Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1637461
MD5:b7d4565a9d634456b769b497ab240125
SHA1:895b664866ac5fb4e6b602f1525982e69f30c9e2
SHA256:8076fa4a81dc3069adfc7c9f902e6bded83edfc4131714d17f2528267789bc19
Tags:exeuser-jstrosch
Infos:

Detection

LummaC Stealer
Score:100
Range:0 - 100
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Found malware configuration
Multi AV Scanner detection for submitted file
Yara detected LummaC Stealer
C2 URLs / IPs found in malware configuration
Contains functionality to inject code into remote processes
Found many strings related to Crypto-Wallets (likely being stolen)
Injects a PE file into a foreign processes
Joe Sandbox ML detected suspicious sample
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Query firmware table information (likely to detect VMs)
Sample uses string decryption to hide its real strings
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
AV process strings found (often used to terminate AV products)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to record screenshots
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE / OLE file has an invalid certificate
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Searches for user specific document files
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 6688 cmdline: "C:\Users\user\Desktop\file.exe" MD5: B7D4565A9D634456B769B497AB240125)
    • file.exe (PID: 6784 cmdline: "C:\Users\user\Desktop\file.exe" MD5: B7D4565A9D634456B769B497AB240125)
  • cleanup

Malware Configuration

Threatname: LummaC

{"C2 url": ["citydisco.bet/gdJIS", "crosshairc.life/dAnjhw", "mrodularmall.top/aNzS", "jowinjoinery.icu/bdWUa", "legenassedk.top/bdpWO", "htardwarehu.icu/Sbdsa", "cjlaspcorne.icu/DbIps", "bugildbett.top/bAuz"]}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000002.00000003.951169747.0000000000B67000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
    00000002.00000003.950882849.0000000000B4D000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
      Process Memory Space: file.exe PID: 6784JoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        Process Memory Space: file.exe PID: 6784JoeSecurity_LummaCStealerYara detected LummaC StealerJoe Security

          Sigma Signatures

          No Sigma rule has matched

          Suricata Signatures

          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2025-03-13T16:50:39.942646+010020283713Unknown Traffic192.168.2.849699104.21.64.1443TCP
          2025-03-13T16:50:39.942646+010020283713Unknown Traffic192.168.2.849708104.21.32.1443TCP
          2025-03-13T16:50:39.942646+010020283713Unknown Traffic192.168.2.849684188.114.96.3443TCP
          2025-03-13T16:50:39.942646+010020283713Unknown Traffic192.168.2.849717104.73.234.102443TCP
          2025-03-13T16:50:39.942646+010020283713Unknown Traffic192.168.2.849702104.21.112.1443TCP
          2025-03-13T16:50:39.942646+010020283713Unknown Traffic192.168.2.849690104.21.112.1443TCP
          2025-03-13T16:50:39.942646+010020283713Unknown Traffic192.168.2.849693188.114.97.3443TCP
          2025-03-13T16:50:39.942646+010020283713Unknown Traffic192.168.2.849714104.73.234.102443TCP
          2025-03-13T16:50:39.942646+010020283713Unknown Traffic192.168.2.849720104.73.234.102443TCP
          2025-03-13T16:50:39.942646+010020283713Unknown Traffic192.168.2.849711104.73.234.102443TCP
          2025-03-13T16:50:39.942646+010020283713Unknown Traffic192.168.2.849687104.21.48.1443TCP
          2025-03-13T16:50:39.942646+010020283713Unknown Traffic192.168.2.849705104.21.112.1443TCP
          2025-03-13T16:50:39.942646+010020283713Unknown Traffic192.168.2.849696188.114.97.3443TCP
          2025-03-13T16:50:45.797007+010020283713Unknown Traffic192.168.2.849682188.114.96.3443TCP
          2025-03-13T16:50:48.889982+010020283713Unknown Traffic192.168.2.849683188.114.96.3443TCP
          2025-03-13T16:50:57.063905+010020283713Unknown Traffic192.168.2.84972323.197.127.21443TCP
          2025-03-13T16:51:00.531465+010020283713Unknown Traffic192.168.2.849724188.114.96.3443TCP
          2025-03-13T16:51:03.758619+010020283713Unknown Traffic192.168.2.84972723.197.127.21443TCP
          2025-03-13T16:51:06.715043+010020283713Unknown Traffic192.168.2.84973123.197.127.21443TCP
          2025-03-13T16:51:08.145988+010020283713Unknown Traffic192.168.2.84973223.197.127.21443TCP
          2025-03-13T16:51:09.644822+010020283713Unknown Traffic192.168.2.84973323.197.127.21443TCP

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Antivirus / Scanner detection for submitted sample
          Source: file.exeAvira: detected
          Found malware configuration
          Source: 2.2.file.exe.400000.0.unpackMalware Configuration Extractor: LummaC {"C2 url": ["citydisco.bet/gdJIS", "crosshairc.life/dAnjhw", "mrodularmall.top/aNzS", "jowinjoinery.icu/bdWUa", "legenassedk.top/bdpWO", "htardwarehu.icu/Sbdsa", "cjlaspcorne.icu/DbIps", "bugildbett.top/bAuz"]}
          Multi AV Scanner detection for submitted file
          Source: file.exeVirustotal: Detection: 58%Perma Link
          Source: file.exeReversingLabs: Detection: 52%
          Joe Sandbox ML detected suspicious sample
          Source: Submited SampleIntegrated Neural Analysis Model: Matched 95.3% probability
          Sample uses string decryption to hide its real strings
          Source: 2.2.file.exe.400000.0.unpackString decryptor: citydisco.bet/gdJIS
          Source: 2.2.file.exe.400000.0.unpackString decryptor: crosshairc.life/dAnjhw
          Source: 2.2.file.exe.400000.0.unpackString decryptor: mrodularmall.top/aNzS
          Source: 2.2.file.exe.400000.0.unpackString decryptor: jowinjoinery.icu/bdWUa
          Source: 2.2.file.exe.400000.0.unpackString decryptor: legenassedk.top/bdpWO
          Source: 2.2.file.exe.400000.0.unpackString decryptor: htardwarehu.icu/Sbdsa
          Source: 2.2.file.exe.400000.0.unpackString decryptor: cjlaspcorne.icu/DbIps
          Source: 2.2.file.exe.400000.0.unpackString decryptor: bugildbett.top/bAuz
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0041C833 CryptUnprotectData,CryptUnprotectData,2_2_0041C833
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0041BCC0 CryptUnprotectData,2_2_0041BCC0
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0041C833 CryptUnprotectData,CryptUnprotectData,2_2_0041C833
          Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
          Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.8:49682 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.8:49683 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 23.197.127.21:443 -> 192.168.2.8:49723 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.8:49724 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 23.197.127.21:443 -> 192.168.2.8:49727 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 23.197.127.21:443 -> 192.168.2.8:49731 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 23.197.127.21:443 -> 192.168.2.8:49733 version: TLS 1.2
          Source: file.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006E8ECE FindFirstFileExW,0_2_006E8ECE
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006E8F7F FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_006E8F7F
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006E8ECE FindFirstFileExW,2_2_006E8ECE
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006E8F7F FindFirstFileExW,FindNextFileW,FindClose,FindClose,2_2_006E8F7F
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\PackagesJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\PlaceholderTileLogoFolderJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\MozillaJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\PeerDistRepubJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\CommsJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
          Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ebx, byte ptr [esp+eax+00000104h]2_2_0041C833
          Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [edx+ecx*8], 6D58C181h2_2_00421890
          Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ebx, byte ptr [esp+ecx-4926828Eh]2_2_00421890
          Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ecx, byte ptr [esi+eax+04h]2_2_00413143
          Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], CF91E6EAh2_2_0044A106
          Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then lea ecx, dword ptr [eax+eax]2_2_00412AF8
          Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then lea ecx, dword ptr [eax-40000000h]2_2_00412AF8
          Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then lea edx, dword ptr [ecx+ecx]2_2_00412AF8
          Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp word ptr [edi+ebx], 0000h2_2_0044C2A0
          Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx eax, byte ptr [esp+ecx+44h]2_2_00444300
          Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ebx, byte ptr [esp+edi+3E8E80E8h]2_2_0044D300
          Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [ecx], bx2_2_0044D300
          Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], esi2_2_0044C3A0
          Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax-26h]2_2_0044C3A0
          Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov ebp, ebx2_2_0044C3A0
          Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ecx, di2_2_0042FE40
          Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax-1272D010h]2_2_0042FE40
          Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax-26h]2_2_0044D7F0
          Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx+18h]2_2_0040EFAE
          Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [edi], cx2_2_00429840
          Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edx, byte ptr [00451018h]2_2_0040F066
          Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edi, byte ptr [ecx+esi]2_2_00402800
          Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 1ED597A4h2_2_004480C0
          Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], cx2_2_00410897
          Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edi, byte ptr [esp+ecx]2_2_00410897
          Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax-26h]2_2_0044D950
          Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax-0D0EF488h]2_2_0042D92B
          Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov dword ptr [esi], FFFFFFFFh2_2_004019E0
          Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edi, byte ptr [esp+edx-51AE6CD0h]2_2_0044AA55
          Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov dword ptr [esp], 8B8A8924h2_2_0043F250
          Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx eax, byte ptr [esp+edx+19DCC0F6h]2_2_00445250
          Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ebx, byte ptr [ebp+edi+00h]2_2_00445250
          Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov byte ptr [ecx], dl2_2_00423A70
          Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov byte ptr [edi], cl2_2_00423A70
          Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebx+esi*8], C446A772h2_2_0041E21B
          Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax-4926821Eh]2_2_0041E21B
          Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax-4926821Eh]2_2_0041E21B
          Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [edx+ecx*8], 656D2358h2_2_0041E21B
          Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp eax2_2_0041E21B
          Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax+70h]2_2_0041E21B
          Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax-49268212h]2_2_0041E21B
          Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx esi, byte ptr [eax]2_2_00448220
          Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 93A82FD1h2_2_004292C0
          Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax-6BB1A2B4h]2_2_004482E0
          Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edi, byte ptr [esp+eax-000000FAh]2_2_00433A88
          Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then push eax2_2_00449B7F
          Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ebx, byte ptr [esp+eax+00000104h]2_2_0041C833
          Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then add eax, dword ptr [esp+ecx*4+24h]2_2_0040A320
          Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ecx, word ptr [edi+esi*4]2_2_0040A320
          Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edi, byte ptr [esp+eax-000000FAh]2_2_00433A88
          Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax+34h]2_2_00433330
          Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov byte ptr [esi], cl2_2_00436BE5
          Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx eax, byte ptr [esp+edx+68h]2_2_00437BB8
          Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov byte ptr [ecx], dl2_2_00411C5F
          Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then add ebp, dword ptr [esp+0Ch]2_2_00435C60
          Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov dword ptr [esp+08h], ebx2_2_00445C70
          Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], cx2_2_00410C1B
          Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx esi, byte ptr [esp+ecx]2_2_00410C1B
          Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx eax, byte ptr [esp+esi+5Ch]2_2_0042F430
          Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ebx, byte ptr [edx]2_2_00441480
          Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+49408C66h]2_2_00428CB0
          Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [ebp-10h]2_2_0044BD46
          Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov byte ptr [eax], cl2_2_0041EDDC
          Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+6D3F2F7Eh]2_2_00420D90
          Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edx, byte ptr [eax]2_2_00448590
          Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax+50h]2_2_004305B2
          Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movsx eax, byte ptr [esi+ecx]2_2_0041AE40
          Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov byte ptr [edi], cl2_2_00438E42
          Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov dword ptr [esp+10h], ecx2_2_00438E42
          Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then add eax, esi2_2_00437627
          Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edx, byte ptr [ebp+ecx+00h]2_2_0040CE30
          Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ebx, byte ptr [eax+esi]2_2_0040CE30
          Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov dword ptr [esp+10h], ecx2_2_00438E39
          Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ebp, byte ptr [esp+ecx+0Ah]2_2_00445ED1
          Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax]2_2_00445ED1
          Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+18h]2_2_004236EB
          Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov byte ptr [ebx], cl2_2_004386EC
          Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], cx2_2_00432F60
          Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edi, byte ptr [esi+edx]2_2_00432F60
          Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], cx2_2_00432F60
          Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx esi, byte ptr [esp+eax]2_2_0041AF00
          Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx-4926828Ah]2_2_0041AF00
          Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+1A92C912h]2_2_0040C710
          Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx-2Ah]2_2_0044C7D0
          Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ecx, byte ptr [esi+eax+04h]2_2_00412FDB
          Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax]2_2_00446790
          Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov byte ptr [eax], cl2_2_0041EFAD
          Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov ebx, dword ptr [edi+04h]2_2_00433FB0

