                                                                                                            RT_STRING0x17f9900x2edataPortugueseBrazil0.5217391304347826
                                                                                                                                                                                                            RT_STRING0x17f1700x2edataRussianRussia0.5217391304347826
                                                                                                                                                                                                            RT_STRING0x17c0f80x2edataSwedishSweden0.5217391304347826
                                                                                                                                                                                                            RT_STRING0x17d1a00x2edataTurkishTurkey0.5217391304347826
                                                                                                                                                                                                            RT_STRING0x1801c00x2edataUkrainianUkrain0.5217391304347826
                                                                                                                                                                                                            RT_STRING0x180a080x2edataSlovenianSlovenia0.5217391304347826
                                                                                                                                                                                                            RT_RCDATA0x15b8e80x1c5e8PE32 executable (DLL) (console) Intel 80386, for MS WindowsArabicSaudi Arabia0.5537779690189328
                                                                                                                                                                                                            RT_GROUP_CURSOR0x1542280x14Lotus unknown worksheet or configuration, revision 0x1GermanGermany1.3
                                                                                                                                                                                                            RT_GROUP_ICON0xb2a600x76dataGermanGermany0.6610169491525424
                                                                                                                                                                                                            RT_GROUP_ICON0xb4df80x3edataGermanGermany0.8064516129032258
                                                                                                                                                                                                            RT_GROUP_ICON0xb63480x22dataGermanGermany1.0588235294117647
                                                                                                                                                                                                            RT_GROUP_ICON0xb96e00x5adataGermanGermany0.7555555555555555
                                                                                                                                                                                                            RT_GROUP_ICON0xbcab00x5adataGermanGermany0.7555555555555555
                                                                                                                                                                                                            RT_GROUP_ICON0xbfe800x5adataGermanGermany0.7444444444444445
                                                                                                                                                                                                            RT_GROUP_ICON0xc32500x5adataGermanGermany0.7555555555555555
                                                                                                                                                                                                            RT_GROUP_ICON0xc66200x5adataGermanGermany0.7666666666666667
                                                                                                                                                                                                            RT_GROUP_ICON0xc99f00x5adataGermanGermany0.7666666666666667
                                                                                                                                                                                                            RT_GROUP_ICON0xccdc00x5adataGermanGermany0.7666666666666667
                                                                                                                                                                                                            RT_GROUP_ICON0xd01900x5adataGermanGermany0.7666666666666667
                                                                                                                                                                                                            RT_GROUP_ICON0xd25100x3edataGermanGermany0.8387096774193549
                                                                                                                                                                                                            RT_GROUP_ICON0xd48700x3edataGermanGermany0.8387096774193549
                                                                                                                                                                                                            RT_GROUP_ICON0xd6bd00x3edataGermanGermany0.8387096774193549
                                                                                                                                                                                                            RT_GROUP_ICON0xd9f800x5adataGermanGermany0.7666666666666667
                                                                                                                                                                                                            RT_GROUP_ICON0xdc3000x3edataGermanGermany0.8387096774193549
                                                                                                                                                                                                            RT_GROUP_ICON0xde6600x3edataGermanGermany0.8387096774193549
                                                                                                                                                                                                            RT_GROUP_ICON0xe1a100x5adataGermanGermany0.7666666666666667
                                                                                                                                                                                                            RT_GROUP_ICON0xe4de00x5adataGermanGermany0.7666666666666667
                                                                                                                                                                                                            RT_GROUP_ICON0xe71600x3edataGermanGermany0.8064516129032258
                                                                                                                                                                                                            RT_GROUP_ICON0xe94c00x3edataGermanGermany0.8064516129032258
                                                                                                                                                                                                            RT_GROUP_ICON0xeb8200x3edataGermanGermany0.8225806451612904
                                                                                                                                                                                                            RT_GROUP_ICON0xedb800x3edataGermanGermany0.8225806451612904
                                                                                                                                                                                                            RT_GROUP_ICON0xefee00x3edataGermanGermany0.8387096774193549
                                                                                                                                                                                                            RT_GROUP_ICON0xf22400x3edataGermanGermany0.8387096774193549
                                                                                                                                                                                                            RT_GROUP_ICON0xf55f00x5adataGermanGermany0.7666666666666667
                                                                                                                                                                                                            RT_GROUP_ICON0xf79700x3edataGermanGermany0.8387096774193549
                                                                                                                                                                                                            RT_GROUP_ICON0xf9cd00x3edataGermanGermany0.8387096774193549
                                                                                                                                                                                                            RT_GROUP_ICON0xfc0300x3edataGermanGermany0.8387096774193549
                                                                                                                                                                                                            RT_GROUP_ICON0xfe3900x3edataGermanGermany0.8387096774193549
                                                                                                                                                                                                            RT_GROUP_ICON0x1017400x5adataGermanGermany0.7666666666666667
                                                                                                                                                                                                            RT_GROUP_ICON0x103ac00x3edataGermanGermany0.8387096774193549
                                                                                                                                                                                                            RT_GROUP_ICON0x106e700x5adataGermanGermany0.7666666666666667
                                                                                                                                                                                                            RT_GROUP_ICON0x108d680x30dataGermanGermany0.9583333333333334
                                                                                                                                                                                                            RT_GROUP_ICON0x10ac300x30dataGermanGermany0.9583333333333334
                                                                                                                                                                                                            RT_GROUP_ICON0x10cf800x3edataGermanGermany0.8064516129032258
                                                                                                                                                                                                            RT_GROUP_ICON0x10f2e00x3edataGermanGermany0.8225806451612904
                                                                                                                                                                                                            RT_GROUP_ICON0x1126900x5adataGermanGermany0.7666666666666667
                                                                                                                                                                                                            RT_GROUP_ICON0x115a600x5adataGermanGermany0.7666666666666667
                                                                                                                                                                                                            RT_GROUP_ICON0x1168d00x22dataGermanGermany1.0588235294117647
                                                                                                                                                                                                            RT_GROUP_ICON0x118c180x3edataGermanGermany0.8387096774193549
                                                                                                                                                                                                            RT_GROUP_ICON0x11af780x3edataGermanGermany0.8387096774193549
                                                                                                                                                                                                            RT_GROUP_ICON0x11e3280x5adataGermanGermany0.7555555555555555
                                                                                                                                                                                                            RT_GROUP_ICON0x1206a80x3edataGermanGermany0.8387096774193549
                                                                                                                                                                                                            RT_GROUP_ICON0x122a080x3edataGermanGermany0.8387096774193549
                                                                                                                                                                                                            RT_GROUP_ICON0x124d680x3edataGermanGermany0.8387096774193549
                                                                                                                                                                                                            RT_GROUP_ICON0x1281180x5adataGermanGermany0.7666666666666667
                                                                                                                                                                                                            RT_GROUP_ICON0x12b4e80x5adataGermanGermany0.7666666666666667
                                                                                                                                                                                                            RT_GROUP_ICON0x12e8b80x5adataGermanGermany0.7666666666666667
                                                                                                                                                                                                            RT_GROUP_ICON0x131c880x5adataGermanGermany0.7666666666666667
                                                                                                                                                                                                            RT_GROUP_ICON0x1340080x3edataGermanGermany0.8387096774193549
                                                                                                                                                                                                            RT_GROUP_ICON0x1363680x3edataGermanGermany0.8225806451612904
                                                                                                                                                                                                            RT_GROUP_ICON0x1382400x30dataGermanGermany0.9583333333333334
                                                                                                                                                                                                            RT_GROUP_ICON0x13a1080x30dataGermanGermany0.9583333333333334
                                                                                                                                                                                                            RT_GROUP_ICON0x1406980x5adataGermanGermany0.7888888888888889
                                                                                                                                                                                                            RT_GROUP_ICON0x143a680x5adataGermanGermany0.7555555555555555
                                                                                                                                                                                                            RT_GROUP_ICON0x146e380x5adataGermanGermany0.7666666666666667
                                                                                                                                                                                                            RT_GROUP_ICON0x1491b80x3edataGermanGermany0.8225806451612904
                                                                                                                                                                                                            RT_GROUP_ICON0x14b5180x3edataGermanGermany0.8387096774193549
                                                                                                                                                                                                            RT_GROUP_ICON0x14e8c80x5adataGermanGermany0.7666666666666667
                                                                                                                                                                                                            RT_GROUP_ICON0x150c480x3edataGermanGermany0.8225806451612904
                                                                                                                                                                                                            RT_GROUP_ICON0x152fa80x3edataGermanGermany0.8387096774193549
                                                                                                                                                                                                            RT_VERSION0xaa5400x3ccdataGermanGermany0.4444444444444444
                                                                                                                                                                                                            RT_HTML0x154e480x407GIF image data, version 89a, 32 x 32GermanGermany0.33365664403491757
                                                                                                                                                                                                            RT_HTML0x1548900x5b8GIF image data, version 89a, 128 x 95GermanGermany0.6263661202185792
                                                                                                                                                                                                            RT_HTML0x1542400x64bHTML document, ASCII text, with CRLF line terminatorsGermanGermany0.41402855369335817
                                                                                                                                                                                                            RT_HTML0x1552500x420HTML document, ASCII text, with CRLF line terminatorsGermanGermany0.5113636363636364
                                                                                                                                                                                                            RT_HTML0x1556700x10eASCII text, with CRLF line terminatorsGermanGermany0.6111111111111112
                                                                                                                                                                                                            RT_HTML0x1557800x9baPNG image data, 32 x 32, 8-bit/color RGBA, non-interlacedGermanGermany1.004417670682731
                                                                                                                                                                                                            RT_HTML0x1561400x2a4PNG image data, 32 x 32, 8-bit/color RGBA, non-interlacedGermanGermany1.0118343195266273
                                                                                                                                                                                                            RT_HTML0x1563e80x1bfPNG image data, 32 x 32, 8-bit/color RGBA, non-interlacedGermanGermany1.0246085011185682
                                                                                                                                                                                                            RT_HTML0x1565a80x612PNG image data, 32 x 32, 8-bit/color RGBA, non-interlacedGermanGermany1.007078507078507
                                                                                                                                                                                                            RT_HTML0x156bc00x670PNG image data, 32 x 32, 8-bit/color RGBA, non-interlacedGermanGermany1.0066747572815533
                                                                                                                                                                                                            RT_HTML0x1572300x2bePNG image data, 32 x 32, 8-bit/color RGBA, non-interlacedGermanGermany1.0156695156695157
                                                                                                                                                                                                            RT_HTML0x1574f00x383PNG image data, 32 x 32, 8-bit/color RGBA, non-interlacedGermanGermany1.0122358175750834
                                                                                                                                                                                                            RT_HTML0x1578780x366PNG image data, 32 x 32, 8-bit/color RGBA, non-interlacedGermanGermany1.0126436781609196
                                                                                                                                                                                                            RT_HTML0x157be00x636PNG image data, 32 x 32, 8-bit/color RGBA, non-interlacedGermanGermany1.0069182389937108
                                                                                                                                                                                                            RT_HTML0x1582180x546PNG image data, 32 x 32, 8-bit/color RGBA, non-interlacedGermanGermany1.0081481481481482
                                                                                                                                                                                                            RT_HTML0x1587600x1e1PNG image data, 32 x 32, 8-bit/color RGBA, non-interlacedGermanGermany1.022869022869023
                                                                                                                                                                                                            RT_HTML0x1589480x52cPNG image data, 32 x 32, 8-bit/color RGBA, non-interlacedGermanGermany1.008308157099698
                                                                                                                                                                                                            RT_HTML0x158e780x71bPNG image data, 32 x 32, 8-bit/color RGBA, non-interlacedGermanGermany1.006047278724574
                                                                                                                                                                                                            RT_HTML0x1595980x431PNG image data, 32 x 32, 8-bit/color RGBA, non-interlacedGermanGermany1.0102516309412861
                                                                                                                                                                                                            RT_HTML0x1599d00x705PNG image data, 32 x 32, 8-bit/color RGBA, non-interlacedGermanGermany1.0061213132999443
                                                                                                                                                                                                            RT_HTML0x15a0d80x569PNG image data, 32 x 32, 8-bit/color RGBA, non-interlacedGermanGermany1.007942238267148
                                                                                                                                                                                                            RT_HTML0x15a6480x955PNG image data, 32 x 32, 8-bit/color RGBA, non-interlacedGermanGermany1.0046044370029301
                                                                                                                                                                                                            RT_HTML0x15afa00x569PNG image data, 32 x 32, 8-bit/color RGBA, non-interlacedGermanGermany1.007942238267148
                                                                                                                                                                                                            RT_HTML0x15b5100x3d7PNG image data, 32 x 32, 8-bit/color RGBA, non-interlacedGermanGermany1.0111902339776195
                                                                                                                                                                                                            RT_MANIFEST0x1532700x701XML 1.0 document, ASCII text, with CRLF line terminatorsGermanGermany0.403792526491913