          Networking

          barindex
          C2 URLs / IPs found in malware configuration
          Source: Malware configuration extractorURLs: citydisco.bet/gdJIS
          Source: Malware configuration extractorURLs: crosshairc.life/dAnjhw
          Source: Malware configuration extractorURLs: mrodularmall.top/aNzS
          Source: Malware configuration extractorURLs: jowinjoinery.icu/bdWUa
          Source: Malware configuration extractorURLs: legenassedk.top/bdpWO
          Source: Malware configuration extractorURLs: htardwarehu.icu/Sbdsa
          Source: Malware configuration extractorURLs: cjlaspcorne.icu/DbIps
          Source: Malware configuration extractorURLs: bugildbett.top/bAuz
          Source: global trafficHTTP traffic detected: GET /profiles/76561199822375128 HTTP/1.1Connection: Keep-AliveHost: steamcommunity.com
          Source: global trafficHTTP traffic detected: GET /profiles/76561199822375128 HTTP/1.1Connection: Keep-AliveHost: steamcommunity.com
          Source: global trafficHTTP traffic detected: GET /profiles/76561199822375128 HTTP/1.1Connection: Keep-AliveHost: steamcommunity.com
          Source: global trafficHTTP traffic detected: GET /profiles/76561199822375128 HTTP/1.1Connection: Keep-AliveHost: steamcommunity.com
          Source: Joe Sandbox ViewIP Address: 104.21.48.1 104.21.48.1
          Source: Joe Sandbox ViewIP Address: 104.21.48.1 104.21.48.1
          Source: Joe Sandbox ViewIP Address: 104.21.112.1 104.21.112.1
          Source: Joe Sandbox ViewIP Address: 104.21.112.1 104.21.112.1
          Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49682 -> 188.114.96.3:443
          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49683 -> 188.114.96.3:443
          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49723 -> 23.197.127.21:443
          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49724 -> 188.114.96.3:443
          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49732 -> 23.197.127.21:443
          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49733 -> 23.197.127.21:443
          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49731 -> 23.197.127.21:443
          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49727 -> 23.197.127.21:443
          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49699 -> 104.21.64.1:443
          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49708 -> 104.21.32.1:443
          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49684 -> 188.114.96.3:443
          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49717 -> 104.73.234.102:443
          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49702 -> 104.21.112.1:443
          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49690 -> 104.21.112.1:443
          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49693 -> 188.114.97.3:443
          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49714 -> 104.73.234.102:443
          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49720 -> 104.73.234.102:443
          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49711 -> 104.73.234.102:443
          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49687 -> 104.21.48.1:443
          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49705 -> 104.21.112.1:443
          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.8:49696 -> 188.114.97.3:443
          Source: global trafficHTTP traffic detected: POST /gdJIS HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 51Host: citydisco.bet
          Source: global trafficHTTP traffic detected: POST /gdJIS HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=m169HiqDFgH2QgDUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 14506Host: citydisco.bet
          Source: global trafficHTTP traffic detected: POST /bSHsyZD HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=Y17c6EffWzeKDYzOHUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 2489Host: guntac.bet
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: global trafficHTTP traffic detected: GET /profiles/76561199822375128 HTTP/1.1Connection: Keep-AliveHost: steamcommunity.com
          Source: global trafficHTTP traffic detected: GET /profiles/76561199822375128 HTTP/1.1Connection: Keep-AliveHost: steamcommunity.com
          Source: global trafficHTTP traffic detected: GET /profiles/76561199822375128 HTTP/1.1Connection: Keep-AliveHost: steamcommunity.com
          Source: global trafficHTTP traffic detected: GET /profiles/76561199822375128 HTTP/1.1Connection: Keep-AliveHost: steamcommunity.com
          Source: file.exe, 00000002.00000002.1123997285.0000000003249000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://steamloopback.host https://store.steampowered.com/; equals www.youtube.com (Youtube)
          Source: file.exe, 00000002.00000003.1007443009.0000000000B67000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policydefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://steamloopback.host https://store.steampowered.com/;X-Frame-OptionsSAMEORIGINPersistent-AuthWWW-AuthenticateVarysteamCountry=US%7C14c9dde9b41d2538b03ea660c9fb439f; path=/; secure; HttpOnly; SameSite=Nonesessionid=1e6f4a77fc546841ab2a14ea; Path=/; Secure; SameSite=NoneSet-CookienginxServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedMon, 26 Jul 1997 05:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset=UTF-8Content-Type35710Content-LengthAllowWarningViaUpgradeTransfer-EncodingTrailerPragmaKeep-AliveThu, 13 Mar 2025 15:50:58 GMTDateProxy-ConnectioncloseConnectionno-cacheCache-Control equals www.youtube.com (Youtube)
          Source: file.exe, 00000002.00000003.1093024878.0000000000B51000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policydefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://steamloopback.host https://store.steampowered.com/;X-Frame-OptionsSAMEORIGINPersistent-AuthWWW-AuthenticateVarysteamCountry=US%7C14c9dde9b41d2538b03ea660c9fb439f; path=/; secure; HttpOnly; SameSite=Nonesessionid=809de0151fe81a063233b55e; Path=/; Secure; SameSite=NoneSet-CookienginxServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedMon, 26 Jul 1997 05:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset=UTF-8Content-Type26244Content-LengthAllowWarningViaUpgradeTransfer-EncodingTrailerPragmaKeep-AliveThu, 13 Mar 2025 15:51:07 GMTDateProxy-ConnectioncloseConnectionno-cacheCache-Control equals www.youtube.com (Youtube)
          Source: file.exe, 00000002.00000003.1007443009.0000000000B67000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://steamloopback.host https://store.steampowered.com/; equals www.youtube.com (Youtube)
          Source: file.exe, 00000002.00000003.1122666006.0000000000B67000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: ecaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://steamloopback.host https://store.steampowered.com/; equals www.youtube.com (Youtube)
          Source: file.exe, 00000002.00000003.1122666006.0000000000B67000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: ecaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://steamloopback.host https://store.steampowered.com/;X-Frame-OptionsSAMEORIGINPersistent-AuthWWW-AuthenticateVarysteamCountry=US%7C14c9dde9b41d2538b03ea660c9fb439f; path=/; secure; HttpOnly; SameSite=Nonesessionid=bf4dd5b165566a36602ef9d3; Path=/; Secure; SameSite=NoneSet-CookienginxServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedMon, 26 Jul 1997 05:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset=UTF-8Content-Type26244Content-LengthAllowWarningViaUpgradeTransfer-EncodingTrailerPragmaKeep-AliveThu, 13 Mar 2025 15:51:10 GMTDateProxy-ConnectioncloseConnectionno-cacheCache-Control equals www.youtube.com (Youtube)
          Source: global trafficDNS traffic detected: DNS query: citydisco.bet
          Source: global trafficDNS traffic detected: DNS query: crosshairc.life
          Source: global trafficDNS traffic detected: DNS query: mrodularmall.top
          Source: global trafficDNS traffic detected: DNS query: jowinjoinery.icu
          Source: global trafficDNS traffic detected: DNS query: legenassedk.top
          Source: global trafficDNS traffic detected: DNS query: htardwarehu.icu
          Source: global trafficDNS traffic detected: DNS query: cjlaspcorne.icu
          Source: global trafficDNS traffic detected: DNS query: bugildbett.top
          Source: global trafficDNS traffic detected: DNS query: weaponrywo.digital
          Source: global trafficDNS traffic detected: DNS query: steamcommunity.com
          Source: global trafficDNS traffic detected: DNS query: guntac.bet
          Source: unknownHTTP traffic detected: POST /gdJIS HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 51Host: citydisco.bet
          Source: file.exe, 00000002.00000003.1007443009.0000000000B67000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:27060
          Source: file.exe, 00000002.00000003.943594035.0000000003268000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
          Source: file.exe, 00000002.00000003.943594035.0000000003268000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
          Source: file.exe, 00000002.00000003.943594035.0000000003268000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
          Source: file.exe, 00000002.00000003.943594035.0000000003268000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
          Source: file.exe, 00000002.00000003.943594035.0000000003268000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
          Source: file.exe, 00000002.00000003.943594035.0000000003268000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
          Source: file.exe, 00000002.00000003.943594035.0000000003268000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
          Source: file.exe, 00000002.00000003.943594035.0000000003268000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
          Source: file.exe, 00000002.00000003.943594035.0000000003268000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
          Source: file.exe, 00000002.00000003.1007252705.0000000000BCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092973498.0000000000B92000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1030347917.0000000000BA2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1093067065.0000000000BA0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092868576.0000000003611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122409277.0000000003621000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007382936.0000000000BA0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122435162.0000000000BCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122584508.0000000000BA0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BCC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
          Source: file.exe, 00000002.00000003.1007252705.0000000000BCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092973498.0000000000B92000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092868576.0000000003611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122409277.0000000003621000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007382936.0000000000BA0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122435162.0000000000BCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1123437052.0000000000B94000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BCC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/privacy_agreement/
          Source: file.exe, 00000002.00000003.1007252705.0000000000BCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092973498.0000000000B92000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092868576.0000000003611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122409277.0000000003621000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007382936.0000000000BA0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122435162.0000000000BCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1123437052.0000000000B94000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BCC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/subscriber_agreement/
          Source: file.exe, 00000002.00000003.1007252705.0000000000BCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122568884.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122435162.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007365841.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092868576.0000000003611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122435162.0000000000BCF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007252705.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122409277.0000000003621000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092959310.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BCC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.valvesoftware.com/legal.htm
          Source: file.exe, 00000002.00000003.943594035.0000000003268000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
          Source: file.exe, 00000002.00000003.943594035.0000000003268000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
          Source: file.exe, 00000002.00000003.888824551.0000000003258000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org?q=
          Source: file.exe, 00000002.00000003.1007443009.0000000000B67000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.steampowered.com/
          Source: file.exe, 00000002.00000003.1007252705.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007319763.0000000000BAB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007382936.0000000000BA0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://avatars.fastly.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
          Source: file.exe, 00000002.00000003.945342020.0000000000BF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696491991400800003.2&ci=1696491991993.
          Source: file.exe, 00000002.00000003.945342020.0000000000BF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696491991400800003.1&ci=1696491991993.12791&cta
          Source: file.exe, 00000002.00000003.1007443009.0000000000B67000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://broadcast.st.dl.eccdnx.com
          Source: file.exe, 00000002.00000003.888824551.0000000003258000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
          Source: file.exe, 00000002.00000003.1007443009.0000000000B67000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/
          Source: file.exe, 00000002.00000003.888824551.0000000003258000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
          Source: file.exe, 00000002.00000003.888824551.0000000003258000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
          Source: file.exe, 00000002.00000003.1007443009.0000000000B67000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://checkout.steampowered.com/
          Source: file.exe, 00000002.00000003.916855878.0000000000BCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.917909763.0000000000BE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://citydisco.bet/gdJIS
          Source: file.exe, 00000002.00000003.917323221.0000000000BC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.917031305.0000000000BC5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://citydisco.bet/gdJISAAAA
          Source: file.exe, 00000002.00000003.1007429111.0000000000BF5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007398974.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007252705.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007415004.0000000000BF2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastl
          Source: file.exe, 00000002.00000003.1007429111.0000000000BF5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007398974.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007252705.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007415004.0000000000BF2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastlNN
          Source: file.exe, 00000002.00000003.1122617963.0000000000BF2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1123657442.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1093116818.0000000000BF2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com
          Source: file.exe, 00000002.00000003.1007443009.0000000000B67000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/
          Source: file.exe, 00000002.00000003.1092895103.0000000000BCC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=J1-T6FXbrr0Z&a
          Source: file.exe, 00000002.00000003.1007252705.0000000000BCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122617963.0000000000BF2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122435162.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1123657442.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122435162.0000000000BCF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007429111.0000000000BF5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007398974.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007252705.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007415004.0000000000BF2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1124144144.0000000003620000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000002.1123242243.0000000000B4D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1124144144.000000000361A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000002.1124144144.0000000003610000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1093116818.0000000000BF2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/globalv2.css?v=GlKQ1cghJWE2&l=english&_c
          Source: file.exe, 00000002.00000003.1007252705.0000000000BCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007429111.0000000000BF5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007398974.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007252705.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007415004.0000000000BF2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/promo/summer2017/stickers.css?v=Ncr6N09yZIap&amp
          Source: file.exe, 00000002.00000003.1122617963.0000000000BF2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122435162.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1123657442.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122435162.0000000000BCF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1124144144.0000000003620000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000002.1123242243.0000000000B4D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1124144144.000000000361A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000002.1124144144.0000000003610000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1093116818.0000000000BF2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/fatalerror.css?v=OFUqlcDNiD6y&l=engli
          Source: file.exe, 00000002.00000003.1007252705.0000000000BCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122617963.0000000000BF2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122435162.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1123657442.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122435162.0000000000BCF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007429111.0000000000BF5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007398974.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007252705.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007415004.0000000000BF2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1124144144.0000000003620000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000002.1123242243.0000000000B4D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1124144144.000000000361A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000002.1124144144.0000000003610000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1093116818.0000000000BF2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&l=english&a
          Source: file.exe, 00000002.00000003.1007252705.0000000000BCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007429111.0000000000BF5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007398974.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007252705.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007415004.0000000000BF2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/modalContent.css?v=WXAusLHclDIt&l=eng
          Source: file.exe, 00000002.00000003.1007252705.0000000000BCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007429111.0000000000BF5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007398974.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007252705.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007415004.0000000000BF2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/profilev2.css?v=fe66ET2uI50l&l=englis
          Source: file.exe, 00000002.00000003.1007252705.0000000000BCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007319763.0000000000BAB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007382936.0000000000BA0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
          Source: file.exe, 00000002.00000003.1007252705.0000000000BCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092973498.0000000000B92000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092868576.0000000003611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122515243.0000000000BBE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122409277.0000000003621000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007382936.0000000000BA0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1123437052.0000000000B94000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1123537225.0000000000BBE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
          Source: file.exe, 00000002.00000002.1123242243.0000000000B4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javasc
          Source: file.exe, 00000002.00000003.1007252705.0000000000BCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092868576.0000000003611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122435162.0000000000BCF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122409277.0000000003621000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007319763.0000000000BAB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007382936.0000000000BA0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BCC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
          Source: file.exe, 00000002.00000003.1007252705.0000000000BCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092868576.0000000003611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122435162.0000000000BCF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122409277.0000000003621000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007319763.0000000000BAB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007382936.0000000000BA0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BCC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/main.js?v=jfdbROVe
          Source: file.exe, 00000002.00000003.1007252705.0000000000BCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092868576.0000000003611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122435162.0000000000BCF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122409277.0000000003621000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007319763.0000000000BAB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007382936.0000000000BA0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BCC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=39xC
          Source: file.exe, 00000002.00000003.1007252705.0000000000BCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122568884.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122435162.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007365841.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122435162.0000000000BCF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007429111.0000000000BF5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007398974.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007252705.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007415004.0000000000BF2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1124144144.0000000003620000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092959310.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1124144144.000000000361A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000002.1124144144.0000000003610000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BCC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/global.js?v=cMt-H-zOgNUp&l=english&am
          Source: file.exe, 00000002.00000003.1093024878.0000000000B4F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007252705.0000000000BCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122568884.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122435162.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007365841.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122435162.0000000000BCF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007429111.0000000000BF5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007398974.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007252705.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007415004.0000000000BF2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1124144144.0000000003620000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092959310.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1124144144.000000000361A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000002.1124144144.0000000003610000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BCC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=gQHVlrK4-jX-&l
          Source: file.exe, 00000002.00000003.1007252705.0000000000BCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007365841.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007429111.0000000000BF5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007398974.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007252705.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007415004.0000000000BF2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/modalContent.js?v=uqf5ttWTRe7l&l=engl
          Source: file.exe, 00000002.00000003.1007252705.0000000000BCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007365841.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007429111.0000000000BF5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007398974.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007252705.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007415004.0000000000BF2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/modalv2.js?v=zBXEuexVQ0FZ&l=english&a
          Source: file.exe, 00000002.00000003.1007252705.0000000000BCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007365841.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007429111.0000000000BF5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007398974.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007252705.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007415004.0000000000BF2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/profile.js?v=GeQ6v03mWpAc&l=english&a
          Source: file.exe, 00000002.00000003.1007252705.0000000000BCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007365841.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007252705.0000000000BEC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/promo/stickers.js?v=CcLRHsa04otQ&l=en
          Source: file.exe, 00000002.00000003.1007252705.0000000000BCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122617963.0000000000BF2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122435162.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1123657442.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122435162.0000000000BCF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007429111.0000000000BF5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007398974.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007252705.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007415004.0000000000BF2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1124144144.0000000003620000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000002.1123242243.0000000000B4D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1124144144.000000000361A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000002.1124144144.0000000003610000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1093116818.0000000000BF2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&l=eng
          Source: file.exe, 00000002.00000003.1007252705.0000000000BCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007365841.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007252705.0000000000BEC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/reportedcontent.js?v=-lZqrarogJr8&l=e
          Source: file.exe, 00000002.00000003.1007252705.0000000000BCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122435162.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007365841.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122435162.0000000000BCF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007429111.0000000000BF5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007398974.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007252705.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007415004.0000000000BF2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1124144144.0000000003620000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000002.1123242243.0000000000B4D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1124144144.000000000361A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000002.1124144144.0000000003610000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BCC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbC
          Source: file.exe, 00000002.00000003.1007252705.0000000000BCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007365841.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007252705.0000000000BEC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/webui/clientcom.js?v=whw8EcafG167&l=e
          Source: file.exe, 00000002.00000002.1124144144.0000000003620000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/s
          Source: file.exe, 00000002.00000003.1122617963.0000000000BF2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122435162.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1123657442.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122435162.0000000000BCF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007429111.0000000000BF5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007398974.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007252705.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007415004.0000000000BF2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1124144144.0000000003620000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000002.1123242243.0000000000B4D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1124144144.000000000361A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000002.1124144144.0000000003610000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1093116818.0000000000BF2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&l=english&
          Source: file.exe, 00000002.00000003.1007415004.0000000000BF2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1124144144.0000000003620000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000002.1123242243.0000000000B4D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1124144144.000000000361A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000002.1124144144.0000000003610000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1093116818.0000000000BF2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&l=engl
          Source: file.exe, 00000002.00000003.1007252705.0000000000BCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122617963.0000000000BF2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122435162.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1123657442.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122435162.0000000000BCF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007429111.0000000000BF5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007398974.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007252705.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007415004.0000000000BF2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1124144144.0000000003620000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000002.1123242243.0000000000B4D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1124144144.000000000361A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000002.1124144144.0000000003610000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1093116818.0000000000BF2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=Eq36AUaEgab8&l=en
          Source: file.exe, 00000002.00000003.1007252705.0000000000BCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122617963.0000000000BF2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122435162.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1123657442.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122435162.0000000000BCF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007429111.0000000000BF5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007398974.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007252705.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007415004.0000000000BF2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1124144144.0000000003620000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000002.1123242243.0000000000B4D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1124144144.000000000361A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000002.1124144144.0000000003610000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1093116818.0000000000BF2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&
          Source: file.exe, 00000002.00000003.1007252705.0000000000BCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122568884.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122435162.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007365841.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092868576.0000000003611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122435162.0000000000BCF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1030239572.0000000000BE6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1030329549.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007252705.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122409277.0000000003621000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092959310.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BCC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
          Source: file.exe, 00000002.00000003.1007252705.0000000000BCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122568884.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122435162.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007365841.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092868576.0000000003611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122435162.0000000000BCF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007252705.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122409277.0000000003621000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092959310.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BCC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_logo.png
          Source: file.exe, 00000002.00000003.1007252705.0000000000BCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122568884.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122435162.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007365841.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092868576.0000000003611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122435162.0000000000BCF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007252705.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122409277.0000000003621000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092959310.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BCC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
          Source: file.exe, 00000002.00000003.1007252705.0000000000BCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122568884.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122435162.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007365841.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092868576.0000000003611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122435162.0000000000BCF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007252705.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122409277.0000000003621000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092959310.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BCC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
          Source: file.exe, 00000002.00000002.1124144144.0000000003610000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/ja
          Source: file.exe, 00000002.00000003.1093024878.0000000000B4F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007252705.0000000000BCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122568884.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122435162.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007365841.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092868576.0000000003611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122435162.0000000000BCF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007429111.0000000000BF5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007398974.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007252705.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007415004.0000000000BF2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122409277.0000000003621000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092959310.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1124144144.000000000361A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BCC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2S&amp
          Source: file.exe, 00000002.00000003.1093024878.0000000000B4F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007252705.0000000000BCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122568884.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122435162.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007365841.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092868576.0000000003611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122435162.0000000000BCF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007429111.0000000000BF5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007398974.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007252705.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007415004.0000000000BF2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122409277.0000000003621000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092959310.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1124144144.000000000361A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BCC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=PCCoCNLxwF4M&am
          Source: file.exe, 00000002.00000003.1093024878.0000000000B4F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007252705.0000000000BCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122568884.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122435162.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007365841.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092868576.0000000003611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122435162.0000000000BCF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007252705.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122409277.0000000003621000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092959310.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1124144144.000000000361A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BCC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=tvQ
          Source: file.exe, 00000002.00000003.1093024878.0000000000B4F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007252705.0000000000BCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122568884.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122435162.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007365841.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122435162.0000000000BCF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007429111.0000000000BF5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007398974.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007252705.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007415004.0000000000BF2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092959310.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1124144144.000000000361A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BCC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&l=en
          Source: file.exe, 00000002.00000003.945342020.0000000000BF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpg
          Source: file.exe, 00000002.00000003.945342020.0000000000BF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
          Source: file.exe, 00000002.00000003.888824551.0000000003258000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
          Source: file.exe, 00000002.00000003.888824551.0000000003258000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtabv20
          Source: file.exe, 00000002.00000003.888824551.0000000003258000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
          Source: file.exe, 00000002.00000003.888824551.0000000003258000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://gemini.google.com/app?q=
          Source: file.exe, 00000002.00000003.1030239572.0000000000BE6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1030427977.0000000000BEB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://guntac.bet/bSHsyZDmu
          Source: file.exe, 00000002.00000003.1030286347.0000000000BAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122515243.0000000000BAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092973498.0000000000BAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1123459108.0000000000BAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://guntac.bet:443/bSHsyZD
          Source: file.exe, 00000002.00000003.1007443009.0000000000B67000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/
          Source: file.exe, 00000002.00000003.1007252705.0000000000BCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122568884.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122435162.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007365841.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092868576.0000000003611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122435162.0000000000BCF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007252705.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122409277.0000000003621000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092959310.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1123682305.0000000000BF9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BCC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/en/
          Source: file.exe, 00000002.00000003.945342020.0000000000BF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pqX1CqX4pbW1pbWfpbZ7ReNxR3UIG8zInwYIFIVs9eYi
          Source: file.exe, 00000002.00000003.1007443009.0000000000B67000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.steampowered.com/
          Source: file.exe, 00000002.00000003.1007443009.0000000000B67000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lv.queniujq.cn
          Source: file.exe, 00000002.00000003.1007443009.0000000000B67000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://medal.tv
          Source: file.exe, 00000002.00000003.1007443009.0000000000B67000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://player.vimeo.com
          Source: file.exe, 00000002.00000003.1007443009.0000000000B67000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net
          Source: file.exe, 00000002.00000003.1007443009.0000000000B67000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net/recaptcha/;
          Source: file.exe, 00000002.00000003.1007443009.0000000000B67000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s.ytimg.com;
          Source: file.exe, 00000002.00000003.1007443009.0000000000B67000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sketchfab.com
          Source: file.exe, 00000002.00000003.1007443009.0000000000B67000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steam.tv/
          Source: file.exe, 00000002.00000003.1007443009.0000000000B67000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast-test.akamaized.net
          Source: file.exe, 00000002.00000003.1007443009.0000000000B67000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast.akamaized.net
          Source: file.exe, 00000002.00000003.1007443009.0000000000B67000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcastchat.akamaized.net
          Source: file.exe, 00000002.00000003.1092868576.0000000003611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122409277.0000000003621000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com
          Source: file.exe, 00000002.00000003.1092895103.0000000000BCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1123537225.0000000000BBE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/
          Source: file.exe, 00000002.00000003.1053420450.0000000000BE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/5rV
          Source: file.exe, 00000002.00000003.942965550.0000000000BEB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.945746568.0000000000BE6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007398974.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007252705.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.942879187.0000000000BE6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.945498591.0000000000BE6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.945844284.0000000000BEB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/=r
          Source: file.exe, 00000002.00000003.1007252705.0000000000BCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122568884.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122435162.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007365841.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092868576.0000000003611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122435162.0000000000BCF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007252705.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122409277.0000000003621000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092959310.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1123682305.0000000000BF9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BCC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
          Source: file.exe, 00000002.00000003.1122435162.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122649399.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1123605917.0000000000BEC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/Urv
          Source: file.exe, 00000002.00000003.1007319763.0000000000BBE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/ca
          Source: file.exe, 00000002.00000003.1007252705.0000000000BCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122568884.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122435162.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007365841.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092868576.0000000003611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122435162.0000000000BCF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007252705.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122409277.0000000003621000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092959310.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1123682305.0000000000BF9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BCC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/discussions/
          Source: file.exe, 00000002.00000003.1122435162.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122649399.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1123605917.0000000000BEC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/er
          Source: file.exe, 00000002.00000003.1007252705.0000000000BCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092973498.0000000000B92000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092868576.0000000003611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122409277.0000000003621000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007382936.0000000000BA0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122435162.0000000000BCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1123437052.0000000000B94000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BCC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
          Source: file.exe, 00000002.00000003.1092895103.0000000000BCC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199822375128
          Source: file.exe, 00000002.00000003.1007252705.0000000000BCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122568884.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122435162.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007365841.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092868576.0000000003611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122435162.0000000000BCF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007252705.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122409277.0000000003621000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092959310.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1123682305.0000000000BF9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BCC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/market/
          Source: file.exe, 00000002.00000003.1122435162.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122649399.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1123605917.0000000000BEC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/mr
          Source: file.exe, 00000002.00000003.1007252705.0000000000BCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122568884.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122435162.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007365841.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092868576.0000000003611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122435162.0000000000BCF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1030239572.0000000000BE6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1030329549.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007252705.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122409277.0000000003621000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092959310.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1123682305.0000000000BF9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BCC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/my/wishlist/
          Source: file.exe, 00000002.00000003.942879187.0000000000BD8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199822375128
          Source: file.exe, 00000002.00000003.951169747.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.950882849.0000000000B4D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007443009.0000000000B67000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199822375128.36
          Source: file.exe, 00000002.00000003.1007252705.0000000000BCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007319763.0000000000BAB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007382936.0000000000BA0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199822375128/badges
          Source: file.exe, 00000002.00000003.1030347917.0000000000B4F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007252705.0000000000BCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1030555132.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007382936.0000000000BA0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007443009.0000000000B67000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199822375128/inventory/
          Source: file.exe, 00000002.00000003.1122515243.0000000000BBE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1123537225.0000000000BBE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199822375128T
          Source: file.exe, 00000002.00000003.942965550.0000000000BEB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.942879187.0000000000BE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199822375128W
          Source: file.exe, 00000002.00000003.1122435162.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122649399.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1123605917.0000000000BEC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/ur
          Source: file.exe, 00000002.00000003.1007252705.0000000000BCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122568884.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122435162.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007365841.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092868576.0000000003611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122435162.0000000000BCF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007252705.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122409277.0000000003621000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092959310.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1123682305.0000000000BF9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BCC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/workshop/
          Source: file.exe, 00000002.00000002.1123459108.0000000000BAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com:443/profiles/76561199822375128
          Source: file.exe, 00000002.00000003.1122515243.0000000000BAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092973498.0000000000BAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1123459108.0000000000BAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com:443/profiles/76561199822375128%
          Source: file.exe, 00000002.00000003.1007443009.0000000000B67000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamloopback.host
          Source: file.exe, 00000002.00000003.1092895103.0000000000BCC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/
          Source: file.exe, 00000002.00000003.1093024878.0000000000B51000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1123997285.0000000003249000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122666006.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007443009.0000000000B67000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;
          Source: file.exe, 00000002.00000003.1093024878.0000000000B51000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122666006.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007443009.0000000000B67000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;X-Frame-OptionsSAMEORIGINPersistent-AuthWWW-AuthenticateVarysteamCou
          Source: file.exe, 00000002.00000003.1092895103.0000000000BCC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/about/
          Source: file.exe, 00000002.00000003.1007252705.0000000000BCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122568884.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122435162.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007365841.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092868576.0000000003611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122435162.0000000000BCF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1030239572.0000000000BE6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1030329549.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007252705.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122409277.0000000003621000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092959310.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1123682305.0000000000BF9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BCC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/explore/
          Source: file.exe, 00000002.00000003.1007252705.0000000000BCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092973498.0000000000B92000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092868576.0000000003611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122409277.0000000003621000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007382936.0000000000BA0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122435162.0000000000BCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1123437052.0000000000B94000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BCC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/legal/
          Source: file.exe, 00000002.00000003.1007252705.0000000000BCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122568884.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122435162.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007365841.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092868576.0000000003611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122435162.0000000000BCF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007252705.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122409277.0000000003621000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092959310.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BCC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/mobile
          Source: file.exe, 00000002.00000003.1007252705.0000000000BCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122568884.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122435162.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007365841.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092868576.0000000003611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122435162.0000000000BCF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1030239572.0000000000BE6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1030329549.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007252705.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122409277.0000000003621000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092959310.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1123682305.0000000000BF9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BCC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/news/
          Source: file.exe, 00000002.00000003.1007252705.0000000000BCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122568884.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122435162.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007365841.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092868576.0000000003611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122435162.0000000000BCF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1030239572.0000000000BE6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1030329549.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007252705.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122409277.0000000003621000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092959310.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1123682305.0000000000BF9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BCC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/points/shop/
          Source: file.exe, 00000002.00000003.1007252705.0000000000BCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122568884.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122435162.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007365841.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092868576.0000000003611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122435162.0000000000BCF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007252705.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122409277.0000000003621000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092959310.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BCC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/privacy_agreement/
          Source: file.exe, 00000002.00000003.1007252705.0000000000BCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122568884.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122435162.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007365841.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092868576.0000000003611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122435162.0000000000BCF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1030239572.0000000000BE6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1030329549.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007252705.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122409277.0000000003621000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092959310.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1123682305.0000000000BF9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BCC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/stats/
          Source: file.exe, 00000002.00000003.1007252705.0000000000BCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122568884.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122435162.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007365841.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092868576.0000000003611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122435162.0000000000BCF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007252705.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122409277.0000000003621000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092959310.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BCC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/steam_refunds/
          Source: file.exe, 00000002.00000003.1007252705.0000000000BCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122568884.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122435162.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007365841.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092868576.0000000003611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122435162.0000000000BCF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007252705.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122409277.0000000003621000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092959310.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BCC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/subscriber_agreement/
          Source: file.exe, 00000002.00000003.944637930.000000000362D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
          Source: file.exe, 00000002.00000003.944637930.000000000362D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
          Source: file.exe, 00000002.00000003.945342020.0000000000BF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_15d7e4b694824b33323940336fbf0bead57d89764383fe44
          Source: file.exe, 00000002.00000003.888824551.0000000003258000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/v20w
          Source: file.exe, 00000002.00000003.1007443009.0000000000B67000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
          Source: file.exe, 00000002.00000003.888824551.0000000003258000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_alldp.ico
          Source: file.exe, 00000002.00000003.1007443009.0000000000B67000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/recaptcha/
          Source: file.exe, 00000002.00000003.1007443009.0000000000B67000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.cn/recaptcha/
          Source: file.exe, 00000002.00000003.1007443009.0000000000B67000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/recaptcha/
          Source: file.exe, 00000002.00000003.945342020.0000000000BF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.invisalign.com/?utm_source=admarketplace&utm_medium=paidsearch&utm_campaign=Invisalign&u
          Source: file.exe, 00000002.00000003.944523945.0000000003264000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org
          Source: file.exe, 00000002.00000003.944637930.000000000362D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.0JoCxlq8ibGr
          Source: file.exe, 00000002.00000003.944637930.000000000362D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.Tgc_vjLFc3HK
          Source: file.exe, 00000002.00000003.944637930.000000000362D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
          Source: file.exe, 00000002.00000003.944637930.000000000362D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
          Source: file.exe, 00000002.00000003.1007252705.0000000000BCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092973498.0000000000B92000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1093067065.0000000000BA0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092868576.0000000003611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122435162.0000000000BCF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122409277.0000000003621000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122435162.0000000000BCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122584508.0000000000BA0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BCC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
          Source: file.exe, 00000002.00000003.1007443009.0000000000B67000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com
          Source: file.exe, 00000002.00000003.1007443009.0000000000B67000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49700
          Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49699 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49695 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49691 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49686 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49701 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49682 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49699
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49698
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49697
          Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49696
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49695
          Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49694
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49693
          Source: unknownNetwork traffic detected: HTTP traffic on port 49696 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49692
          Source: unknownNetwork traffic detected: HTTP traffic on port 49692 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49691
          Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49690
          Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49685 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49689 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49700 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
          Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49689
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49688
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49687
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49686
          Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49685
          Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49684
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49683
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49682
          Source: unknownNetwork traffic detected: HTTP traffic on port 49697 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49693 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49702 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49690 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49684 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49688 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
          Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
          Source: unknownNetwork traffic detected: HTTP traffic on port 49698 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
          Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
          Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49694 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49683 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49687 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
          Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49702
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49701
          Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.8:49682 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.8:49683 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 23.197.127.21:443 -> 192.168.2.8:49723 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.8:49724 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 23.197.127.21:443 -> 192.168.2.8:49727 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 23.197.127.21:443 -> 192.168.2.8:49731 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 23.197.127.21:443 -> 192.168.2.8:49733 version: TLS 1.2
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0043F410 OpenClipboard,GetClipboardData,GlobalLock,GetWindowRect,GlobalUnlock,CloseClipboard,2_2_0043F410
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0043F410 OpenClipboard,GetClipboardData,GlobalLock,GetWindowRect,GlobalUnlock,CloseClipboard,2_2_0043F410
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0043FE3C GetDC,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetCurrentObject,GetObjectW,DeleteObject,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,SelectObject,DeleteDC,ReleaseDC,DeleteObject,2_2_0043FE3C
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006A31F00_2_006A31F0
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006A36400_2_006A3640
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006CF0600_2_006CF060
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006A60700_2_006A6070
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006B40400_2_006B4040
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006BA8200_2_006BA820
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006B90200_2_006B9020
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006CA0200_2_006CA020
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006A10000_2_006A1000
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006BC0100_2_006BC010
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006D38130_2_006D3813
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006D00D00_2_006D00D0
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006A58A00_2_006A58A0
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006BE0A00_2_006BE0A0
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006A40800_2_006A4080
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006CD0800_2_006CD080
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006A80900_2_006A8090
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006B08900_2_006B0890
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006C38900_2_006C3890
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006D18900_2_006D1890
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006D31600_2_006D3160
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006AE1700_2_006AE170
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006A49400_2_006A4940
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006BC9400_2_006BC940
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006D29200_2_006D2920
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006EC9080_2_006EC908
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006C91000_2_006C9100
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006C01100_2_006C0110
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006BB1E00_2_006BB1E0
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006CF9B00_2_006CF9B0
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006B61800_2_006B6180
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006D6A540_2_006D6A54
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006C8A500_2_006C8A50
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006A52200_2_006A5220
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006A92200_2_006A9220
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006C52200_2_006C5220
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006C6A000_2_006C6A00
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006C82000_2_006C8200
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006C0A100_2_006C0A10
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006CF2E00_2_006CF2E0
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006B52C00_2_006B52C0
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006AF2D00_2_006AF2D0
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006AEAA00_2_006AEAA0
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006C9AB00_2_006C9AB0
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006A22800_2_006A2280
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006B42900_2_006B4290
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006BFB700_2_006BFB70
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006C13700_2_006C1370
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006A83400_2_006A8340
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006CEB400_2_006CEB40
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006C03500_2_006C0350
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006AB3000_2_006AB300
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006AC3100_2_006AC310
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006B73F00_2_006B73F0
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006BF3D00_2_006BF3D0
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006BABA00_2_006BABA0
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006A63900_2_006A6390
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006B33900_2_006B3390
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006C5C600_2_006C5C60
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006D34770_2_006D3477
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006A2C400_2_006A2C40
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006BEC400_2_006BEC40
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006C8C400_2_006C8C40
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006C84500_2_006C8450
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006A5C200_2_006A5C20
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006E14200_2_006E1420
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006DB41A0_2_006DB41A
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006BCCE00_2_006BCCE0
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006AE4C00_2_006AE4C0
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006B3CC00_2_006B3CC0
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006A54A00_2_006A54A0
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006A6C800_2_006A6C80
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006B64800_2_006B6480
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006C54800_2_006C5480
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006D24800_2_006D2480
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006B04900_2_006B0490
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006D3C900_2_006D3C90
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006BD5600_2_006BD560
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006B85400_2_006B8540
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006BDD500_2_006BDD50
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006CFD500_2_006CFD50
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006A7D300_2_006A7D30
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006AF5300_2_006AF530
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006AAD300_2_006AAD30
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006B95000_2_006B9500
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006D35C00_2_006D35C0
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006CF5D00_2_006CF5D0
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006B55B00_2_006B55B0
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006CEDB00_2_006CEDB0
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006A95800_2_006A9580
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006CDD800_2_006CDD80
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006A46600_2_006A4660
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006A86400_2_006A8640
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006B6E400_2_006B6E40
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006B7E500_2_006B7E50
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006B76200_2_006B7620
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006B0E200_2_006B0E20
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006D06200_2_006D0620
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006BB6300_2_006BB630
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006C96300_2_006C9630
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006B26F00_2_006B26F0
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006D1EF00_2_006D1EF0
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006BC6A00_2_006BC6A0
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006CB6800_2_006CB680
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006B2E900_2_006B2E90
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006C86900_2_006C8690
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006D2E900_2_006D2E90
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006BFF700_2_006BFF70
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006B97200_2_006B9720
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006AE7300_2_006AE730
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006C9F000_2_006C9F00
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006A9FF00_2_006A9FF0
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006A67D00_2_006A67D0
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006AB7800_2_006AB780
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006EE7820_2_006EE782
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006C0F800_2_006C0F80
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006A17900_2_006A1790
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006B67900_2_006B6790
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0041C8332_2_0041C833
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_004380C82_2_004380C8
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_004110F92_2_004110F9
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_004218902_2_00421890
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_004378B82_2_004378B8
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0040BA502_2_0040BA50
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00412AF82_2_00412AF8
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_004443002_2_00444300
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0042CBA02_2_0042CBA0
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_004283A02_2_004283A0
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0044C3A02_2_0044C3A0
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0041BCC02_2_0041BCC0
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00447DF02_2_00447DF0
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0042FE402_2_0042FE40
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0044CE102_2_0044CE10
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0040E6D02_2_0040E6D0
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00415EF92_2_00415EF9
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0040EFAE2_2_0040EFAE
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_004010402_2_00401040
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0041F0652_2_0041F065
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_004178702_2_00417870
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_004278302_2_00427830
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_004458302_2_00445830
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_004498322_2_00449832
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0040D9402_2_0040D940
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_004021402_2_00402140
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_004261502_2_00426150
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_004511502_2_00451150
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_004391602_2_00439160
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_004421682_2_00442168
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0040B9702_2_0040B970
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_004511702_2_00451170
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_004249002_2_00424900
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0042D92B2_2_0042D92B
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0045113C2_2_0045113C
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0040F9C02_2_0040F9C0
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_004139D02_2_004139D0
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0043B9F92_2_0043B9F9
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_004121852_2_00412185
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_004452502_2_00445250
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00429A702_2_00429A70
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0042020C2_2_0042020C
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00426A152_2_00426A15
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0041E21B2_2_0041E21B
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_004292C02_2_004292C0
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0044CAE02_2_0044CAE0
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00408A802_2_00408A80
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0044B2802_2_0044B280
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_004312902_2_00431290
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00445AA02_2_00445AA0
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_004512AC2_2_004512AC
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_004252B02_2_004252B0
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00402B502_2_00402B50
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0041C8332_2_0041C833
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0040C3202_2_0040C320
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0040A3202_2_0040A320
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00416B812_2_00416B81
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0044B3802_2_0044B380
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00411C5F2_2_00411C5F
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0042D4602_2_0042D460
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_004324072_2_00432407
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0043F4102_2_0043F410
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0042F4302_2_0042F430
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0043DC312_2_0043DC31
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_004384C32_2_004384C3
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0040D4D02_2_0040D4D0
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_004434DF2_2_004434DF
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0041DCDF2_2_0041DCDF
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0044B4F02_2_0044B4F0
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_004104832_2_00410483
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0042F4892_2_0042F489
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00424C902_2_00424C90
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0044BCB62_2_0044BCB6
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_004095402_2_00409540
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_004435402_2_00443540
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0043155F2_2_0043155F
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_004035602_2_00403560
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_004255602_2_00425560
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00413D092_2_00413D09
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0040AD202_2_0040AD20
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0043B5362_2_0043B536
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0041EDDC2_2_0041EDDC
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0044B5802_2_0044B580
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00420D902_2_00420D90
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00407DA02_2_00407DA0
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_004305B22_2_004305B2
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_004336402_2_00433640
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_004486502_2_00448650
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0043C6102_2_0043C610
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_004376272_2_00437627
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0044B6222_2_0044B622
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0040CE302_2_0040CE30
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00444ED02_2_00444ED0
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00445ED12_2_00445ED1
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_004326E02_2_004326E0
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_004386EC2_2_004386EC
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00430E932_2_00430E93
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00410EAB2_2_00410EAB
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00403F002_2_00403F00
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0043E7032_2_0043E703
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0041AF002_2_0041AF00
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0040C7102_2_0040C710
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_004367292_2_00436729
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0042D7302_2_0042D730
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00408FC02_2_00408FC0
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0044C7D02_2_0044C7D0
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_004047E22_2_004047E2
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_004437A02_2_004437A0
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006CF0602_2_006CF060
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006A60702_2_006A6070
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006B40402_2_006B4040
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006BA8202_2_006BA820
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006B90202_2_006B9020
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006CA0202_2_006CA020
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006A10002_2_006A1000
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006BC0102_2_006BC010
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006D38132_2_006D3813
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006D00D02_2_006D00D0
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006A58A02_2_006A58A0
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006BE0A02_2_006BE0A0
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006A40802_2_006A4080
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006CD0802_2_006CD080
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006A80902_2_006A8090
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006B08902_2_006B0890
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006C38902_2_006C3890
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006D18902_2_006D1890
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006D31602_2_006D3160
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006AE1702_2_006AE170
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006A49402_2_006A4940
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006BC9402_2_006BC940
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006D29202_2_006D2920
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006EC9082_2_006EC908
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006C91002_2_006C9100
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006C01102_2_006C0110
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006BB1E02_2_006BB1E0
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006A31F02_2_006A31F0
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006CF9B02_2_006CF9B0
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006B61802_2_006B6180
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006D6A542_2_006D6A54
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006C8A502_2_006C8A50
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006A52202_2_006A5220
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006A92202_2_006A9220
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006C52202_2_006C5220
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006C6A002_2_006C6A00
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006C82002_2_006C8200
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006C0A102_2_006C0A10
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006CF2E02_2_006CF2E0
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006B52C02_2_006B52C0
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006AF2D02_2_006AF2D0
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006AEAA02_2_006AEAA0
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006C9AB02_2_006C9AB0
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006A22802_2_006A2280
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006B42902_2_006B4290
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006BFB702_2_006BFB70
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006C13702_2_006C1370
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006A83402_2_006A8340
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006CEB402_2_006CEB40
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006C03502_2_006C0350
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006AB3002_2_006AB300
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006AC3102_2_006AC310
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006B73F02_2_006B73F0
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006BF3D02_2_006BF3D0
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006BABA02_2_006BABA0
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006A63902_2_006A6390
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006B33902_2_006B3390
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006C5C602_2_006C5C60
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006D34772_2_006D3477
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006A2C402_2_006A2C40
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006BEC402_2_006BEC40
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006C8C402_2_006C8C40
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006C84502_2_006C8450
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006A5C202_2_006A5C20
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006E14202_2_006E1420
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006DB41A2_2_006DB41A
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006BCCE02_2_006BCCE0
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006AE4C02_2_006AE4C0
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006B3CC02_2_006B3CC0
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006A54A02_2_006A54A0
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006A6C802_2_006A6C80
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006B64802_2_006B6480
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006C54802_2_006C5480
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006D24802_2_006D2480
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006B04902_2_006B0490
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006D3C902_2_006D3C90
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006BD5602_2_006BD560
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006B85402_2_006B8540
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006BDD502_2_006BDD50
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006CFD502_2_006CFD50
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006A7D302_2_006A7D30
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006AF5302_2_006AF530
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006AAD302_2_006AAD30
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006B95002_2_006B9500
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006D35C02_2_006D35C0
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006CF5D02_2_006CF5D0
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006B55B02_2_006B55B0
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006CEDB02_2_006CEDB0
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006A95802_2_006A9580
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006CDD802_2_006CDD80
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006A46602_2_006A4660
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006A86402_2_006A8640
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006A36402_2_006A3640
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006B6E402_2_006B6E40
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006B7E502_2_006B7E50
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006B76202_2_006B7620
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006B0E202_2_006B0E20
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006D06202_2_006D0620
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006BB6302_2_006BB630
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006C96302_2_006C9630
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006B26F02_2_006B26F0
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006D1EF02_2_006D1EF0
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006BC6A02_2_006BC6A0
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006CB6802_2_006CB680
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006B2E902_2_006B2E90
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006C86902_2_006C8690
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006D2E902_2_006D2E90
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006BFF702_2_006BFF70
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006B97202_2_006B9720
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006AE7302_2_006AE730
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006C9F002_2_006C9F00
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006A9FF02_2_006A9FF0
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006A67D02_2_006A67D0
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006AB7802_2_006AB780
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006EE7822_2_006EE782
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006C0F802_2_006C0F80
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006A17902_2_006A1790
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006B67902_2_006B6790
          Source: C:\Users\user\Desktop\file.exeCode function: String function: 006D6F60 appears 102 times
          Source: C:\Users\user\Desktop\file.exeCode function: String function: 0041AEF0 appears 102 times
          Source: C:\Users\user\Desktop\file.exeCode function: String function: 006DF1CC appears 46 times
          Source: C:\Users\user\Desktop\file.exeCode function: String function: 006E4014 appears 34 times
          Source: C:\Users\user\Desktop\file.exeCode function: String function: 0040B350 appears 52 times
          Source: file.exeStatic PE information: invalid certificate
          Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
          Source: file.exeStatic PE information: Section: .bss ZLIB complexity 1.0003231990014265
          Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@3/0@13/8
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00444300 CoCreateInstance,SysAllocString,CoSetProxyBlanket,SysAllocString,SysAllocString,VariantInit,VariantClear,SysFreeString,SysFreeString,SysFreeString,SysFreeString,GetVolumeInformationW,2_2_00444300
          Source: file.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: file.exe, 00000002.00000003.888771121.0000000000BD2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.888439094.0000000003245000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.917414747.000000000325B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
          Source: file.exeVirustotal: Detection: 58%
          Source: file.exeReversingLabs: Detection: 52%
          Source: C:\Users\user\Desktop\file.exeFile read: C:\Users\user\Desktop\file.exeJump to behavior
          Source: unknownProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
          Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
          Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"Jump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: apphelp.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: winhttp.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: webio.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: mswsock.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: iphlpapi.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: winnsi.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: dnsapi.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: rasadhlp.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: fwpuclnt.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: schannel.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: mskeyprotect.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: ntasn1.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: ncrypt.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: ncryptsslp.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: msasn1.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: cryptsp.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: rsaenh.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: cryptbase.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: gpapi.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: dpapi.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: wbemcomn.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: version.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: file.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006D711A push ecx; ret 0_2_006D712D
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00758FF1 push es; iretd 0_2_00758FF2
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_004513DA push edx; retf 2_2_004513FE
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_004554C9 push 00000000h; iretd 2_2_00455520
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00451648 pushad ; retf 2_2_00451689
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_0044F658 push cs; retf 2_2_0044F665
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_004517FC push ebx; ret 2_2_00451803
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006D711A push ecx; ret 2_2_006D712D
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00758FF1 push es; iretd 2_2_00758FF2
          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion

          barindex
          Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
          Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_VideoController
          Query firmware table information (likely to detect VMs)
          Source: C:\Users\user\Desktop\file.exeSystem information queried: FirmwareTableInformationJump to behavior
          Source: C:\Users\user\Desktop\file.exe TID: 5432Thread sleep time: -150000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\file.exe TID: 5432Thread sleep time: -30000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006E8ECE FindFirstFileExW,0_2_006E8ECE
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006E8F7F FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_006E8F7F
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006E8ECE FindFirstFileExW,2_2_006E8ECE
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006E8F7F FindFirstFileExW,FindNextFileW,FindClose,FindClose,2_2_006E8F7F
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\PackagesJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\PlaceholderTileLogoFolderJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\MozillaJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\PeerDistRepubJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\CommsJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
          Source: file.exe, 00000002.00000003.917613533.0000000003281000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: - GDCDYNVMware20,11696494690p
          Source: file.exe, 00000002.00000003.917613533.000000000327C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696494690
          Source: file.exe, 00000002.00000003.917613533.000000000327C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696494690f
          Source: file.exe, 00000002.00000003.917613533.000000000327C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696494690
          Source: file.exe, 00000002.00000003.917613533.000000000327C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696494690s
          Source: file.exe, 00000002.00000003.917613533.000000000327C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696494690p
          Source: file.exe, 00000002.00000003.917613533.000000000327C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696494690
          Source: file.exe, 00000002.00000003.917613533.000000000327C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696494690n
          Source: file.exe, 00000002.00000003.917613533.000000000327C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696494690
          Source: file.exe, 00000002.00000003.917613533.000000000327C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696494690
          Source: file.exe, 00000002.00000003.917613533.000000000327C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696494690d
          Source: file.exe, 00000002.00000003.917613533.000000000327C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696494690u
          Source: file.exe, 00000002.00000003.917613533.000000000327C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696494690t
          Source: file.exe, 00000002.00000003.1030347917.0000000000B4F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1093024878.0000000000B51000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.950882849.0000000000B4D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.951469889.0000000000B4F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1123242243.0000000000B1C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1123372934.0000000000B51000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
          Source: file.exe, 00000002.00000003.917613533.000000000327C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696494690}
          Source: file.exe, 00000002.00000003.917613533.000000000327C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696494690x
          Source: file.exe, 00000002.00000003.917613533.000000000327C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696494690^
          Source: file.exe, 00000002.00000003.917613533.000000000327C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696494690
          Source: file.exe, 00000002.00000003.917613533.000000000327C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696494690z
          Source: file.exe, 00000002.00000003.917613533.000000000327C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696494690h
          Source: file.exe, 00000002.00000003.917613533.000000000327C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696494690o
          Source: file.exe, 00000002.00000003.917613533.000000000327C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696494690~
          Source: file.exe, 00000002.00000003.917613533.000000000327C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696494690
          Source: file.exe, 00000002.00000003.917613533.000000000327C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696494690j
          Source: file.exe, 00000002.00000003.917613533.000000000327C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696494690
          Source: file.exe, 00000002.00000003.917613533.000000000327C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696494690t
          Source: file.exe, 00000002.00000003.1030347917.0000000000B4F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1093024878.0000000000B51000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.950882849.0000000000B4D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.951469889.0000000000B4F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1123372934.0000000000B51000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWAm
          Source: file.exe, 00000002.00000003.917613533.000000000327C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696494690x
          Source: file.exe, 00000002.00000003.917613533.000000000327C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696494690}
          Source: file.exe, 00000002.00000003.917613533.000000000327C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696494690
          Source: file.exe, 00000002.00000003.917613533.000000000327C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696494690]
          Source: file.exe, 00000002.00000003.917613533.000000000327C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696494690x
          Source: file.exe, 00000002.00000003.917613533.000000000327C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696494690
          Source: file.exe, 00000002.00000003.917613533.000000000327C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696494690|UE
          Source: C:\Users\user\Desktop\file.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_00449B30 LdrInitializeThunk,2_2_00449B30
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006D6DE8 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_006D6DE8
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006FF1B4 mov edi, dword ptr fs:[00000030h]0_2_006FF1B4
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006E490C GetProcessHeap,0_2_006E490C
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006D6A2C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_006D6A2C
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006D6DE8 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_006D6DE8
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006D6DDC SetUnhandledExceptionFilter,0_2_006D6DDC
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006DEF1E IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_006DEF1E
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006D6A2C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_006D6A2C
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006D6DE8 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_006D6DE8
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006D6DDC SetUnhandledExceptionFilter,2_2_006D6DDC
          Source: C:\Users\user\Desktop\file.exeCode function: 2_2_006DEF1E IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_006DEF1E