                                                                                                                                                                                                            Imports

                                                                                                                                                                                                            DLLImport
                                                                                                                                                                                                            KERNEL32.dllCreateEventW, SetEvent, ResetEvent, WaitForMultipleObjectsEx, FileTimeToSystemTime, FileTimeToLocalFileTime, SystemTimeToFileTime, GetSystemTime, GetLocalTime, LocalFileTimeToFileTime, GetDateFormatW, GetTimeFormatW, GetFileAttributesW, GetFileSize, FindClose, FindFirstFileW, CreateFileW, GetCurrentDirectoryW, GetTempPathW, GetCurrentProcess, GetSystemDirectoryW, GetWindowsDirectoryW, SetFileAttributesW, CreateDirectoryW, MoveFileW, FindNextFileW, WritePrivateProfileStringW, GetShortPathNameW, MoveFileExW, RemoveDirectoryW, ReadFile, WriteFile, FlushFileBuffers, UnmapViewOfFile, SetFilePointer, SetEndOfFile, MapViewOfFile, CreateFileMappingW, OpenFileMappingW, SetFileTime, LocalFree, GetCurrentProcessId, TerminateProcess, SetEnvironmentVariableW, GetEnvironmentVariableW, CreateMutexW, FormatMessageW, GlobalUnlock, GlobalLock, SetLastError, GetModuleFileNameW, LocalAlloc, LockResource, SizeofResource, LoadResource, FindResourceExW, MulDiv, GlobalFree, GlobalAlloc, GetCommandLineW, GetSystemDefaultLangID, GetUserDefaultLangID, GetThreadSelectorEntry, GetVersionExA, InitializeCriticalSection, DeleteCriticalSection, EnterCriticalSection, LeaveCriticalSection, QueryPerformanceFrequency, QueryPerformanceCounter, GetVersionExW, GetPrivateProfileStringW, GetVolumeInformationW, GetModuleFileNameA, lstrcpyA, GetTimeZoneInformation, GetVersion, SetFileAttributesA, CreateFileA, GetVolumeInformationA, GetFullPathNameA, FindFirstFileA, FindNextFileA, SetVolumeLabelA, lstrlenA, GetDriveTypeA, GetLocaleInfoA, GetFileAttributesA, GetFileTime, FileTimeToDosDateTime, RtlUnwind, HeapFree, HeapAlloc, GetModuleHandleA, GetStartupInfoA, GetCommandLineA, ExitProcess, HeapReAlloc, RaiseException, TlsSetValue, TlsAlloc, TlsGetValue, GetEnvironmentVariableA, HeapDestroy, HeapCreate, VirtualFree, VirtualAlloc, IsBadWritePtr, HeapSize, LCMapStringA, LCMapStringW, UnhandledExceptionFilter, FreeEnvironmentStringsA, FreeEnvironmentStringsW, GetEnvironmentStrings, GetEnvironmentStringsW, SetHandleCount, GetStdHandle, GetFileType, CompareStringA, GetStringTypeA, GetStringTypeW, GetCPInfo, GetACP, GetOEMCP, IsBadReadPtr, IsBadCodePtr, LoadLibraryA, SetStdHandle, SetEnvironmentVariableA, DeleteFileW, GetExitCodeThread, TerminateThread, CreateThread, OpenProcess, GetModuleHandleW, CloseHandle, GetProcAddress, FreeLibrary, SetErrorMode, LoadLibraryW, InterlockedIncrement, InterlockedDecrement, WideCharToMultiByte, GetThreadLocale, GetStringTypeExW, CompareStringW, MultiByteToWideChar, DeleteFileA, CreateDirectoryA, GetCurrentDirectoryA, SetUnhandledExceptionFilter, GetCurrentThreadId, ExitThread, ExpandEnvironmentStringsW, GetLocaleInfoW, GetTickCount, GetLastError, lstrlenW, Sleep
                                                                                                                                                                                                            USER32.dllPtInRect, AdjustWindowRectEx, CreateIconIndirect, GetDC, ReleaseDC, FrameRect, DrawFocusRect, RegisterWindowMessageW, EqualRect, EndPaint, DrawEdge, BeginPaint, CopyRect, DrawMenuBar, SetMenu, RemoveMenu, GetMenuItemCount, GetWindowDC, GetMenu, RegisterClipboardFormatW, GetDlgCtrlID, GetSysColorBrush, DrawFrameControl, RegisterClassExW, LoadIconW, LoadAcceleratorsW, IsDialogMessageW, TranslateAcceleratorW, TranslateMDISysAccel, GetMessageW, DefFrameProcW, DefWindowProcW, SetMenuInfo, SetMenuItemInfoW, GetMenuItemInfoW, InsertMenuItemW, DeleteMenu, GetSubMenu, LoadMenuW, LoadMenuIndirectW, CreatePopupMenu, DestroyMenu, TrackPopupMenu, GetMenuState, SetMenuDefaultItem, WindowFromPoint, LoadBitmapW, GetWindowTextLengthW, OemToCharA, CharToOemA, ScreenToClient, FillRect, IsDlgButtonChecked, CheckDlgButton, GetDlgItem, InvalidateRect, MapWindowPoints, GetKeyState, SetDlgItemTextW, LoadCursorW, SetCursor, AttachThreadInput, UnhookWindowsHookEx, SetWindowsHookExW, IsWindowVisible, IsWindow, EnumWindows, GetDesktopWindow, GetWindowLongW, GetClassNameW, GetWindowTextW, GetParent, GetClassLongW, MsgWaitForMultipleObjects, PeekMessageW, PostQuitMessage, MsgWaitForMultipleObjectsEx, MoveWindow, SetFocus, CreateWindowExW, SetClassLongW, GetForegroundWindow, CharNextW, PostMessageW, CallNextHookEx, SendMessageW, RedrawWindow, EndDialog, DestroyWindow, CreateDialogIndirectParamW, CreateDialogParamW, DialogBoxIndirectParamW, DialogBoxParamW, UpdateWindow, LoadStringW, MapDialogRect, BringWindowToTop, SetForegroundWindow, keybd_event, SetActiveWindow, GetFocus, SetWindowPlacement, GetDoubleClickTime, GetWindowThreadProcessId, ShowWindow, KillTimer, SystemParametersInfoW, GetWindowRect, SetWindowPos, GetClientRect, TranslateMessage, DispatchMessageW, DrawIconEx, DestroyIcon, DrawTextW, CopyIcon, GetSystemMetrics, LoadImageW, SendDlgItemMessageW, SetTimer, EnableWindow, GetDlgItemTextW, SetWindowTextW, GetMessagePos, GetCapture, ReleaseCapture, InflateRect, SetCapture, GetCursorPos, GetSysColor, CallWindowProcW, GetPropW, SetPropW, RemovePropW, SetWindowLongW, GetWindowPlacement, MessageBoxW, GetWindow
                                                                                                                                                                                                            GDI32.dllCreateCompatibleDC, Ellipse, BitBlt, StretchBlt, SelectObject, SetTextColor, SetBkMode, GetObjectW, SetStretchBltMode, CreateSolidBrush, CreateDIBSection, CreateCompatibleBitmap, DeleteDC, DeleteObject, GetStockObject, RoundRect, SetPolyFillMode, ExcludeClipRect, GdiFlush, CreatePen, Polyline, GetPixel, Polygon, GetDeviceCaps, RestoreDC, CreateFontW, GetTextFaceW, GetTextMetricsW, SaveDC, CreateFontIndirectW, EnumFontFamiliesExW, GetTextExtentPoint32W, Rectangle, SetROP2, CreateHatchBrush, GetBkColor, GetTextColor, SetBkColor
                                                                                                                                                                                                            ole32.dllReleaseStgMedium, CoCreateGuid, CoInitialize, OleSetMenuDescriptor, CoCreateInstance, CoTaskMemAlloc, OleInitialize, OleUninitialize, OleSave, StringFromGUID2, OleRun, CLSIDFromProgID, OleSetContainedObject, CoTaskMemFree, OleDraw, CoUninitialize, CreateStreamOnHGlobal
                                                                                                                                                                                                            OLEAUT32.dllSysAllocString, VariantClear, VariantInit, SysFreeString, VariantChangeType, SafeArrayDestroy, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayCreateVector, SafeArrayCreate, SafeArrayPtrOfIndex
                                                                                                                                                                                                            COMCTL32.dllImageList_ReplaceIcon, ImageList_GetIcon, ImageList_GetImageCount, ImageList_DrawEx, ImageList_Draw, ImageList_Remove, ImageList_Destroy, ImageList_Create, ImageList_SetBkColor
                                                                                                                                                                                                            VERSION.dllGetFileVersionInfoW, GetFileVersionInfoSizeW, VerQueryValueW
                                                                                                                                                                                                            WINMM.dlltimeGetTime, PlaySoundW
                                                                                                                                                                                                            comdlg32.dllCommDlgExtendedError, GetSaveFileNameW, GetOpenFileNameW
                                                                                                                                                                                                            ADVAPI32.dllCryptGenRandom, CryptAcquireContextW, CryptDestroyHash, CryptGetHashParam, CryptHashData, CryptCreateHash, CryptDestroyKey, CryptEncrypt, CryptDeriveKey, CryptDecrypt, GetUserNameW, RegSetKeySecurity, RegEnumValueW, RegEnumKeyExW, RegDeleteKeyW, RegCloseKey, RegDeleteValueW, RegSetValueExW, RegCreateKeyW, RegCreateKeyExW, RegQueryValueExW, RegOpenKeyExW, CryptReleaseContext
                                                                                                                                                                                                            SHELL32.dllDragQueryFileW, SHAppBarMessage, Shell_NotifyIconW, ShellExecuteExW, SHGetMalloc, SHGetSpecialFolderLocation, SHGetPathFromIDListW, SHGetFileInfoW

                                                                                                                                                                                                            Version Infos

                                                                                                                                                                                                            DescriptionData
                                                                                                                                                                                                            Commentshttp://www.the-sz.com/
                                                                                                                                                                                                            CompanyNamethe sz development
                                                                                                                                                                                                            FileDescriptionHoward
                                                                                                                                                                                                            FileVersion2.09
                                                                                                                                                                                                            InternalNameHoward
                                                                                                                                                                                                            LegalCopyright 2013-2025 the sz development. All rights reserved.
                                                                                                                                                                                                            LegalTrademarks
                                                                                                                                                                                                            OriginalFilenameHoward.exe
                                                                                                                                                                                                            PrivateBuild
                                                                                                                                                                                                            ProductNamethe sz development Howard
                                                                                                                                                                                                            ProductVersion2.09
                                                                                                                                                                                                            SpecialBuildThe SZ
                                                                                                                                                                                                            Translation0x0407 0x04b0

                                                                                                                                                                                                            Possible Origin

                                                                                                                                                                                                            Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                            GermanGermany
                                                                                                                                                                                                            ArabicSaudi Arabia
                                                                                                                                                                                                            CzechCzech Republic
                                                                                                                                                                                                            GreekGreece
                                                                                                                                                                                                            EnglishUnited States
                                                                                                                                                                                                            SpanishSpain
                                                                                                                                                                                                            FrenchFrance
                                                                                                                                                                                                            ItalianItaly
                                                                                                                                                                                                            JapaneseJapan
                                                                                                                                                                                                            DutchNetherlands
                                                                                                                                                                                                            NorwegianNorway
                                                                                                                                                                                                            PolishPoland
                                                                                                                                                                                                            PortugueseBrazil
                                                                                                                                                                                                            RussianRussia
                                                                                                                                                                                                            SwedishSweden
                                                                                                                                                                                                            TurkishTurkey
                                                                                                                                                                                                            UkrainianUkrain
                                                                                                                                                                                                            SlovenianSlovenia

                                                                                                                                                                                                            Network Behavior

                                                                                                                                                                                                            Suricata IDS Alerts

                                                                                                                                                                                                            TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                            2025-02-14T06:31:23.386495+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.45726995.216.180.186443TCP
                                                                                                                                                                                                            2025-02-14T06:32:09.825347+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.44973695.216.180.186443TCP
                                                                                                                                                                                                            2025-02-14T06:32:45.777565+01002028765ET JA3 Hash - [Abuse.ch] Possible Dridex3192.168.2.44975395.216.180.186443TCP