          HIPS / PFW / Operating System Protection Evasion

          barindex
          Contains functionality to inject code into remote processes
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006FF1B4 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,CreateProcessW,CreateProcessW,VirtualAlloc,VirtualAlloc,GetThreadContext,Wow64GetThreadContext,ReadProcessMemory,ReadProcessMemory,VirtualAllocEx,VirtualAllocEx,GetProcAddress,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,SetThreadContext,Wow64SetThreadContext,ResumeThread,ResumeThread,0_2_006FF1B4
          Injects a PE file into a foreign processes
          Source: C:\Users\user\Desktop\file.exeMemory written: C:\Users\user\Desktop\file.exe base: 400000 value starts with: 4D5AJump to behavior
          Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"Jump to behavior
          Source: C:\Users\user\Desktop\file.exeCode function: GetLocaleInfoW,0_2_006E88F6
          Source: C:\Users\user\Desktop\file.exeCode function: EnumSystemLocalesW,0_2_006E88AB
          Source: C:\Users\user\Desktop\file.exeCode function: EnumSystemLocalesW,0_2_006E41F7
          Source: C:\Users\user\Desktop\file.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,0_2_006E899D
          Source: C:\Users\user\Desktop\file.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,0_2_006E8238
          Source: C:\Users\user\Desktop\file.exeCode function: GetLocaleInfoW,0_2_006E8AA3
          Source: C:\Users\user\Desktop\file.exeCode function: GetLocaleInfoW,0_2_006E3CFC
          Source: C:\Users\user\Desktop\file.exeCode function: EnumSystemLocalesW,0_2_006E8489
          Source: C:\Users\user\Desktop\file.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,0_2_006E8524
          Source: C:\Users\user\Desktop\file.exeCode function: EnumSystemLocalesW,0_2_006E8777
          Source: C:\Users\user\Desktop\file.exeCode function: GetLocaleInfoW,0_2_006E87D6
          Source: C:\Users\user\Desktop\file.exeCode function: GetLocaleInfoW,2_2_006E88F6
          Source: C:\Users\user\Desktop\file.exeCode function: EnumSystemLocalesW,2_2_006E88AB
          Source: C:\Users\user\Desktop\file.exeCode function: EnumSystemLocalesW,2_2_006E41F7
          Source: C:\Users\user\Desktop\file.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,2_2_006E899D
          Source: C:\Users\user\Desktop\file.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,2_2_006E8238
          Source: C:\Users\user\Desktop\file.exeCode function: GetLocaleInfoW,2_2_006E8AA3
          Source: C:\Users\user\Desktop\file.exeCode function: GetLocaleInfoW,2_2_006E3CFC
          Source: C:\Users\user\Desktop\file.exeCode function: EnumSystemLocalesW,2_2_006E8489
          Source: C:\Users\user\Desktop\file.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,2_2_006E8524
          Source: C:\Users\user\Desktop\file.exeCode function: EnumSystemLocalesW,2_2_006E8777
          Source: C:\Users\user\Desktop\file.exeCode function: GetLocaleInfoW,2_2_006E87D6
          Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006D7827 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_006D7827
          Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
          Source: file.exe, 00000002.00000003.1030347917.0000000000B4F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1030462721.0000000000B35000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1123242243.0000000000B35000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
          Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

          Stealing of Sensitive Information

          barindex
          Yara detected LummaC Stealer
          Source: Yara matchFile source: Process Memory Space: file.exe PID: 6784, type: MEMORYSTR
          Found many strings related to Crypto-Wallets (likely being stolen)
          Source: file.exe, 00000002.00000003.1030347917.0000000000B4F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Wallets/Electrum
          Source: file.exe, 00000002.00000003.1030347917.0000000000B4F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Wallets/ElectronCash
          Source: file.exe, 00000002.00000003.1030347917.0000000000B4F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: window-state.json
          Source: file.exe, 00000002.00000002.1123459108.0000000000BA2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: :"cjelfplplebdjjenllpjcblmjkfcffne","ez":"Jaxx Liberty"},{"en":"fihkakfobkmkjojpchpfgcmhfjnmnfpi","ez":"^
          Source: file.exe, 00000002.00000003.951169747.0000000000B67000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %appdata%\Exodus\exodus.wallet
          Source: file.exe, 00000002.00000003.1030347917.0000000000B4F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: ExodusWeb3
          Source: file.exe, 00000002.00000003.1030347917.0000000000B4F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %appdata%\Ethereum
          Source: file.exe, 00000002.00000003.950882849.0000000000B2C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %localappdata%\Coinomi\Coinomi\wallets
          Source: file.exe, 00000002.00000003.950882849.0000000000B2C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: keystore
          Tries to harvest and steal browser information (history, passwords, etc)
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknnJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpakJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhiJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpaJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgikJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilcJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimnJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgnJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\places.sqliteJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgkJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoaddJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncgJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoaJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblbJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\cert9.dbJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdafJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclgJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkmJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\formhistory.sqliteJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhmJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbchJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpoJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\key4.dbJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbchJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmjJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflcJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjhJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolbJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbnJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnbaJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\logins.jsonJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcgeJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjihJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliofJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmonJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjpJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfeJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhaeJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopgJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjehJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdoJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchhJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimigJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappaflnJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbbJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdmaJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgefJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihohJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\ProfilesJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdilJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafaJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdmJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhadJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffneJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcelljJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkpJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneecJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdnoJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnknoJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfjJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcmJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolafJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For AccountJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\prefs.jsJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoaJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnidJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifbJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklkJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkldJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapacJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhkJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbmJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgppJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\abogmiocnneedmmepnohnhlijcjpcifdJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnmJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdphJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohaoJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfddJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaadJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfciJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbicJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemgJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpiJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\cookies.sqliteJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaocJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajbJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeapJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjkJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahdJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihdJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofecJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnfJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcjeJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkdJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbgJump to behavior
          Tries to harvest and steal ftp login credentials
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\FTPInfoJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\FTPGetterJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\FTPboxJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\FavoritesJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Conceptworld\NotezillaJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\FTPRushJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\ProgramData\SiteDesigner\3D-FTPJump to behavior
          Tries to steal Crypto Currency Wallets
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Ledger LiveJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldbJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\walletsJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\BinanceJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDBJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\walletsJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\walletsJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDBJump to behavior
          Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
          Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
          Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\GRXZDKKVDBJump to behavior
          Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\GRXZDKKVDBJump to behavior
          Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\LSBIHQFDVTJump to behavior
          Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\LSBIHQFDVTJump to behavior
          Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\PALRGUCVEHJump to behavior
          Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\PALRGUCVEHJump to behavior
          Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\QNCYCDFIJJJump to behavior
          Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\QNCYCDFIJJJump to behavior
          Source: Yara matchFile source: 00000002.00000003.951169747.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000003.950882849.0000000000B4D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: file.exe PID: 6784, type: MEMORYSTR

          Remote Access Functionality

          barindex
          Yara detected LummaC Stealer
          Source: Yara matchFile source: Process Memory Space: file.exe PID: 6784, type: MEMORYSTR