                                                                                                                                                                                                            Network Port Distribution

                                                                                                                                                                                                            TCP Packets

                                                                                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                            Feb 14, 2025 06:31:23.386495113 CET49675443192.168.2.4173.222.162.32
                                                                                                                                                                                                            Feb 14, 2025 06:31:33.976588011 CET49731443192.168.2.4149.154.167.99
                                                                                                                                                                                                            Feb 14, 2025 06:31:33.976660967 CET44349731149.154.167.99192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:31:33.976736069 CET49731443192.168.2.4149.154.167.99
                                                                                                                                                                                                            Feb 14, 2025 06:31:33.987054110 CET49731443192.168.2.4149.154.167.99
                                                                                                                                                                                                            Feb 14, 2025 06:31:33.987107992 CET44349731149.154.167.99192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:31:34.603162050 CET44349731149.154.167.99192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:31:34.603234053 CET49731443192.168.2.4149.154.167.99
                                                                                                                                                                                                            Feb 14, 2025 06:31:34.664388895 CET49731443192.168.2.4149.154.167.99
                                                                                                                                                                                                            Feb 14, 2025 06:31:34.664428949 CET44349731149.154.167.99192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:31:34.665011883 CET44349731149.154.167.99192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:31:34.665074110 CET49731443192.168.2.4149.154.167.99
                                                                                                                                                                                                            Feb 14, 2025 06:31:34.668682098 CET49731443192.168.2.4149.154.167.99
                                                                                                                                                                                                            Feb 14, 2025 06:31:34.711369991 CET44349731149.154.167.99192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:31:34.862495899 CET44349731149.154.167.99192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:31:34.862529993 CET44349731149.154.167.99192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:31:34.862610102 CET44349731149.154.167.99192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:31:34.862644911 CET44349731149.154.167.99192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:31:34.862658978 CET49731443192.168.2.4149.154.167.99
                                                                                                                                                                                                            Feb 14, 2025 06:31:34.862659931 CET49731443192.168.2.4149.154.167.99
                                                                                                                                                                                                            Feb 14, 2025 06:31:34.862698078 CET49731443192.168.2.4149.154.167.99
                                                                                                                                                                                                            Feb 14, 2025 06:31:34.862698078 CET49731443192.168.2.4149.154.167.99
                                                                                                                                                                                                            Feb 14, 2025 06:31:34.864415884 CET49731443192.168.2.4149.154.167.99
                                                                                                                                                                                                            Feb 14, 2025 06:31:34.864440918 CET44349731149.154.167.99192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:31:36.473814011 CET49733443192.168.2.423.197.127.21
                                                                                                                                                                                                            Feb 14, 2025 06:31:36.473841906 CET4434973323.197.127.21192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:31:36.473998070 CET49733443192.168.2.423.197.127.21
                                                                                                                                                                                                            Feb 14, 2025 06:31:36.474283934 CET49733443192.168.2.423.197.127.21
                                                                                                                                                                                                            Feb 14, 2025 06:31:36.474292040 CET4434973323.197.127.21192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:31:37.129698038 CET4434973323.197.127.21192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:31:37.129772902 CET49733443192.168.2.423.197.127.21
                                                                                                                                                                                                            Feb 14, 2025 06:31:37.134521008 CET49733443192.168.2.423.197.127.21
                                                                                                                                                                                                            Feb 14, 2025 06:31:37.134527922 CET4434973323.197.127.21192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:31:37.134923935 CET4434973323.197.127.21192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:31:37.134988070 CET49733443192.168.2.423.197.127.21
                                                                                                                                                                                                            Feb 14, 2025 06:31:37.135548115 CET49733443192.168.2.423.197.127.21
                                                                                                                                                                                                            Feb 14, 2025 06:31:37.179337978 CET4434973323.197.127.21192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:31:37.627537012 CET4434973323.197.127.21192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:31:37.627559900 CET4434973323.197.127.21192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:31:37.627578020 CET4434973323.197.127.21192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:31:37.627631903 CET49733443192.168.2.423.197.127.21
                                                                                                                                                                                                            Feb 14, 2025 06:31:37.627641916 CET4434973323.197.127.21192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:31:37.627670050 CET49733443192.168.2.423.197.127.21
                                                                                                                                                                                                            Feb 14, 2025 06:31:37.627702951 CET49733443192.168.2.423.197.127.21
                                                                                                                                                                                                            Feb 14, 2025 06:31:37.714253902 CET4434973323.197.127.21192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:31:37.714344025 CET49733443192.168.2.423.197.127.21
                                                                                                                                                                                                            Feb 14, 2025 06:31:37.714345932 CET4434973323.197.127.21192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:31:37.714376926 CET4434973323.197.127.21192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:31:37.714421988 CET49733443192.168.2.423.197.127.21
                                                                                                                                                                                                            Feb 14, 2025 06:31:37.732229948 CET4434973323.197.127.21192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:31:37.732275009 CET4434973323.197.127.21192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:31:37.732316971 CET4434973323.197.127.21192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:31:37.732330084 CET49733443192.168.2.423.197.127.21
                                                                                                                                                                                                            Feb 14, 2025 06:31:37.732347965 CET4434973323.197.127.21192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:31:37.732364893 CET49733443192.168.2.423.197.127.21
                                                                                                                                                                                                            Feb 14, 2025 06:31:37.732438087 CET4434973323.197.127.21192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:31:37.732522011 CET49733443192.168.2.423.197.127.21
                                                                                                                                                                                                            Feb 14, 2025 06:31:37.732533932 CET49733443192.168.2.423.197.127.21
                                                                                                                                                                                                            Feb 14, 2025 06:31:37.732995033 CET49733443192.168.2.423.197.127.21
                                                                                                                                                                                                            Feb 14, 2025 06:31:37.733009100 CET4434973323.197.127.21192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:31:37.745727062 CET49736443192.168.2.495.216.180.186
                                                                                                                                                                                                            Feb 14, 2025 06:31:37.745764017 CET4434973695.216.180.186192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:31:37.746077061 CET49736443192.168.2.495.216.180.186
                                                                                                                                                                                                            Feb 14, 2025 06:31:37.746484995 CET49736443192.168.2.495.216.180.186
                                                                                                                                                                                                            Feb 14, 2025 06:31:37.746505022 CET4434973695.216.180.186192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:32:09.825346947 CET49736443192.168.2.495.216.180.186
                                                                                                                                                                                                            Feb 14, 2025 06:32:09.826808929 CET49740443192.168.2.4149.154.167.99
                                                                                                                                                                                                            Feb 14, 2025 06:32:09.826860905 CET44349740149.154.167.99192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:32:09.827097893 CET49740443192.168.2.4149.154.167.99
                                                                                                                                                                                                            Feb 14, 2025 06:32:09.827208042 CET49740443192.168.2.4149.154.167.99
                                                                                                                                                                                                            Feb 14, 2025 06:32:09.827243090 CET44349740149.154.167.99192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:32:10.439512014 CET44349740149.154.167.99192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:32:10.439587116 CET49740443192.168.2.4149.154.167.99
                                                                                                                                                                                                            Feb 14, 2025 06:32:10.440063000 CET49740443192.168.2.4149.154.167.99
                                                                                                                                                                                                            Feb 14, 2025 06:32:10.440073967 CET44349740149.154.167.99192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:32:10.448494911 CET49740443192.168.2.4149.154.167.99
                                                                                                                                                                                                            Feb 14, 2025 06:32:10.448501110 CET44349740149.154.167.99192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:32:10.699978113 CET44349740149.154.167.99192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:32:10.700045109 CET44349740149.154.167.99192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:32:10.700074911 CET49740443192.168.2.4149.154.167.99
                                                                                                                                                                                                            Feb 14, 2025 06:32:10.700083971 CET44349740149.154.167.99192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:32:10.700103998 CET49740443192.168.2.4149.154.167.99
                                                                                                                                                                                                            Feb 14, 2025 06:32:10.700115919 CET44349740149.154.167.99192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:32:10.700145006 CET49740443192.168.2.4149.154.167.99
                                                                                                                                                                                                            Feb 14, 2025 06:32:10.700161934 CET49740443192.168.2.4149.154.167.99
                                                                                                                                                                                                            Feb 14, 2025 06:32:10.700176954 CET44349740149.154.167.99192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:32:10.700215101 CET49740443192.168.2.4149.154.167.99
                                                                                                                                                                                                            Feb 14, 2025 06:32:10.700263977 CET44349740149.154.167.99192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:32:10.700309992 CET49740443192.168.2.4149.154.167.99
                                                                                                                                                                                                            Feb 14, 2025 06:32:10.700421095 CET49740443192.168.2.4149.154.167.99
                                                                                                                                                                                                            Feb 14, 2025 06:32:10.700436115 CET44349740149.154.167.99192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:32:12.485447884 CET49742443192.168.2.423.197.127.21
                                                                                                                                                                                                            Feb 14, 2025 06:32:12.485505104 CET4434974223.197.127.21192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:32:12.485570908 CET49742443192.168.2.423.197.127.21
                                                                                                                                                                                                            Feb 14, 2025 06:32:12.485788107 CET49742443192.168.2.423.197.127.21
                                                                                                                                                                                                            Feb 14, 2025 06:32:12.485806942 CET4434974223.197.127.21192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:32:13.120774984 CET4434974223.197.127.21192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:32:13.121131897 CET49742443192.168.2.423.197.127.21
                                                                                                                                                                                                            Feb 14, 2025 06:32:13.121823072 CET49742443192.168.2.423.197.127.21
                                                                                                                                                                                                            Feb 14, 2025 06:32:13.121853113 CET4434974223.197.127.21192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:32:13.123363018 CET49742443192.168.2.423.197.127.21
                                                                                                                                                                                                            Feb 14, 2025 06:32:13.123374939 CET4434974223.197.127.21192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:32:13.596389055 CET4434974223.197.127.21192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:32:13.596462011 CET4434974223.197.127.21192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:32:13.596504927 CET4434974223.197.127.21192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:32:13.596719027 CET49742443192.168.2.423.197.127.21
                                                                                                                                                                                                            Feb 14, 2025 06:32:13.596719027 CET49742443192.168.2.423.197.127.21
                                                                                                                                                                                                            Feb 14, 2025 06:32:13.596719027 CET49742443192.168.2.423.197.127.21
                                                                                                                                                                                                            Feb 14, 2025 06:32:13.596797943 CET4434974223.197.127.21192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:32:13.596868038 CET49742443192.168.2.423.197.127.21
                                                                                                                                                                                                            Feb 14, 2025 06:32:13.683892012 CET4434974223.197.127.21192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:32:13.683948040 CET4434974223.197.127.21192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:32:13.684132099 CET49742443192.168.2.423.197.127.21
                                                                                                                                                                                                            Feb 14, 2025 06:32:13.684133053 CET49742443192.168.2.423.197.127.21
                                                                                                                                                                                                            Feb 14, 2025 06:32:13.684204102 CET4434974223.197.127.21192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:32:13.684441090 CET49742443192.168.2.423.197.127.21
                                                                                                                                                                                                            Feb 14, 2025 06:32:13.698874950 CET4434974223.197.127.21192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:32:13.698915958 CET4434974223.197.127.21192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:32:13.698956966 CET4434974223.197.127.21192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:32:13.699081898 CET4434974223.197.127.21192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:32:13.699292898 CET49742443192.168.2.423.197.127.21
                                                                                                                                                                                                            Feb 14, 2025 06:32:13.699292898 CET49742443192.168.2.423.197.127.21
                                                                                                                                                                                                            Feb 14, 2025 06:32:13.699517965 CET49742443192.168.2.423.197.127.21
                                                                                                                                                                                                            Feb 14, 2025 06:32:13.699563980 CET4434974223.197.127.21192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:32:13.712239027 CET49753443192.168.2.495.216.180.186
                                                                                                                                                                                                            Feb 14, 2025 06:32:13.712289095 CET4434975395.216.180.186192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:32:13.712368965 CET49753443192.168.2.495.216.180.186
                                                                                                                                                                                                            Feb 14, 2025 06:32:13.712658882 CET49753443192.168.2.495.216.180.186
                                                                                                                                                                                                            Feb 14, 2025 06:32:13.712678909 CET4434975395.216.180.186192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:32:22.699345112 CET4972480192.168.2.4199.232.214.172
                                                                                                                                                                                                            Feb 14, 2025 06:32:22.704338074 CET8049724199.232.214.172192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:32:22.704510927 CET4972480192.168.2.4199.232.214.172
                                                                                                                                                                                                            Feb 14, 2025 06:32:45.777565002 CET49753443192.168.2.495.216.180.186
                                                                                                                                                                                                            Feb 14, 2025 06:32:45.778886080 CET49959443192.168.2.4149.154.167.99