          Mitre Att&ck Matrix

          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
          Gather Victim Identity InformationAcquire InfrastructureValid Accounts12
          Windows Management Instrumentation          		1
          DLL Side-Loading          		211
          Process Injection          		21
          Virtualization/Sandbox Evasion          		2
          OS Credential Dumping          		1
          System Time Discovery          		Remote Services1
          Screen Capture          		21
          Encrypted Channel          		Exfiltration Over Other Network MediumAbuse Accessibility Features
          CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
          DLL Side-Loading          		211
          Process Injection          		LSASS Memory241
          Security Software Discovery          		Remote Desktop Protocol1
          Archive Collected Data          		1
          Ingress Tool Transfer          		Exfiltration Over BluetoothNetwork Denial of Service
          Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
          Deobfuscate/Decode Files or Information          		Security Account Manager21
          Virtualization/Sandbox Evasion          		SMB/Windows Admin Shares41
          Data from Local System          		3
          Non-Application Layer Protocol          		Automated ExfiltrationData Encrypted for Impact
          Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook3
          Obfuscated Files or Information          		NTDS1
          Process Discovery          		Distributed Component Object Model2
          Clipboard Data          		114
          Application Layer Protocol          		Traffic DuplicationData Destruction
          Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
          Software Packing          		LSA Secrets12
          File and Directory Discovery          		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
          Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
          DLL Side-Loading          		Cached Domain Credentials33
          System Information Discovery          		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          file.exe59%VirustotalBrowse
          file.exe53%ReversingLabsWin32.Exploit.LummaC
          file.exe100%AviraTR/Kryptik.jihlg

          Dropped Files

          No Antivirus matches

          Unpacked PE Files

          No Antivirus matches

          Domains

          No Antivirus matches

          URLs

          SourceDetectionScannerLabelLink
          https://guntac.bet:443/bSHsyZD0%Avira URL Cloudsafe
          https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696491991400800003.2&ci=1696491991993.0%Avira URL Cloudsafe
          https://www.gstatic.cn/recaptcha/0%Avira URL Cloudsafe
          https://citydisco.bet/gdJISAAAA0%Avira URL Cloudsafe
          https://community.fastlNN0%Avira URL Cloudsafe

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          steamcommunity.com
          		104.73.234.102
          		truefalse
            		high
            jowinjoinery.icu
            		188.114.97.3
            		truefalse
              		high
              citydisco.bet
              		188.114.96.3
              		truefalse
                		high
                weaponrywo.digital
                		104.21.32.1
                		truefalse
                  		unknown
                  legenassedk.top
                  		188.114.97.3
                  		truefalse
                    		high
                    htardwarehu.icu
                    		104.21.64.1
                    		truefalse
                      		high
                      bugildbett.top
                      		104.21.112.1
                      		truefalse
                        		high
                        crosshairc.life
                        		104.21.48.1
                        		truefalse
                          		high
                          mrodularmall.top
                          		104.21.112.1
                          		truefalse
                            		high
                            cjlaspcorne.icu
                            		104.21.112.1
                            		truefalse
                              		high
                              guntac.bet
                              		188.114.96.3
                              		truefalse
                                		unknown

                                Contacted URLs

                                NameMaliciousAntivirus DetectionReputation
                                bugildbett.top/bAuzfalse
                                  		high
                                  citydisco.bet/gdJISfalse
                                    		high
                                    crosshairc.life/dAnjhwfalse
                                      		high
                                      mrodularmall.top/aNzSfalse
                                        		high
                                        https://steamcommunity.com/profiles/76561199822375128false
                                          		high
                                          jowinjoinery.icu/bdWUafalse
                                            		high
                                            htardwarehu.icu/Sbdsafalse
                                              		high
                                              https://citydisco.bet/gdJISfalse
                                                		high

                                                URLs from Memory and Binaries

                                                NameSourceMaliciousAntivirus DetectionReputation
                                                https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.pngfile.exe, 00000002.00000003.1007252705.0000000000BCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122568884.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122435162.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007365841.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092868576.0000000003611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122435162.0000000000BCF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007252705.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122409277.0000000003621000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092959310.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BCC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://player.vimeo.comfile.exe, 00000002.00000003.1007443009.0000000000B67000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://duckduckgo.com/ac/?q=file.exe, 00000002.00000003.888824551.0000000003258000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://community.fastly.steamstatic.com/public/css/promo/summer2017/stickers.css?v=Ncr6N09yZIap&ampfile.exe, 00000002.00000003.1007252705.0000000000BCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007429111.0000000000BF5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007398974.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007252705.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007415004.0000000000BF2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://steamcommunity.com/?subsection=broadcastsfile.exe, 00000002.00000003.1007252705.0000000000BCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122568884.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122435162.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007365841.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092868576.0000000003611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122435162.0000000000BCF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007252705.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122409277.0000000003621000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092959310.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1123682305.0000000000BF9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BCC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://steamcommunity.com/5rVfile.exe, 00000002.00000003.1053420450.0000000000BE6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://store.steampowered.com/subscriber_agreement/file.exe, 00000002.00000003.1007252705.0000000000BCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122568884.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122435162.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007365841.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092868576.0000000003611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122435162.0000000000BCF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007252705.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122409277.0000000003621000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092959310.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BCC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://www.gstatic.cn/recaptcha/file.exe, 00000002.00000003.1007443009.0000000000B67000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://steamcommunity.com/profiles/76561199822375128/badgesfile.exe, 00000002.00000003.1007252705.0000000000BCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007319763.0000000000BAB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007382936.0000000000BA0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://steamcommunity.com/profiles/76561199822375128/inventory/file.exe, 00000002.00000003.1030347917.0000000000B4F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007252705.0000000000BCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1030555132.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007382936.0000000000BA0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007443009.0000000000B67000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://community.fastly.steamstatic.com/public/shared/jafile.exe, 00000002.00000002.1124144144.0000000003610000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://www.valvesoftware.com/legal.htmfile.exe, 00000002.00000003.1007252705.0000000000BCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122568884.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122435162.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007365841.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092868576.0000000003611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122435162.0000000000BCF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007252705.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122409277.0000000003621000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092959310.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BCC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://www.youtube.comfile.exe, 00000002.00000003.1007443009.0000000000B67000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://steamcommunity.com/login/home/?goto=profiles%2F76561199822375128file.exe, 00000002.00000003.1092895103.0000000000BCC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://www.google.comfile.exe, 00000002.00000003.1007443009.0000000000B67000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://steamcommunity.com:443/profiles/76561199822375128%file.exe, 00000002.00000003.1122515243.0000000000BAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092973498.0000000000BAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1123459108.0000000000BAE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedbackfile.exe, 00000002.00000003.1007252705.0000000000BCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092973498.0000000000B92000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1093067065.0000000000BA0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092868576.0000000003611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122435162.0000000000BCF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122409277.0000000003621000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122435162.0000000000BCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122584508.0000000000BA0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BCC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://community.fastly.steamstatic.com/public/javascript/webui/clientcom.js?v=whw8EcafG167&l=efile.exe, 00000002.00000003.1007252705.0000000000BCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007365841.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007252705.0000000000BEC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://community.fastlNNfile.exe, 00000002.00000003.1007429111.0000000000BF5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007398974.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007252705.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007415004.0000000000BF2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  		unknown
                                                                                  https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6file.exe, 00000002.00000003.1007252705.0000000000BCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092868576.0000000003611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122435162.0000000000BCF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122409277.0000000003621000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007319763.0000000000BAB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007382936.0000000000BA0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BCC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/file.exe, 00000002.00000003.1007443009.0000000000B67000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://community.fastly.steamstatic.com/public/javascript/global.js?v=cMt-H-zOgNUp&l=english&amfile.exe, 00000002.00000003.1007252705.0000000000BCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122568884.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122435162.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007365841.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122435162.0000000000BCF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007429111.0000000000BF5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007398974.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007252705.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007415004.0000000000BF2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1124144144.0000000003620000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092959310.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1124144144.000000000361A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000002.1124144144.0000000003610000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BCC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=PCCoCNLxwF4M&amfile.exe, 00000002.00000003.1093024878.0000000000B4F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007252705.0000000000BCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122568884.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122435162.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007365841.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092868576.0000000003611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122435162.0000000000BCF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007429111.0000000000BF5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007398974.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007252705.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007415004.0000000000BF2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122409277.0000000003621000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092959310.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1124144144.000000000361A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BCC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&l=englfile.exe, 00000002.00000003.1007415004.0000000000BF2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1124144144.0000000003620000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000002.1123242243.0000000000B4D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1124144144.000000000361A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000002.1124144144.0000000003610000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1093116818.0000000000BF2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://community.fastly.steamstatic.com/public/css/skin_1/profilev2.css?v=fe66ET2uI50l&l=englisfile.exe, 00000002.00000003.1007252705.0000000000BCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007429111.0000000000BF5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007398974.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007252705.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007415004.0000000000BF2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbCfile.exe, 00000002.00000003.1007252705.0000000000BCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122435162.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007365841.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122435162.0000000000BCF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007429111.0000000000BF5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007398974.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007252705.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007415004.0000000000BF2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1124144144.0000000003620000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000002.1123242243.0000000000B4D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1124144144.000000000361A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000002.1124144144.0000000003610000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BCC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://s.ytimg.com;file.exe, 00000002.00000003.1007443009.0000000000B67000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1file.exe, 00000002.00000003.1007252705.0000000000BCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092973498.0000000000B92000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092868576.0000000003611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122515243.0000000000BBE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122409277.0000000003621000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007382936.0000000000BA0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1123437052.0000000000B94000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1123537225.0000000000BBE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&l=english&file.exe, 00000002.00000003.1122617963.0000000000BF2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122435162.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1123657442.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122435162.0000000000BCF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007429111.0000000000BF5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007398974.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007252705.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007415004.0000000000BF2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1124144144.0000000003620000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000002.1123242243.0000000000B4D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1124144144.000000000361A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000002.1124144144.0000000003610000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1093116818.0000000000BF2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://community.fastly.steamstatic.com/file.exe, 00000002.00000003.1007443009.0000000000B67000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://community.fastly.steamstatic.com/public/css/skin_1/fatalerror.css?v=OFUqlcDNiD6y&l=englifile.exe, 00000002.00000003.1122617963.0000000000BF2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122435162.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1123657442.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122435162.0000000000BCF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1124144144.0000000003620000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000002.1123242243.0000000000B4D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1124144144.000000000361A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000002.1124144144.0000000003610000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1093116818.0000000000BF2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://steam.tv/file.exe, 00000002.00000003.1007443009.0000000000B67000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://community.fastly.steamstatic.com/public/javascript/promo/stickers.js?v=CcLRHsa04otQ&l=enfile.exe, 00000002.00000003.1007252705.0000000000BCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007365841.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007252705.0000000000BEC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              http://store.steampowered.com/privacy_agreement/file.exe, 00000002.00000003.1007252705.0000000000BCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092973498.0000000000B92000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092868576.0000000003611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122409277.0000000003621000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007382936.0000000000BA0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122435162.0000000000BCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1123437052.0000000000B94000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BCC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://community.fastly.steamstatic.comfile.exe, 00000002.00000003.1122617963.0000000000BF2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1123657442.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1093116818.0000000000BF2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://store.steampowered.com/points/shop/file.exe, 00000002.00000003.1007252705.0000000000BCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122568884.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122435162.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007365841.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092868576.0000000003611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122435162.0000000000BCF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1030239572.0000000000BE6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1030329549.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007252705.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122409277.0000000003621000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092959310.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1123682305.0000000000BF9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BCC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=file.exe, 00000002.00000003.888824551.0000000003258000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://crl.rootca1.amazontrust.com/rootca1.crl0file.exe, 00000002.00000003.943594035.0000000003268000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://community.fastly.steamstatic.com/public/javascfile.exe, 00000002.00000002.1123242243.0000000000B4D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://ocsp.rootca1.amazontrust.com0:file.exe, 00000002.00000003.943594035.0000000003268000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696491991400800003.2&ci=1696491991993.file.exe, 00000002.00000003.945342020.0000000000BF8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            • Avira URL Cloud: safe
                                                                                                                            		unknown
                                                                                                                            https://community.fastly.steamstatic.com/public/javascript/modalv2.js?v=zBXEuexVQ0FZ&l=english&afile.exe, 00000002.00000003.1007252705.0000000000BCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007365841.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007429111.0000000000BF5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007398974.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007252705.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007415004.0000000000BF2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://sketchfab.comfile.exe, 00000002.00000003.1007443009.0000000000B67000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://steamcommunity.com:443/profiles/76561199822375128file.exe, 00000002.00000002.1123459108.0000000000BAE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://lv.queniujq.cnfile.exe, 00000002.00000003.1007443009.0000000000B67000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-brfile.exe, 00000002.00000003.944637930.000000000362D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://www.youtube.com/file.exe, 00000002.00000003.1007443009.0000000000B67000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://store.steampowered.com/privacy_agreement/file.exe, 00000002.00000003.1007252705.0000000000BCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122568884.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122435162.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007365841.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092868576.0000000003611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122435162.0000000000BCF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007252705.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122409277.0000000003621000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092959310.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BCC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://community.fastly.steamstatic.com/public/css/skin_1/modalContent.css?v=WXAusLHclDIt&l=engfile.exe, 00000002.00000003.1007252705.0000000000BCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007429111.0000000000BF5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007398974.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007252705.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007415004.0000000000BF2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://steamcommunity.com/=rfile.exe, 00000002.00000003.942965550.0000000000BEB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.945746568.0000000000BE6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007398974.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007252705.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.942879187.0000000000BE6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.945498591.0000000000BE6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.945844284.0000000000BEB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://www.google.com/recaptcha/file.exe, 00000002.00000003.1007443009.0000000000B67000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://checkout.steampowered.com/file.exe, 00000002.00000003.1007443009.0000000000B67000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://guntac.bet:443/bSHsyZDfile.exe, 00000002.00000003.1030286347.0000000000BAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122515243.0000000000BAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092973498.0000000000BAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1123459108.0000000000BAE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                                  		unknown
                                                                                                                                                  https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpgfile.exe, 00000002.00000003.945342020.0000000000BF8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://steamcommunity.com/erfile.exe, 00000002.00000003.1122435162.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122649399.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1123605917.0000000000BEC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://gemini.google.com/app?q=file.exe, 00000002.00000003.888824551.0000000003258000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://store.steampowered.com/;file.exe, 00000002.00000003.1093024878.0000000000B51000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1123997285.0000000003249000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122666006.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007443009.0000000000B67000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://store.steampowered.com/about/file.exe, 00000002.00000003.1092895103.0000000000BCC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://steamcommunity.com/my/wishlist/file.exe, 00000002.00000003.1007252705.0000000000BCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122568884.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122435162.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007365841.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092868576.0000000003611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122435162.0000000000BCF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1030239572.0000000000BE6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1030329549.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007252705.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122409277.0000000003621000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092959310.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1123682305.0000000000BF9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BCC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://steamcommunity.com/profiles/76561199822375128Wfile.exe, 00000002.00000003.942965550.0000000000BEB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.942879187.0000000000BE6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&file.exe, 00000002.00000003.1007252705.0000000000BCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122617963.0000000000BF2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122435162.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1123657442.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122435162.0000000000BCF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007429111.0000000000BF5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007398974.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007252705.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007415004.0000000000BF2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1124144144.0000000003620000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000002.1123242243.0000000000B4D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1124144144.000000000361A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000002.1124144144.0000000003610000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1093116818.0000000000BF2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://steamcommunity.com/urfile.exe, 00000002.00000003.1122435162.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122649399.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1123605917.0000000000BEC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://steamloopback.hostfile.exe, 00000002.00000003.1007443009.0000000000B67000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://help.steampowered.com/en/file.exe, 00000002.00000003.1007252705.0000000000BCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122568884.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122435162.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007365841.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092868576.0000000003611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122435162.0000000000BCF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007252705.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122409277.0000000003621000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092959310.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1123682305.0000000000BF9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BCC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://steamcommunity.com/market/file.exe, 00000002.00000003.1007252705.0000000000BCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122568884.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122435162.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007365841.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092868576.0000000003611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122435162.0000000000BCF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007252705.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122409277.0000000003621000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092959310.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1123682305.0000000000BF9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BCC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://store.steampowered.com/news/file.exe, 00000002.00000003.1007252705.0000000000BCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122568884.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122435162.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007365841.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092868576.0000000003611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122435162.0000000000BCF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1030239572.0000000000BE6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1030329549.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007252705.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122409277.0000000003621000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092959310.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1123682305.0000000000BF9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BCC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://steamcommunity.com/mrfile.exe, 00000002.00000003.1122435162.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122649399.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1123605917.0000000000BEC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://steamcommunity.com/profiles/76561199822375128Tfile.exe, 00000002.00000003.1122515243.0000000000BBE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1123537225.0000000000BBE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://citydisco.bet/gdJISAAAAfile.exe, 00000002.00000003.917323221.0000000000BC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.917031305.0000000000BC5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                                                                		unknown
                                                                                                                                                                                https://steamcommunity.com/profiles/76561199822375128.36file.exe, 00000002.00000003.951169747.0000000000B67000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.950882849.0000000000B4D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007443009.0000000000B67000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=file.exe, 00000002.00000003.888824551.0000000003258000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    http://store.steampowered.com/subscriber_agreement/file.exe, 00000002.00000003.1007252705.0000000000BCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092973498.0000000000B92000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092868576.0000000003611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122409277.0000000003621000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007382936.0000000000BA0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122435162.0000000000BCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1123437052.0000000000B94000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BCC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pqX1CqX4pbW1pbWfpbZ7ReNxR3UIG8zInwYIFIVs9eYifile.exe, 00000002.00000003.945342020.0000000000BF8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.orgfile.exe, 00000002.00000003.1007252705.0000000000BCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092973498.0000000000B92000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092868576.0000000003611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122409277.0000000003621000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007382936.0000000000BA0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122435162.0000000000BCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1123437052.0000000000B94000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BCC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://recaptcha.net/recaptcha/;file.exe, 00000002.00000003.1007443009.0000000000B67000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=Eq36AUaEgab8&l=enfile.exe, 00000002.00000003.1007252705.0000000000BCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122617963.0000000000BF2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122435162.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1123657442.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122435162.0000000000BCF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007429111.0000000000BF5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007398974.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007252705.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007415004.0000000000BF2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1124144144.0000000003620000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000002.1123242243.0000000000B4D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1124144144.000000000361A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000002.1124144144.0000000003610000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1093116818.0000000000BF2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://steamcommunity.com/discussions/file.exe, 00000002.00000003.1007252705.0000000000BCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122568884.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122435162.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007365841.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092868576.0000000003611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122435162.0000000000BCF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007252705.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122409277.0000000003621000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092959310.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1123682305.0000000000BF9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BCC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=39xCfile.exe, 00000002.00000003.1007252705.0000000000BCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092868576.0000000003611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122435162.0000000000BCF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122409277.0000000003621000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007319763.0000000000BAB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007382936.0000000000BA0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BCC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  https://www.google.com/images/branding/product/ico/googleg_alldp.icofile.exe, 00000002.00000003.888824551.0000000003258000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    https://store.steampowered.com/stats/file.exe, 00000002.00000003.1007252705.0000000000BCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122568884.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122435162.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007365841.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092868576.0000000003611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122435162.0000000000BCF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1030239572.0000000000BE6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1030329549.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007252705.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122409277.0000000003621000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092959310.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1123682305.0000000000BF9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BCC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      https://community.fastly.steamstatic.com/public/css/globalv2.css?v=GlKQ1cghJWE2&l=english&_cfile.exe, 00000002.00000003.1007252705.0000000000BCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122617963.0000000000BF2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122435162.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1123657442.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122435162.0000000000BCF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007429111.0000000000BF5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007398974.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007252705.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007415004.0000000000BF2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1124144144.0000000003620000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000002.1123242243.0000000000B4D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1124144144.000000000361A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000002.1124144144.0000000003610000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1093116818.0000000000BF2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        https://medal.tvfile.exe, 00000002.00000003.1007443009.0000000000B67000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          https://broadcast.st.dl.eccdnx.comfile.exe, 00000002.00000003.1007443009.0000000000B67000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.pngfile.exe, 00000002.00000003.1007252705.0000000000BCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122568884.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122435162.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007365841.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092868576.0000000003611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122435162.0000000000BCF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007252705.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122409277.0000000003621000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092959310.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BCC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              		high
                                                                                                                                                                                                              https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&l=english&afile.exe, 00000002.00000003.1007252705.0000000000BCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122617963.0000000000BF2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122435162.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1123657442.0000000000BF3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122435162.0000000000BCF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007429111.0000000000BF5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007398974.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007252705.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007415004.0000000000BF2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1124144144.0000000003620000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000002.1123242243.0000000000B4D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1124144144.000000000361A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000002.1124144144.0000000003610000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1093116818.0000000000BF2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                		high
                                                                                                                                                                                                                https://store.steampowered.com/steam_refunds/file.exe, 00000002.00000003.1007252705.0000000000BCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122568884.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122435162.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007365841.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092868576.0000000003611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122435162.0000000000BCF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007252705.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122409277.0000000003621000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092959310.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BCC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                  http://x1.c.lencr.org/0file.exe, 00000002.00000003.943594035.0000000003268000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                    http://x1.i.lencr.org/0file.exe, 00000002.00000003.943594035.0000000003268000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                      https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchfile.exe, 00000002.00000003.888824551.0000000003258000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                        https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016file.exe, 00000002.00000003.1007252705.0000000000BCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122568884.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122435162.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007365841.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092868576.0000000003611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122435162.0000000000BCF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1030239572.0000000000BE6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1030329549.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007252705.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1122409277.0000000003621000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092959310.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1092895103.0000000000BCC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                          https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=J1-T6FXbrr0Z&afile.exe, 00000002.00000003.1092895103.0000000000BCC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                            https://community.fastly.steamstatic.com/public/javascript/reportedcontent.js?v=-lZqrarogJr8&l=efile.exe, 00000002.00000003.1007252705.0000000000BCC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007365841.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1007252705.0000000000BEC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                              		high