                                                                                                                                                                                                            Feb 14, 2025 06:32:45.778932095 CET44349959149.154.167.99192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:32:45.779000998 CET49959443192.168.2.4149.154.167.99
                                                                                                                                                                                                            Feb 14, 2025 06:32:45.779339075 CET49959443192.168.2.4149.154.167.99
                                                                                                                                                                                                            Feb 14, 2025 06:32:45.779360056 CET44349959149.154.167.99192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:32:46.412554979 CET44349959149.154.167.99192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:32:46.412638903 CET49959443192.168.2.4149.154.167.99
                                                                                                                                                                                                            Feb 14, 2025 06:32:46.413134098 CET49959443192.168.2.4149.154.167.99
                                                                                                                                                                                                            Feb 14, 2025 06:32:46.413144112 CET44349959149.154.167.99192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:32:46.414747000 CET49959443192.168.2.4149.154.167.99
                                                                                                                                                                                                            Feb 14, 2025 06:32:46.414757013 CET44349959149.154.167.99192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:32:46.689749002 CET44349959149.154.167.99192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:32:46.689784050 CET44349959149.154.167.99192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:32:46.689825058 CET49959443192.168.2.4149.154.167.99
                                                                                                                                                                                                            Feb 14, 2025 06:32:46.689841986 CET44349959149.154.167.99192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:32:46.689853907 CET49959443192.168.2.4149.154.167.99
                                                                                                                                                                                                            Feb 14, 2025 06:32:46.689857006 CET44349959149.154.167.99192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:32:46.689891100 CET49959443192.168.2.4149.154.167.99
                                                                                                                                                                                                            Feb 14, 2025 06:32:46.689910889 CET49959443192.168.2.4149.154.167.99
                                                                                                                                                                                                            Feb 14, 2025 06:32:46.690110922 CET49959443192.168.2.4149.154.167.99
                                                                                                                                                                                                            Feb 14, 2025 06:32:46.690124989 CET44349959149.154.167.99192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:32:48.833312035 CET49980443192.168.2.423.197.127.21
                                                                                                                                                                                                            Feb 14, 2025 06:32:48.833381891 CET4434998023.197.127.21192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:32:48.833466053 CET49980443192.168.2.423.197.127.21
                                                                                                                                                                                                            Feb 14, 2025 06:32:48.833679914 CET49980443192.168.2.423.197.127.21
                                                                                                                                                                                                            Feb 14, 2025 06:32:48.833694935 CET4434998023.197.127.21192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:32:49.458424091 CET4434998023.197.127.21192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:32:49.458489895 CET49980443192.168.2.423.197.127.21
                                                                                                                                                                                                            Feb 14, 2025 06:32:49.459130049 CET49980443192.168.2.423.197.127.21
                                                                                                                                                                                                            Feb 14, 2025 06:32:49.459144115 CET4434998023.197.127.21192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:32:49.461087942 CET49980443192.168.2.423.197.127.21
                                                                                                                                                                                                            Feb 14, 2025 06:32:49.461097956 CET4434998023.197.127.21192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:32:49.937773943 CET4434998023.197.127.21192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:32:49.937802076 CET4434998023.197.127.21192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:32:49.937868118 CET49980443192.168.2.423.197.127.21
                                                                                                                                                                                                            Feb 14, 2025 06:32:49.937884092 CET4434998023.197.127.21192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:32:49.937958956 CET4434998023.197.127.21192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:32:49.937989950 CET49980443192.168.2.423.197.127.21
                                                                                                                                                                                                            Feb 14, 2025 06:32:49.937989950 CET49980443192.168.2.423.197.127.21
                                                                                                                                                                                                            Feb 14, 2025 06:32:49.938025951 CET49980443192.168.2.423.197.127.21
                                                                                                                                                                                                            Feb 14, 2025 06:32:50.020287037 CET4434998023.197.127.21192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:32:50.020368099 CET49980443192.168.2.423.197.127.21
                                                                                                                                                                                                            Feb 14, 2025 06:32:50.020381927 CET4434998023.197.127.21192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:32:50.020427942 CET4434998023.197.127.21192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:32:50.020453930 CET4434998023.197.127.21192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:32:50.020458937 CET49980443192.168.2.423.197.127.21
                                                                                                                                                                                                            Feb 14, 2025 06:32:50.020486116 CET49980443192.168.2.423.197.127.21
                                                                                                                                                                                                            Feb 14, 2025 06:32:50.020507097 CET49980443192.168.2.423.197.127.21
                                                                                                                                                                                                            Feb 14, 2025 06:32:50.020792007 CET49980443192.168.2.423.197.127.21
                                                                                                                                                                                                            Feb 14, 2025 06:32:50.020821095 CET4434998023.197.127.21192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:32:50.033718109 CET49990443192.168.2.4149.154.167.99
                                                                                                                                                                                                            Feb 14, 2025 06:32:50.033803940 CET44349990149.154.167.99192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:32:50.033876896 CET49990443192.168.2.4149.154.167.99
                                                                                                                                                                                                            Feb 14, 2025 06:32:50.034105062 CET49990443192.168.2.4149.154.167.99
                                                                                                                                                                                                            Feb 14, 2025 06:32:50.034140110 CET44349990149.154.167.99192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:32:50.651681900 CET44349990149.154.167.99192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:32:50.651765108 CET49990443192.168.2.4149.154.167.99
                                                                                                                                                                                                            Feb 14, 2025 06:32:50.658221960 CET49990443192.168.2.4149.154.167.99
                                                                                                                                                                                                            Feb 14, 2025 06:32:50.658246040 CET44349990149.154.167.99192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:32:50.660505056 CET49990443192.168.2.4149.154.167.99
                                                                                                                                                                                                            Feb 14, 2025 06:32:50.660517931 CET44349990149.154.167.99192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:32:50.906507015 CET44349990149.154.167.99192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:32:50.906550884 CET44349990149.154.167.99192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:32:50.906584978 CET44349990149.154.167.99192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:32:50.906658888 CET44349990149.154.167.99192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:32:50.906686068 CET49990443192.168.2.4149.154.167.99
                                                                                                                                                                                                            Feb 14, 2025 06:32:50.906728029 CET49990443192.168.2.4149.154.167.99
                                                                                                                                                                                                            Feb 14, 2025 06:32:50.920315027 CET49990443192.168.2.4149.154.167.99
                                                                                                                                                                                                            Feb 14, 2025 06:32:50.920355082 CET44349990149.154.167.99192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:32:51.942239046 CET5725553192.168.2.41.1.1.1
                                                                                                                                                                                                            Feb 14, 2025 06:32:51.947156906 CET53572551.1.1.1192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:32:51.947263002 CET5725553192.168.2.41.1.1.1
                                                                                                                                                                                                            Feb 14, 2025 06:32:51.947263002 CET5725553192.168.2.41.1.1.1
                                                                                                                                                                                                            Feb 14, 2025 06:32:51.952156067 CET53572551.1.1.1192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:32:53.765440941 CET53572551.1.1.1192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:32:53.769421101 CET5725553192.168.2.41.1.1.1
                                                                                                                                                                                                            Feb 14, 2025 06:32:53.774445057 CET53572551.1.1.1192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:32:53.774504900 CET5725553192.168.2.41.1.1.1
                                                                                                                                                                                                            Feb 14, 2025 06:32:53.872117996 CET57267443192.168.2.4149.154.167.99
                                                                                                                                                                                                            Feb 14, 2025 06:32:53.872195959 CET44357267149.154.167.99192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:32:53.872277975 CET57267443192.168.2.4149.154.167.99
                                                                                                                                                                                                            Feb 14, 2025 06:32:53.872525930 CET57267443192.168.2.4149.154.167.99
                                                                                                                                                                                                            Feb 14, 2025 06:32:53.872559071 CET44357267149.154.167.99192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:32:54.482054949 CET44357267149.154.167.99192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:32:54.482131004 CET57267443192.168.2.4149.154.167.99
                                                                                                                                                                                                            Feb 14, 2025 06:32:54.482597113 CET57267443192.168.2.4149.154.167.99
                                                                                                                                                                                                            Feb 14, 2025 06:32:54.482625961 CET44357267149.154.167.99192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:32:54.484373093 CET57267443192.168.2.4149.154.167.99
                                                                                                                                                                                                            Feb 14, 2025 06:32:54.484385014 CET44357267149.154.167.99192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:32:54.762171030 CET44357267149.154.167.99192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:32:54.762208939 CET44357267149.154.167.99192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:32:54.762237072 CET44357267149.154.167.99192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:32:54.762257099 CET57267443192.168.2.4149.154.167.99
                                                                                                                                                                                                            Feb 14, 2025 06:32:54.762300014 CET44357267149.154.167.99192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:32:54.762332916 CET44357267149.154.167.99192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:32:54.762339115 CET57267443192.168.2.4149.154.167.99
                                                                                                                                                                                                            Feb 14, 2025 06:32:54.762339115 CET57267443192.168.2.4149.154.167.99
                                                                                                                                                                                                            Feb 14, 2025 06:32:54.762340069 CET57267443192.168.2.4149.154.167.99
                                                                                                                                                                                                            Feb 14, 2025 06:32:54.762370110 CET57267443192.168.2.4149.154.167.99
                                                                                                                                                                                                            Feb 14, 2025 06:32:54.762670040 CET57267443192.168.2.4149.154.167.99
                                                                                                                                                                                                            Feb 14, 2025 06:32:54.762691975 CET44357267149.154.167.99192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:32:56.888237953 CET57268443192.168.2.423.197.127.21
                                                                                                                                                                                                            Feb 14, 2025 06:32:56.888339043 CET4435726823.197.127.21192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:32:56.888417959 CET57268443192.168.2.423.197.127.21
                                                                                                                                                                                                            Feb 14, 2025 06:32:56.888657093 CET57268443192.168.2.423.197.127.21
                                                                                                                                                                                                            Feb 14, 2025 06:32:56.888691902 CET4435726823.197.127.21192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:32:57.518799067 CET4435726823.197.127.21192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:32:57.518893957 CET57268443192.168.2.423.197.127.21
                                                                                                                                                                                                            Feb 14, 2025 06:32:57.519504070 CET57268443192.168.2.423.197.127.21
                                                                                                                                                                                                            Feb 14, 2025 06:32:57.519539118 CET4435726823.197.127.21192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:32:57.521006107 CET57268443192.168.2.423.197.127.21
                                                                                                                                                                                                            Feb 14, 2025 06:32:57.521027088 CET4435726823.197.127.21192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:32:57.991866112 CET4435726823.197.127.21192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:32:57.991929054 CET4435726823.197.127.21192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:32:57.991976023 CET4435726823.197.127.21192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:32:57.992010117 CET57268443192.168.2.423.197.127.21
                                                                                                                                                                                                            Feb 14, 2025 06:32:57.992053032 CET4435726823.197.127.21192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:32:57.992078066 CET57268443192.168.2.423.197.127.21
                                                                                                                                                                                                            Feb 14, 2025 06:32:57.992100000 CET57268443192.168.2.423.197.127.21
                                                                                                                                                                                                            Feb 14, 2025 06:32:58.074240923 CET4435726823.197.127.21192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:32:58.074301958 CET4435726823.197.127.21192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:32:58.074405909 CET57268443192.168.2.423.197.127.21
                                                                                                                                                                                                            Feb 14, 2025 06:32:58.074450970 CET4435726823.197.127.21192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:32:58.074469090 CET57268443192.168.2.423.197.127.21
                                                                                                                                                                                                            Feb 14, 2025 06:32:58.074491024 CET57268443192.168.2.423.197.127.21
                                                                                                                                                                                                            Feb 14, 2025 06:32:58.089390993 CET4435726823.197.127.21192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:32:58.089451075 CET4435726823.197.127.21192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:32:58.089507103 CET4435726823.197.127.21192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:32:58.089519978 CET57268443192.168.2.423.197.127.21
                                                                                                                                                                                                            Feb 14, 2025 06:32:58.089560986 CET57268443192.168.2.423.197.127.21
                                                                                                                                                                                                            Feb 14, 2025 06:32:58.090167046 CET57268443192.168.2.423.197.127.21
                                                                                                                                                                                                            Feb 14, 2025 06:32:58.090194941 CET4435726823.197.127.21192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:32:58.096951008 CET57269443192.168.2.495.216.180.186
                                                                                                                                                                                                            Feb 14, 2025 06:32:58.097007990 CET4435726995.216.180.186192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:32:58.097103119 CET57269443192.168.2.495.216.180.186
                                                                                                                                                                                                            Feb 14, 2025 06:32:58.097831011 CET57269443192.168.2.495.216.180.186
                                                                                                                                                                                                            Feb 14, 2025 06:32:58.097850084 CET4435726995.216.180.186192.168.2.4

                                                                                                                                                                                                            UDP Packets

                                                                                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                            Feb 14, 2025 06:31:33.951915979 CET6330953192.168.2.41.1.1.1
                                                                                                                                                                                                            Feb 14, 2025 06:31:33.961040974 CET53633091.1.1.1192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:31:34.868041992 CET6533053192.168.2.41.1.1.1
                                                                                                                                                                                                            Feb 14, 2025 06:31:35.855468035 CET6533053192.168.2.41.1.1.1
                                                                                                                                                                                                            Feb 14, 2025 06:31:36.461462021 CET53653301.1.1.1192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:31:36.461482048 CET53653301.1.1.1192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:31:36.465002060 CET6361053192.168.2.41.1.1.1
                                                                                                                                                                                                            Feb 14, 2025 06:31:36.473109007 CET53636101.1.1.1192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:32:10.701705933 CET6375553192.168.2.41.1.1.1
                                                                                                                                                                                                            Feb 14, 2025 06:32:11.699472904 CET6375553192.168.2.41.1.1.1
                                                                                                                                                                                                            Feb 14, 2025 06:32:12.483704090 CET53637551.1.1.1192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:32:12.483719110 CET53637551.1.1.1192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:32:46.691513062 CET5495953192.168.2.41.1.1.1
                                                                                                                                                                                                            Feb 14, 2025 06:32:47.723120928 CET5495953192.168.2.41.1.1.1
                                                                                                                                                                                                            Feb 14, 2025 06:32:48.730654001 CET5495953192.168.2.41.1.1.1
                                                                                                                                                                                                            Feb 14, 2025 06:32:48.831423998 CET53549591.1.1.1192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:32:48.831444025 CET53549591.1.1.1192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:32:48.831454992 CET53549591.1.1.1192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:32:50.938199997 CET6428953192.168.2.41.1.1.1
                                                                                                                                                                                                            Feb 14, 2025 06:32:51.933979034 CET6428953192.168.2.41.1.1.1
                                                                                                                                                                                                            Feb 14, 2025 06:32:51.940685987 CET53642891.1.1.1192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:32:52.685945988 CET53642891.1.1.1192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:32:54.763963938 CET6157953192.168.2.41.1.1.1
                                                                                                                                                                                                            Feb 14, 2025 06:32:55.777564049 CET6157953192.168.2.41.1.1.1
                                                                                                                                                                                                            Feb 14, 2025 06:32:56.777656078 CET6157953192.168.2.41.1.1.1
                                                                                                                                                                                                            Feb 14, 2025 06:32:56.886151075 CET53615791.1.1.1192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:32:56.886168957 CET53615791.1.1.1192.168.2.4
                                                                                                                                                                                                            Feb 14, 2025 06:32:56.886177063 CET53615791.1.1.1192.168.2.4

                                                                                                                                                                                                            DNS Queries

                                                                                                                                                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                            Feb 14, 2025 06:31:33.951915979 CET192.168.2.41.1.1.10x1c30Standard query (0)t.meA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Feb 14, 2025 06:31:34.868041992 CET192.168.2.41.1.1.10xecf7Standard query (0)opbafindi.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Feb 14, 2025 06:31:35.855468035 CET192.168.2.41.1.1.10xecf7Standard query (0)opbafindi.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Feb 14, 2025 06:31:36.465002060 CET192.168.2.41.1.1.10xa8a2Standard query (0)steamcommunity.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Feb 14, 2025 06:32:10.701705933 CET192.168.2.41.1.1.10xc50aStandard query (0)opbafindi.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Feb 14, 2025 06:32:11.699472904 CET192.168.2.41.1.1.10xc50aStandard query (0)opbafindi.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Feb 14, 2025 06:32:46.691513062 CET192.168.2.41.1.1.10xaccaStandard query (0)opbafindi.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Feb 14, 2025 06:32:47.723120928 CET192.168.2.41.1.1.10xaccaStandard query (0)opbafindi.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Feb 14, 2025 06:32:48.730654001 CET192.168.2.41.1.1.10xaccaStandard query (0)opbafindi.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Feb 14, 2025 06:32:50.938199997 CET192.168.2.41.1.1.10xbd6Standard query (0)opbafindi.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Feb 14, 2025 06:32:51.933979034 CET192.168.2.41.1.1.10xbd6Standard query (0)opbafindi.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Feb 14, 2025 06:32:51.947263002 CET192.168.2.41.1.1.10x1Standard query (0)opbafindi.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Feb 14, 2025 06:32:54.763963938 CET192.168.2.41.1.1.10xbb3Standard query (0)opbafindi.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Feb 14, 2025 06:32:55.777564049 CET192.168.2.41.1.1.10xbb3Standard query (0)opbafindi.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Feb 14, 2025 06:32:56.777656078 CET192.168.2.41.1.1.10xbb3Standard query (0)opbafindi.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                            DNS Answers

                                                                                                                                                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                            Feb 14, 2025 06:31:33.961040974 CET1.1.1.1192.168.2.40x1c30No error (0)t.me149.154.167.99A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Feb 14, 2025 06:31:36.461462021 CET1.1.1.1192.168.2.40xecf7Server failure (2)opbafindi.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Feb 14, 2025 06:31:36.461482048 CET1.1.1.1192.168.2.40xecf7Server failure (2)opbafindi.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Feb 14, 2025 06:31:36.473109007 CET1.1.1.1192.168.2.40xa8a2No error (0)steamcommunity.com23.197.127.21A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Feb 14, 2025 06:31:37.145186901 CET1.1.1.1192.168.2.40xb207No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Feb 14, 2025 06:31:37.145186901 CET1.1.1.1192.168.2.40xb207No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Feb 14, 2025 06:32:11.568990946 CET1.1.1.1192.168.2.40x3f48No error (0)shed.dual-low.s-part-0017.t-0009.t-msedge.nets-part-0017.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                            Feb 14, 2025 06:32:11.568990946 CET1.1.1.1192.168.2.40x3f48No error (0)s-part-0017.t-0009.t-msedge.net13.107.246.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Feb 14, 2025 06:32:12.483704090 CET1.1.1.1192.168.2.40xc50aServer failure (2)opbafindi.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Feb 14, 2025 06:32:12.483719110 CET1.1.1.1192.168.2.40xc50aServer failure (2)opbafindi.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Feb 14, 2025 06:32:48.831423998 CET1.1.1.1192.168.2.40xaccaServer failure (2)opbafindi.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Feb 14, 2025 06:32:48.831444025 CET1.1.1.1192.168.2.40xaccaServer failure (2)opbafindi.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Feb 14, 2025 06:32:48.831454992 CET1.1.1.1192.168.2.40xaccaServer failure (2)opbafindi.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Feb 14, 2025 06:32:52.685945988 CET1.1.1.1192.168.2.40xbd6Server failure (2)opbafindi.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Feb 14, 2025 06:32:53.765440941 CET1.1.1.1192.168.2.40x1Server failure (2)opbafindi.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Feb 14, 2025 06:32:56.886151075 CET1.1.1.1192.168.2.40xbb3Server failure (2)opbafindi.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Feb 14, 2025 06:32:56.886168957 CET1.1.1.1192.168.2.40xbb3Server failure (2)opbafindi.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Feb 14, 2025 06:32:56.886177063 CET1.1.1.1192.168.2.40xbb3Server failure (2)opbafindi.comnonenoneA (IP address)IN (0x0001)false

                                                                                                                                                                                                            HTTP Request Dependency Graph

                                                                                                                                                                                                            • t.me
                                                                                                                                                                                                            • steamcommunity.com

                                                                                                                                                                                                            HTTPS Proxied Packets

                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            0192.168.2.449731149.154.167.994437504C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            2025-02-14 05:31:34 UTC86OUTGET /sok33tn HTTP/1.1
                                                                                                                                                                                                            Host: t.me
                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                            2025-02-14 05:31:34 UTC512INHTTP/1.1 200 OK
                                                                                                                                                                                                            Server: nginx/1.18.0
                                                                                                                                                                                                            Date: Fri, 14 Feb 2025 05:31:34 GMT
                                                                                                                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                            Content-Length: 12329
                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                            Set-Cookie: stel_ssid=7a0ba467f1b792a039_14834849593679827492; expires=Sat, 15 Feb 2025 05:31:34 GMT; path=/; samesite=None; secure; HttpOnly
                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                            Cache-control: no-store
                                                                                                                                                                                                            X-Frame-Options: ALLOW-FROM https://web.telegram.org
                                                                                                                                                                                                            Content-Security-Policy: frame-ancestors https://web.telegram.org
                                                                                                                                                                                                            Strict-Transport-Security: max-age=35768000
                                                                                                                                                                                                            2025-02-14 05:31:34 UTC12329INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 54 65 6c 65 67 72 61 6d 3a 20 43 6f 6e 74 61 63 74 20 40 73 6f 6b 33 33 74 6e 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 74 72 79 7b 69 66 28 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 21 3d 6e 75 6c 6c 26 26 77 69 6e 64 6f 77 21 3d 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 29 7b 77 69 6e 64 6f 77 2e 70 61 72 65 6e
                                                                                                                                                                                                            Data Ascii: <!DOCTYPE html><html> <head> <meta charset="utf-8"> <title>Telegram: Contact @sok33tn</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <script>try{if(window.parent!=null&&window!=window.parent){window.paren


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            1192.168.2.44973323.197.127.214437504C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            2025-02-14 05:31:37 UTC119OUTGET /profiles/76561199824159981 HTTP/1.1
                                                                                                                                                                                                            Host: steamcommunity.com
                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                            2025-02-14 05:31:37 UTC1974INHTTP/1.1 200 OK
                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                            Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https:// [TRUNCATED]
                                                                                                                                                                                                            Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                            Date: Fri, 14 Feb 2025 05:31:37 GMT
                                                                                                                                                                                                            Content-Length: 35607
                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                            Set-Cookie: sessionid=c0ba4388df99ed39a956e62f; Path=/; Secure; SameSite=None
                                                                                                                                                                                                            Set-Cookie: steamCountry=US%7C185ce35c568ebbb18a145d0cabae7186; path=/; secure; HttpOnly; SameSite=None
                                                                                                                                                                                                            2025-02-14 05:31:37 UTC14410INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 20 44 65 73 6b 74 6f 70 55 49 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e
                                                                                                                                                                                                            Data Ascii: <!DOCTYPE html><html class=" responsive DesktopUI" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21">
                                                                                                                                                                                                            2025-02-14 05:31:37 UTC10166INData Raw: 74 74 70 73 3a 2f 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 2e 63 6f 6d 2f 64 69 73 63 75 73 73 69 6f 6e 73 2f 22 3e 0a 09 09 09 09 09 09 44 69 73 63 75 73 73 69 6f 6e 73 09 09 09 09 09 09 09 09 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 73 75 62 6d 65 6e 75 69 74 65 6d 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 2e 63 6f 6d 2f 77 6f 72 6b 73 68 6f 70 2f 22 3e 0a 09 09 09 09 09 09 57 6f 72 6b 73 68 6f 70 09 09 09 09 09 09 09 09 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 73 75 62 6d 65 6e 75 69 74 65 6d 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 2e 63 6f 6d
                                                                                                                                                                                                            Data Ascii: ttps://steamcommunity.com/discussions/">Discussions</a><a class="submenuitem" href="https://steamcommunity.com/workshop/">Workshop</a><a class="submenuitem" href="https://steamcommunity.com
                                                                                                                                                                                                            2025-02-14 05:31:37 UTC11031INData Raw: 26 71 75 6f 74 3b 42 41 53 45 5f 55 52 4c 5f 53 48 41 52 45 44 5f 43 44 4e 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 74 74 70 73 3a 5c 2f 5c 2f 73 68 61 72 65 64 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 73 74 65 61 6d 73 74 61 74 69 63 2e 63 6f 6d 5c 2f 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 43 4c 41 4e 5f 43 44 4e 5f 41 53 53 45 54 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 74 74 70 73 3a 5c 2f 5c 2f 63 6c 61 6e 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 73 74 65 61 6d 73 74 61 74 69 63 2e 63 6f 6d 5c 2f 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 53 4e 52 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 32 5f 31 30 30 33 30 30 5f 70 72 6f 66 69 6c 65 5f 26 71 75 6f 74 3b 7d 22 0a 09 09 20 64 61 74 61 2d 75 73 65 72 69 6e 66 6f 3d 22 5b 5d 22 3e 0a 09 3c 2f 64 69 76 3e
                                                                                                                                                                                                            Data Ascii: &quot;BASE_URL_SHARED_CDN&quot;:&quot;https:\/\/shared.cloudflare.steamstatic.com\/&quot;,&quot;CLAN_CDN_ASSET_URL&quot;:&quot;https:\/\/clan.cloudflare.steamstatic.com\/&quot;,&quot;SNR&quot;:&quot;2_100300_profile_&quot;}" data-userinfo="[]"></div>