                                                                                                                                                                                                                              World Map of Contacted IPs

                                                                                                                                                                                                                              • No. of IPs < 25%
                                                                                                                                                                                                                              • 25% < No. of IPs < 50%
                                                                                                                                                                                                                              • 50% < No. of IPs < 75%
                                                                                                                                                                                                                              • 75% < No. of IPs

                                                                                                                                                                                                                              Public IPs

                                                                                                                                                                                                                              IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                              104.21.48.1
                                                                                                                                                                                                                              		crosshairc.lifeUnited States
                                                                                                                                                                                                                              		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                              104.21.112.1
                                                                                                                                                                                                                              		bugildbett.topUnited States
                                                                                                                                                                                                                              		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                              188.114.97.3
                                                                                                                                                                                                                              		jowinjoinery.icuEuropean Union
                                                                                                                                                                                                                              		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                              104.21.32.1
                                                                                                                                                                                                                              		weaponrywo.digitalUnited States
                                                                                                                                                                                                                              		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                              23.197.127.21
                                                                                                                                                                                                                              		unknownUnited States
                                                                                                                                                                                                                              		20940AKAMAI-ASN1EUfalse
                                                                                                                                                                                                                              188.114.96.3
                                                                                                                                                                                                                              		citydisco.betEuropean Union
                                                                                                                                                                                                                              		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                              104.21.64.1
                                                                                                                                                                                                                              		htardwarehu.icuUnited States
                                                                                                                                                                                                                              		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                              104.73.234.102
                                                                                                                                                                                                                              		steamcommunity.comUnited States
                                                                                                                                                                                                                              		16625AKAMAI-ASUSfalse

                                                                                                                                                                                                                              General Information

                                                                                                                                                                                                                              Joe Sandbox version:42.0.0 Malachite
                                                                                                                                                                                                                              Analysis ID:1637461
                                                                                                                                                                                                                              Start date and time:2025-03-13 16:49:50 +01:00
                                                                                                                                                                                                                              Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                              Overall analysis duration:0h 5m 58s
                                                                                                                                                                                                                              Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                              Report type:full
                                                                                                                                                                                                                              Cookbook file name:default.jbs
                                                                                                                                                                                                                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                              Number of analysed new started processes analysed:13
                                                                                                                                                                                                                              Number of new started drivers analysed:0
                                                                                                                                                                                                                              Number of existing processes analysed:0
                                                                                                                                                                                                                              Number of existing drivers analysed:0
                                                                                                                                                                                                                              Number of injected processes analysed:0
                                                                                                                                                                                                                              Technologies:
                                                                                                                                                                                                                              • HCA enabled
                                                                                                                                                                                                                              • EGA enabled
                                                                                                                                                                                                                              • AMSI enabled
                                                                                                                                                                                                                              Analysis Mode:default
                                                                                                                                                                                                                              Analysis stop reason:Timeout
                                                                                                                                                                                                                              Sample name:file.exe
                                                                                                                                                                                                                              Detection:MAL
                                                                                                                                                                                                                              Classification:mal100.troj.spyw.evad.winEXE@3/0@13/8
                                                                                                                                                                                                                              EGA Information:
                                                                                                                                                                                                                              • Successful, ratio: 100%
                                                                                                                                                                                                                              HCA Information:
                                                                                                                                                                                                                              • Successful, ratio: 96%
                                                                                                                                                                                                                              • Number of executed functions: 36
                                                                                                                                                                                                                              • Number of non-executed functions: 158
                                                                                                                                                                                                                              Cookbook Comments:
                                                                                                                                                                                                                              • Found application associated with file extension: .exe

                                                                                                                                                                                                                              Warnings

                                                                                                                                                                                                                              • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, sppsvc.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                                                                                                                                                                                                                              • Excluded IPs from analysis (whitelisted): 4.245.163.56, 2.16.185.191
                                                                                                                                                                                                                              • Excluded domains from analysis (whitelisted): fs.microsoft.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, c.pki.goog, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                                                              • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                              • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                              • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                              • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                                                                                                                                                              Simulations

                                                                                                                                                                                                                              Behavior and APIs

                                                                                                                                                                                                                              TimeTypeDescription
                                                                                                                                                                                                                              11:50:46API Interceptor7x Sleep call for process: file.exe modified

                                                                                                                                                                                                                              Joe Sandbox View / Context

                                                                                                                                                                                                                              IPs

                                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                              104.21.48.1345623.batGet hashmaliciousDBatLoader, FormBookBrowse
                                                                                                                                                                                                                              • www.shlomi.app/9rzh/
                                                                                                                                                                                                                              ySUB97Jq80.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                                                              • www.shlomi.app/9rzh/
                                                                                                                                                                                                                              hQaXUS5gt0.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                              • www.newanthoperso.shop/3nis/
                                                                                                                                                                                                                              6nA8ZygZLP.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                              • www.rbopisalive.cyou/2dxw/
                                                                                                                                                                                                                              UhuGtHUgHf.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                              • www.enoughmoney.online/z9gb/
                                                                                                                                                                                                                              Bill_of_Lading_20250307_pdf.bat.exeGet hashmaliciousLokibotBrowse
                                                                                                                                                                                                                              • touxzw.ir/sccc/five/fre.php
                                                                                                                                                                                                                              Stormwater Works Drawings Spec.jsGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                              • www.lucynoel6465.shop/jgkl/
                                                                                                                                                                                                                              Shipment Delivery No DE0093002-PDF.exeGet hashmaliciousLokibotBrowse
                                                                                                                                                                                                                              • touxzw.ir/tking3/five/fre.php
                                                                                                                                                                                                                              Remittance_CT022024.exeGet hashmaliciousLokibotBrowse
                                                                                                                                                                                                                              • touxzw.ir/fix/five/fre.php
                                                                                                                                                                                                                              http://microsoft-sharepoint4543464633.pages.dev/index-2jc93/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                              • microsoft-sharepoint4543464633.pages.dev/index-2jc93/
                                                                                                                                                                                                                              104.21.112.1CQDNwLUdY4.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                              • www.rbopisalive.cyou/2dxw/
                                                                                                                                                                                                                              sY8Sfsplzf.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                              • www.enoughmoney.online/z9gb/?TF-P7=zR3cIyonFbUCfX4wpKNWKHtg5/zg1+YcnXRNJ+yYPjA6661hsBw23FkDfEgtp7rlWUxdaFu+U4x0i75BG7d41DR1Eot6cYC6DrNKmQYa+SmymwWTrA==&Pv5=thT0rvC
                                                                                                                                                                                                                              gbdXRnNKkm.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                              • www.rbopisalive.cyou/a669/
                                                                                                                                                                                                                              JOB NO. AIQ8478.bat.exeGet hashmaliciousLokibotBrowse
                                                                                                                                                                                                                              • touxzw.ir/sccc/five/fre.php
                                                                                                                                                                                                                              jzqc1V4NqB.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                              • www.rbopisalive.cyou/a669/?WBuDj=rwARXV5iz9NY7lD2nse3mpYvX8mI8lq4kwoE5vm7VO31wBaqesAJuHozl9YZ6Ede+IkifZaE/LHkIUXetab9qlITGUdXxZLx5IMa8uxv5i9osOS22A==&Jzwht=FNiD
                                                                                                                                                                                                                              CP07E1clp1.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                              • www.fz977.xyz/406r/
                                                                                                                                                                                                                              2Stejb80vJ.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                              • www.askvtwv8.top/uztg/
                                                                                                                                                                                                                              Shipment_Docus_COSCO_20250307_35405649_pdf.bat.exeGet hashmaliciousLokibotBrowse
                                                                                                                                                                                                                              • touxzw.ir/sccc/five/fre.php
                                                                                                                                                                                                                              ORDER-000291-XLSX.exeGet hashmaliciousLokibotBrowse
                                                                                                                                                                                                                              • touxzw.ir/tking3/five/fre.php
                                                                                                                                                                                                                              Quotation_Order_Request_pdf.bat.exeGet hashmaliciousLokibotBrowse
                                                                                                                                                                                                                              • touxzw.ir/sccc/five/fre.php