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            2192.168.2.449740149.154.167.994437504C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            2025-02-14 05:32:10 UTC145OUTGET /sok33tn HTTP/1.1
                                                                                                                                                                                                            Host: t.me
                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                            Cookie: stel_ssid=7a0ba467f1b792a039_14834849593679827492
                                                                                                                                                                                                            2025-02-14 05:32:10 UTC369INHTTP/1.1 200 OK
                                                                                                                                                                                                            Server: nginx/1.18.0
                                                                                                                                                                                                            Date: Fri, 14 Feb 2025 05:32:10 GMT
                                                                                                                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                            Content-Length: 12329
                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                            Cache-control: no-store
                                                                                                                                                                                                            X-Frame-Options: ALLOW-FROM https://web.telegram.org
                                                                                                                                                                                                            Content-Security-Policy: frame-ancestors https://web.telegram.org
                                                                                                                                                                                                            Strict-Transport-Security: max-age=35768000
                                                                                                                                                                                                            2025-02-14 05:32:10 UTC12329INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 54 65 6c 65 67 72 61 6d 3a 20 43 6f 6e 74 61 63 74 20 40 73 6f 6b 33 33 74 6e 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 74 72 79 7b 69 66 28 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 21 3d 6e 75 6c 6c 26 26 77 69 6e 64 6f 77 21 3d 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 29 7b 77 69 6e 64 6f 77 2e 70 61 72 65 6e
                                                                                                                                                                                                            Data Ascii: <!DOCTYPE html><html> <head> <meta charset="utf-8"> <title>Telegram: Contact @sok33tn</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <script>try{if(window.parent!=null&&window!=window.parent){window.paren


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            3192.168.2.44974223.197.127.214437504C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            2025-02-14 05:32:13 UTC215OUTGET /profiles/76561199824159981 HTTP/1.1
                                                                                                                                                                                                            Host: steamcommunity.com
                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                            Cookie: sessionid=c0ba4388df99ed39a956e62f; steamCountry=US%7C185ce35c568ebbb18a145d0cabae7186
                                                                                                                                                                                                            2025-02-14 05:32:13 UTC1790INHTTP/1.1 200 OK
                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                            Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https:// [TRUNCATED]
                                                                                                                                                                                                            Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                            Date: Fri, 14 Feb 2025 05:32:13 GMT
                                                                                                                                                                                                            Content-Length: 35607
                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                            2025-02-14 05:32:13 UTC14594INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 20 44 65 73 6b 74 6f 70 55 49 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e
                                                                                                                                                                                                            Data Ascii: <!DOCTYPE html><html class=" responsive DesktopUI" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21">
                                                                                                                                                                                                            2025-02-14 05:32:13 UTC9982INData Raw: 3e 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 73 75 62 6d 65 6e 75 69 74 65 6d 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 2e 63 6f 6d 2f 6d 61 72 6b 65 74 2f 22 3e 0a 09 09 09 09 09 09 4d 61 72 6b 65 74 09 09 09 09 09 09 09 09 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 73 75 62 6d 65 6e 75 69 74 65 6d 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 2e 63 6f 6d 2f 3f 73 75 62 73 65 63 74 69 6f 6e 3d 62 72 6f 61 64 63 61 73 74 73 22 3e 0a 09 09 09 09 09 09 42 72 6f 61 64 63 61 73 74 73 09 09 09 09 09 09 09 09 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09
                                                                                                                                                                                                            Data Ascii: ><a class="submenuitem" href="https://steamcommunity.com/market/">Market</a><a class="submenuitem" href="https://steamcommunity.com/?subsection=broadcasts">Broadcasts</a></div>
                                                                                                                                                                                                            2025-02-14 05:32:13 UTC11031INData Raw: 26 71 75 6f 74 3b 42 41 53 45 5f 55 52 4c 5f 53 48 41 52 45 44 5f 43 44 4e 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 74 74 70 73 3a 5c 2f 5c 2f 73 68 61 72 65 64 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 73 74 65 61 6d 73 74 61 74 69 63 2e 63 6f 6d 5c 2f 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 43 4c 41 4e 5f 43 44 4e 5f 41 53 53 45 54 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 74 74 70 73 3a 5c 2f 5c 2f 63 6c 61 6e 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 73 74 65 61 6d 73 74 61 74 69 63 2e 63 6f 6d 5c 2f 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 53 4e 52 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 32 5f 31 30 30 33 30 30 5f 70 72 6f 66 69 6c 65 5f 26 71 75 6f 74 3b 7d 22 0a 09 09 20 64 61 74 61 2d 75 73 65 72 69 6e 66 6f 3d 22 5b 5d 22 3e 0a 09 3c 2f 64 69 76 3e
                                                                                                                                                                                                            Data Ascii: &quot;BASE_URL_SHARED_CDN&quot;:&quot;https:\/\/shared.cloudflare.steamstatic.com\/&quot;,&quot;CLAN_CDN_ASSET_URL&quot;:&quot;https:\/\/clan.cloudflare.steamstatic.com\/&quot;,&quot;SNR&quot;:&quot;2_100300_profile_&quot;}" data-userinfo="[]"></div>


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            4192.168.2.449959149.154.167.994437504C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            2025-02-14 05:32:46 UTC145OUTGET /sok33tn HTTP/1.1
                                                                                                                                                                                                            Host: t.me
                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                            Cookie: stel_ssid=7a0ba467f1b792a039_14834849593679827492
                                                                                                                                                                                                            2025-02-14 05:32:46 UTC369INHTTP/1.1 200 OK
                                                                                                                                                                                                            Server: nginx/1.18.0
                                                                                                                                                                                                            Date: Fri, 14 Feb 2025 05:32:46 GMT
                                                                                                                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                            Content-Length: 12328
                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                            Cache-control: no-store
                                                                                                                                                                                                            X-Frame-Options: ALLOW-FROM https://web.telegram.org
                                                                                                                                                                                                            Content-Security-Policy: frame-ancestors https://web.telegram.org
                                                                                                                                                                                                            Strict-Transport-Security: max-age=35768000
                                                                                                                                                                                                            2025-02-14 05:32:46 UTC12328INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 54 65 6c 65 67 72 61 6d 3a 20 43 6f 6e 74 61 63 74 20 40 73 6f 6b 33 33 74 6e 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 74 72 79 7b 69 66 28 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 21 3d 6e 75 6c 6c 26 26 77 69 6e 64 6f 77 21 3d 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 29 7b 77 69 6e 64 6f 77 2e 70 61 72 65 6e
                                                                                                                                                                                                            Data Ascii: <!DOCTYPE html><html> <head> <meta charset="utf-8"> <title>Telegram: Contact @sok33tn</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <script>try{if(window.parent!=null&&window!=window.parent){window.paren


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            5192.168.2.44998023.197.127.214437504C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            2025-02-14 05:32:49 UTC215OUTGET /profiles/76561199824159981 HTTP/1.1
                                                                                                                                                                                                            Host: steamcommunity.com
                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                            Cookie: sessionid=c0ba4388df99ed39a956e62f; steamCountry=US%7C185ce35c568ebbb18a145d0cabae7186
                                                                                                                                                                                                            2025-02-14 05:32:49 UTC1790INHTTP/1.1 200 OK
                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                            Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https:// [TRUNCATED]
                                                                                                                                                                                                            Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                            Date: Fri, 14 Feb 2025 05:32:49 GMT
                                                                                                                                                                                                            Content-Length: 25927
                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                            2025-02-14 05:32:49 UTC14594INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 20 44 65 73 6b 74 6f 70 55 49 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e
                                                                                                                                                                                                            Data Ascii: <!DOCTYPE html><html class=" responsive DesktopUI" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21">
                                                                                                                                                                                                            2025-02-14 05:32:50 UTC9982INData Raw: 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 70 6f 70 75 70 5f 6d 65 6e 75 5f 69 74 65 6d 20 74 69 67 68 74 22 20 68 72 65 66 3d 22 3f 6c 3d 6b 6f 72 65 61 6e 61 22 20 6f 6e 63 6c 69 63 6b 3d 22 43 68 61 6e 67 65 4c 61 6e 67 75 61 67 65 28 20 27 6b 6f 72 65 61 6e 61 27 20 29 3b 20 72 65 74 75 72 6e 20 66 61 6c 73 65 3b 22 3e ed 95 9c ea b5 ad ec 96 b4 20 28 4b 6f 72 65 61 6e 29 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 70 6f 70 75 70 5f 6d 65 6e 75 5f 69 74 65 6d 20 74 69 67 68 74 22 20 68 72 65 66 3d 22 3f 6c 3d 74 68 61 69 22 20 6f 6e 63 6c 69 63 6b 3d 22 43 68 61 6e 67 65 4c 61 6e 67 75 61 67 65 28 20 27 74 68 61 69 27 20 29 3b 20 72 65 74 75 72 6e 20 66 61 6c 73 65
                                                                                                                                                                                                            Data Ascii: <a class="popup_menu_item tight" href="?l=koreana" onclick="ChangeLanguage( 'koreana' ); return false;"> (Korean)</a><a class="popup_menu_item tight" href="?l=thai" onclick="ChangeLanguage( 'thai' ); return false
                                                                                                                                                                                                            2025-02-14 05:32:50 UTC1351INData Raw: 74 70 73 3a 2f 2f 63 6f 6d 6d 75 6e 69 74 79 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 73 74 65 61 6d 73 74 61 74 69 63 2e 63 6f 6d 2f 70 75 62 6c 69 63 2f 69 6d 61 67 65 73 2f 73 6b 69 6e 5f 31 2f 66 6f 6f 74 65 72 4c 6f 67 6f 5f 76 61 6c 76 65 2e 70 6e 67 3f 76 3d 31 22 20 77 69 64 74 68 3d 22 39 36 22 20 68 65 69 67 68 74 3d 22 32 36 22 20 62 6f 72 64 65 72 3d 22 30 22 20 61 6c 74 3d 22 56 61 6c 76 65 20 4c 6f 67 6f 22 20 2f 3e 3c 2f 73 70 61 6e 3e 0a 09 09 09 09 3c 73 70 61 6e 20 69 64 3d 22 66 6f 6f 74 65 72 54 65 78 74 22 3e 0a 09 09 09 09 09 26 63 6f 70 79 3b 20 56 61 6c 76 65 20 43 6f 72 70 6f 72 61 74 69 6f 6e 2e 20 41 6c 6c 20 72 69 67 68 74 73 20 72 65 73 65 72 76 65 64 2e 20 41 6c 6c 20 74 72 61 64 65 6d 61 72 6b 73 20 61 72 65 20 70 72 6f 70 65 72
                                                                                                                                                                                                            Data Ascii: tps://community.cloudflare.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1" width="96" height="26" border="0" alt="Valve Logo" /></span><span id="footerText">&copy; Valve Corporation. All rights reserved. All trademarks are proper


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            6192.168.2.449990149.154.167.994437504C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            2025-02-14 05:32:50 UTC145OUTGET /sok33tn HTTP/1.1
                                                                                                                                                                                                            Host: t.me
                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                            Cookie: stel_ssid=7a0ba467f1b792a039_14834849593679827492
                                                                                                                                                                                                            2025-02-14 05:32:50 UTC369INHTTP/1.1 200 OK
                                                                                                                                                                                                            Server: nginx/1.18.0
                                                                                                                                                                                                            Date: Fri, 14 Feb 2025 05:32:50 GMT
                                                                                                                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                            Content-Length: 12328
                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                            Cache-control: no-store
                                                                                                                                                                                                            X-Frame-Options: ALLOW-FROM https://web.telegram.org
                                                                                                                                                                                                            Content-Security-Policy: frame-ancestors https://web.telegram.org
                                                                                                                                                                                                            Strict-Transport-Security: max-age=35768000
                                                                                                                                                                                                            2025-02-14 05:32:50 UTC12328INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 54 65 6c 65 67 72 61 6d 3a 20 43 6f 6e 74 61 63 74 20 40 73 6f 6b 33 33 74 6e 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 74 72 79 7b 69 66 28 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 21 3d 6e 75 6c 6c 26 26 77 69 6e 64 6f 77 21 3d 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 29 7b 77 69 6e 64 6f 77 2e 70 61 72 65 6e
                                                                                                                                                                                                            Data Ascii: <!DOCTYPE html><html> <head> <meta charset="utf-8"> <title>Telegram: Contact @sok33tn</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <script>try{if(window.parent!=null&&window!=window.parent){window.paren


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            7192.168.2.457267149.154.167.994437504C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            2025-02-14 05:32:54 UTC145OUTGET /sok33tn HTTP/1.1
                                                                                                                                                                                                            Host: t.me
                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                            Cookie: stel_ssid=7a0ba467f1b792a039_14834849593679827492
                                                                                                                                                                                                            2025-02-14 05:32:54 UTC369INHTTP/1.1 200 OK
                                                                                                                                                                                                            Server: nginx/1.18.0
                                                                                                                                                                                                            Date: Fri, 14 Feb 2025 05:32:54 GMT
                                                                                                                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                            Content-Length: 12328
                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                            Cache-control: no-store
                                                                                                                                                                                                            X-Frame-Options: ALLOW-FROM https://web.telegram.org
                                                                                                                                                                                                            Content-Security-Policy: frame-ancestors https://web.telegram.org
                                                                                                                                                                                                            Strict-Transport-Security: max-age=35768000
                                                                                                                                                                                                            2025-02-14 05:32:54 UTC12328INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 54 65 6c 65 67 72 61 6d 3a 20 43 6f 6e 74 61 63 74 20 40 73 6f 6b 33 33 74 6e 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 74 72 79 7b 69 66 28 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 21 3d 6e 75 6c 6c 26 26 77 69 6e 64 6f 77 21 3d 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 29 7b 77 69 6e 64 6f 77 2e 70 61 72 65 6e
                                                                                                                                                                                                            Data Ascii: <!DOCTYPE html><html> <head> <meta charset="utf-8"> <title>Telegram: Contact @sok33tn</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <script>try{if(window.parent!=null&&window!=window.parent){window.paren


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            8192.168.2.45726823.197.127.214437504C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            2025-02-14 05:32:57 UTC215OUTGET /profiles/76561199824159981 HTTP/1.1
                                                                                                                                                                                                            Host: steamcommunity.com
                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                            Cookie: sessionid=c0ba4388df99ed39a956e62f; steamCountry=US%7C185ce35c568ebbb18a145d0cabae7186
                                                                                                                                                                                                            2025-02-14 05:32:57 UTC1790INHTTP/1.1 200 OK
                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                            Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https:// [TRUNCATED]
                                                                                                                                                                                                            Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                            Date: Fri, 14 Feb 2025 05:32:57 GMT
                                                                                                                                                                                                            Content-Length: 35607
                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                            2025-02-14 05:32:57 UTC14594INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 20 44 65 73 6b 74 6f 70 55 49 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e
                                                                                                                                                                                                            Data Ascii: <!DOCTYPE html><html class=" responsive DesktopUI" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21">
                                                                                                                                                                                                            2025-02-14 05:32:58 UTC9982INData Raw: 3e 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 73 75 62 6d 65 6e 75 69 74 65 6d 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 2e 63 6f 6d 2f 6d 61 72 6b 65 74 2f 22 3e 0a 09 09 09 09 09 09 4d 61 72 6b 65 74 09 09 09 09 09 09 09 09 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 73 75 62 6d 65 6e 75 69 74 65 6d 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 2e 63 6f 6d 2f 3f 73 75 62 73 65 63 74 69 6f 6e 3d 62 72 6f 61 64 63 61 73 74 73 22 3e 0a 09 09 09 09 09 09 42 72 6f 61 64 63 61 73 74 73 09 09 09 09 09 09 09 09 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09
                                                                                                                                                                                                            Data Ascii: ><a class="submenuitem" href="https://steamcommunity.com/market/">Market</a><a class="submenuitem" href="https://steamcommunity.com/?subsection=broadcasts">Broadcasts</a></div>
                                                                                                                                                                                                            2025-02-14 05:32:58 UTC11031INData Raw: 26 71 75 6f 74 3b 42 41 53 45 5f 55 52 4c 5f 53 48 41 52 45 44 5f 43 44 4e 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 74 74 70 73 3a 5c 2f 5c 2f 73 68 61 72 65 64 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 73 74 65 61 6d 73 74 61 74 69 63 2e 63 6f 6d 5c 2f 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 43 4c 41 4e 5f 43 44 4e 5f 41 53 53 45 54 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 74 74 70 73 3a 5c 2f 5c 2f 63 6c 61 6e 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 73 74 65 61 6d 73 74 61 74 69 63 2e 63 6f 6d 5c 2f 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 53 4e 52 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 32 5f 31 30 30 33 30 30 5f 70 72 6f 66 69 6c 65 5f 26 71 75 6f 74 3b 7d 22 0a 09 09 20 64 61 74 61 2d 75 73 65 72 69 6e 66 6f 3d 22 5b 5d 22 3e 0a 09 3c 2f 64 69 76 3e
                                                                                                                                                                                                            Data Ascii: &quot;BASE_URL_SHARED_CDN&quot;:&quot;https:\/\/shared.cloudflare.steamstatic.com\/&quot;,&quot;CLAN_CDN_ASSET_URL&quot;:&quot;https:\/\/clan.cloudflare.steamstatic.com\/&quot;,&quot;SNR&quot;:&quot;2_100300_profile_&quot;}" data-userinfo="[]"></div>


                                                                                                                                                                                                            Statistics

                                                                                                                                                                                                            CPU Usage

                                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                                            Memory Usage

                                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                                            High Level Behavior Distribution

                                                                                                                                                                                                            Click to dive into process behavior distribution

                                                                                                                                                                                                            Behavior

                                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                                            System Behavior

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:0
                                                                                                                                                                                                            Start time:00:31:20
                                                                                                                                                                                                            Start date:14/02/2025
                                                                                                                                                                                                            Path:C:\Users\user\Desktop\Howard.exe
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:"C:\Users\user\Desktop\Howard.exe"
                                                                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                                                                            File size:2'711'552 bytes
                                                                                                                                                                                                            MD5 hash:262DFB3C2333AFB399B1A384FA65BDEB
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                                            • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.1901284007.0000000005E20000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                            • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.1899854955.0000000003F29000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                            • Rule: Windows_Trojan_Donutloader_f40e3759, Description: unknown, Source: 00000000.00000002.1884214848.0000000002416000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.1885193672.0000000002DC1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                            • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.1899854955.0000000004009000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                            • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000000.00000002.1899854955.0000000003E5B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:1
                                                                                                                                                                                                            Start time:00:31:32
                                                                                                                                                                                                            Start date:14/02/2025
                                                                                                                                                                                                            Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
                                                                                                                                                                                                            Imagebase:0x2f0000
                                                                                                                                                                                                            File size:262'432 bytes
                                                                                                                                                                                                            MD5 hash:8FDF47E0FF70C40ED3A17014AEEA4232
                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                            Has exited:false

                                                                                                                                                                                                            Disassembly

                                                                                                                                                                                                            Reset < >