                                                                                                                                                                                                                              Domains

                                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                              citydisco.betfile.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                              • 188.114.96.3
                                                                                                                                                                                                                              file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                              • 188.114.96.3
                                                                                                                                                                                                                              file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                              • 188.114.96.3
                                                                                                                                                                                                                              nvtoaldlrg.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                              • 188.114.97.3
                                                                                                                                                                                                                              SoftWare.exe1.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                              • 188.114.96.3
                                                                                                                                                                                                                              FortniteHack.exe1.exeGet hashmaliciousLummaC Stealer, XmrigBrowse
                                                                                                                                                                                                                              • 188.114.96.3
                                                                                                                                                                                                                              setupx 1.exe1.exeGet hashmaliciousLummaC Stealer, XmrigBrowse
                                                                                                                                                                                                                              • 188.114.97.3
                                                                                                                                                                                                                              Installer64x.exe1.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                              • 188.114.96.3
                                                                                                                                                                                                                              setupx 2.exe1.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                              • 188.114.96.3
                                                                                                                                                                                                                              ModMenu.exe1.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                              • 188.114.97.3
                                                                                                                                                                                                                              weaponrywo.digitalModMenu.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                              • 104.21.112.1
                                                                                                                                                                                                                              steamcommunity.comfile.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                              • 23.197.127.21
                                                                                                                                                                                                                              file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                              • 104.73.234.102
                                                                                                                                                                                                                              file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                              • 104.73.234.102
                                                                                                                                                                                                                              nvtoaldlrg.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                              • 104.73.234.102
                                                                                                                                                                                                                              script5.ps1Get hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                              • 23.197.127.21
                                                                                                                                                                                                                              https://stearncommmunity.com/profiles/52829086342741Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 23.197.127.21
                                                                                                                                                                                                                              https://sceanmcommnunmnlty.com/xroea/spwoe/zxiweGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 104.73.234.102
                                                                                                                                                                                                                              https://sceanmcommnunmnlty.com/sotep/aofpe/zoeprGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 104.73.234.102
                                                                                                                                                                                                                              http://gift50steam.com/50Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 104.73.234.102
                                                                                                                                                                                                                              L0erlgyZ6f.exeGet hashmaliciousAmadey, LummaC StealerBrowse
                                                                                                                                                                                                                              • 104.73.234.102
                                                                                                                                                                                                                              jowinjoinery.icufile.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                              • 188.114.97.3
                                                                                                                                                                                                                              nvtoaldlrg.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                              • 188.114.97.3
                                                                                                                                                                                                                              kmtsefjtjha.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                              • 188.114.97.3
                                                                                                                                                                                                                              CheatInjector.exe1.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                              • 188.114.96.3
                                                                                                                                                                                                                              L0erlgyZ6f.exeGet hashmaliciousAmadey, LummaC StealerBrowse
                                                                                                                                                                                                                              • 188.114.97.3
                                                                                                                                                                                                                              13s1HMkHKv.exeGet hashmaliciousAmadey, DarkVision Rat, Fallen Miner, LummaC StealerBrowse
                                                                                                                                                                                                                              • 188.114.96.3
                                                                                                                                                                                                                              ModMenu.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                              • 188.114.97.3
                                                                                                                                                                                                                              SpaceCheatFort.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                              • 188.114.96.3
                                                                                                                                                                                                                              noypjksdaw.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                              • 188.114.97.3
                                                                                                                                                                                                                              x1D44JHWDf.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                              • 188.114.97.3
                                                                                                                                                                                                                              legenassedk.topnvtoaldlrg.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                              • 188.114.96.3
                                                                                                                                                                                                                              L0erlgyZ6f.exeGet hashmaliciousAmadey, LummaC StealerBrowse
                                                                                                                                                                                                                              • 188.114.97.3
                                                                                                                                                                                                                              ModMenu.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                              • 188.114.97.3
                                                                                                                                                                                                                              SpaceCheatFort.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                              • 188.114.96.3
                                                                                                                                                                                                                              noypjksdaw.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                              • 188.114.96.3
                                                                                                                                                                                                                              x1D44JHWDf.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                              • 188.114.97.3
                                                                                                                                                                                                                              dawothjkjad.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                              • 188.114.97.3
                                                                                                                                                                                                                              dawothjkjad.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                              • 188.114.97.3
                                                                                                                                                                                                                              SecuriteInfo.com.Win32.MalwareX-gen.1567.5483.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                              • 188.114.96.3
                                                                                                                                                                                                                              download.php.exe.bin.exeGet hashmaliciousAmadey, DCRat, LummaC Stealer, PureLog Stealer, zgRATBrowse
                                                                                                                                                                                                                              • 188.114.96.3

                                                                                                                                                                                                                              ASNs

                                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                              CLOUDFLARENETUSfile.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                              • 188.114.96.3
                                                                                                                                                                                                                              file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                              • 188.114.96.3
                                                                                                                                                                                                                              file.exeGet hashmaliciousFallen Miner, XmrigBrowse
                                                                                                                                                                                                                              • 104.20.3.235
                                                                                                                                                                                                                              file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                              • 188.114.97.3
                                                                                                                                                                                                                              file.exeGet hashmaliciousMSIL Logger, MassLogger RATBrowse
                                                                                                                                                                                                                              • 104.21.96.1
                                                                                                                                                                                                                              file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                              • 188.114.96.3
                                                                                                                                                                                                                              file.exeGet hashmaliciousMSIL Logger, MassLogger RATBrowse
                                                                                                                                                                                                                              • 104.21.112.1
                                                                                                                                                                                                                              https://ctrk.klclick3.com/l/01JP5VPSP6JS7E5VAEC1KGWEB7_2Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 104.17.93.1
                                                                                                                                                                                                                              file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                              • 104.21.96.1
                                                                                                                                                                                                                              file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 104.21.64.1
                                                                                                                                                                                                                              CLOUDFLARENETUSfile.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                              • 188.114.96.3
                                                                                                                                                                                                                              file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                              • 188.114.96.3
                                                                                                                                                                                                                              file.exeGet hashmaliciousFallen Miner, XmrigBrowse
                                                                                                                                                                                                                              • 104.20.3.235
                                                                                                                                                                                                                              file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                              • 188.114.97.3
                                                                                                                                                                                                                              file.exeGet hashmaliciousMSIL Logger, MassLogger RATBrowse
                                                                                                                                                                                                                              • 104.21.96.1
                                                                                                                                                                                                                              file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                              • 188.114.96.3
                                                                                                                                                                                                                              file.exeGet hashmaliciousMSIL Logger, MassLogger RATBrowse
                                                                                                                                                                                                                              • 104.21.112.1
                                                                                                                                                                                                                              https://ctrk.klclick3.com/l/01JP5VPSP6JS7E5VAEC1KGWEB7_2Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 104.17.93.1
                                                                                                                                                                                                                              file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                              • 104.21.96.1
                                                                                                                                                                                                                              file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 104.21.64.1
                                                                                                                                                                                                                              CLOUDFLARENETUSfile.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                              • 188.114.96.3
                                                                                                                                                                                                                              file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                              • 188.114.96.3
                                                                                                                                                                                                                              file.exeGet hashmaliciousFallen Miner, XmrigBrowse
                                                                                                                                                                                                                              • 104.20.3.235
                                                                                                                                                                                                                              file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                              • 188.114.97.3
                                                                                                                                                                                                                              file.exeGet hashmaliciousMSIL Logger, MassLogger RATBrowse
                                                                                                                                                                                                                              • 104.21.96.1
                                                                                                                                                                                                                              file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                              • 188.114.96.3
                                                                                                                                                                                                                              file.exeGet hashmaliciousMSIL Logger, MassLogger RATBrowse
                                                                                                                                                                                                                              • 104.21.112.1
                                                                                                                                                                                                                              https://ctrk.klclick3.com/l/01JP5VPSP6JS7E5VAEC1KGWEB7_2Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 104.17.93.1
                                                                                                                                                                                                                              file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                              • 104.21.96.1
                                                                                                                                                                                                                              file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 104.21.64.1
                                                                                                                                                                                                                              CLOUDFLARENETUSfile.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                              • 188.114.96.3
                                                                                                                                                                                                                              file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                              • 188.114.96.3
                                                                                                                                                                                                                              file.exeGet hashmaliciousFallen Miner, XmrigBrowse
                                                                                                                                                                                                                              • 104.20.3.235
                                                                                                                                                                                                                              file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                              • 188.114.97.3
                                                                                                                                                                                                                              file.exeGet hashmaliciousMSIL Logger, MassLogger RATBrowse
                                                                                                                                                                                                                              • 104.21.96.1
                                                                                                                                                                                                                              file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                              • 188.114.96.3
                                                                                                                                                                                                                              file.exeGet hashmaliciousMSIL Logger, MassLogger RATBrowse
                                                                                                                                                                                                                              • 104.21.112.1
                                                                                                                                                                                                                              https://ctrk.klclick3.com/l/01JP5VPSP6JS7E5VAEC1KGWEB7_2Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 104.17.93.1
                                                                                                                                                                                                                              file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                              • 104.21.96.1
                                                                                                                                                                                                                              file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 104.21.64.1

                                                                                                                                                                                                                              JA3 Fingerprints

                                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                              a0e9f5d64349fb13191bc781f81f42e1file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                              • 23.197.127.21
                                                                                                                                                                                                                              • 188.114.96.3
                                                                                                                                                                                                                              file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                              • 23.197.127.21
                                                                                                                                                                                                                              • 188.114.96.3
                                                                                                                                                                                                                              file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                              • 23.197.127.21
                                                                                                                                                                                                                              • 188.114.96.3
                                                                                                                                                                                                                              file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                              • 23.197.127.21
                                                                                                                                                                                                                              • 188.114.96.3
                                                                                                                                                                                                                              file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                              • 23.197.127.21
                                                                                                                                                                                                                              • 188.114.96.3
                                                                                                                                                                                                                              file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                              • 23.197.127.21
                                                                                                                                                                                                                              • 188.114.96.3
                                                                                                                                                                                                                              file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 23.197.127.21
                                                                                                                                                                                                                              • 188.114.96.3
                                                                                                                                                                                                                              file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                              • 23.197.127.21
                                                                                                                                                                                                                              • 188.114.96.3
                                                                                                                                                                                                                              DropboxInstaller.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 23.197.127.21
                                                                                                                                                                                                                              • 188.114.96.3
                                                                                                                                                                                                                              DropboxInstaller.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              • 23.197.127.21
                                                                                                                                                                                                                              • 188.114.96.3

                                                                                                                                                                                                                              Dropped Files

                                                                                                                                                                                                                              No context

                                                                                                                                                                                                                              Created / dropped Files

                                                                                                                                                                                                                              No created / dropped files found

                                                                                                                                                                                                                              Static File Info

                                                                                                                                                                                                                              General

                                                                                                                                                                                                                              File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                              Entropy (8bit):7.567510617380908
                                                                                                                                                                                                                              TrID:
                                                                                                                                                                                                                              • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                              • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                              • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                              File name:file.exe
                                                                                                                                                                                                                              File size:775'488 bytes
                                                                                                                                                                                                                              MD5:b7d4565a9d634456b769b497ab240125
                                                                                                                                                                                                                              SHA1:895b664866ac5fb4e6b602f1525982e69f30c9e2
                                                                                                                                                                                                                              SHA256:8076fa4a81dc3069adfc7c9f902e6bded83edfc4131714d17f2528267789bc19
                                                                                                                                                                                                                              SHA512:ec4e8d7a41e45cebd50310a8164fc3997c1711c914f0cbf0314ab647f334ac0cc1af597293a11f78b0d50b1aeed5c91287794b616aa13ef198552fa2fc5efe99
                                                                                                                                                                                                                              SSDEEP:12288:GIJQ/s2kiatVPnIpbWiJ621POPAANU/Sc+e1RoKq/T/+Kc5fBzBS0+I4d0Z2cdyQ:7BnIpnJhdQAANeNboz/aKc5fr3l4dzcF
                                                                                                                                                                                                                              TLSH:3DF4D046BC91D0B3E91628B14D29E7C50C6B6B604F20C4FBBED89D646FB76E08932357
                                                                                                                                                                                                                              File Content Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L......g.............................w............@.......................................@.................................P...(..

                                                                                                                                                                                                                              File Icon

                                                                                                                                                                                                                              Icon Hash:90cececece8e8eb0

                                                                                                                                                                                                                              Static PE Info

                                                                                                                                                                                                                              General

                                                                                                                                                                                                                              Entrypoint:0x4377d2
                                                                                                                                                                                                                              Entrypoint Section:.text
                                                                                                                                                                                                                              Digitally signed:true
                                                                                                                                                                                                                              Imagebase:0x400000
                                                                                                                                                                                                                              Subsystem:windows gui
                                                                                                                                                                                                                              Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                                              DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                              Time Stamp:0x67D1BF1F [Wed Mar 12 17:06:39 2025 UTC]
                                                                                                                                                                                                                              TLS Callbacks:
                                                                                                                                                                                                                              CLR (.Net) Version:
                                                                                                                                                                                                                              OS Version Major:6
                                                                                                                                                                                                                              OS Version Minor:0
                                                                                                                                                                                                                              File Version Major:6
                                                                                                                                                                                                                              File Version Minor:0
                                                                                                                                                                                                                              Subsystem Version Major:6
                                                                                                                                                                                                                              Subsystem Version Minor:0
                                                                                                                                                                                                                              Import Hash:033c5f85fb620246315503dc218ebc8c

                                                                                                                                                                                                                              Authenticode Signature

                                                                                                                                                                                                                              Signature Valid:false
                                                                                                                                                                                                                              Signature Issuer:CN=Microsoft Code Signing PCA 2010, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
                                                                                                                                                                                                                              Signature Validation Error:The digital signature of the object did not verify
                                                                                                                                                                                                                              Error Number:-2146869232
                                                                                                                                                                                                                              Not Before, Not After
                                                                                                                                                                                                                              • 15/12/2020 22:24:20 02/12/2021 22:24:20
                                                                                                                                                                                                                              Subject Chain
                                                                                                                                                                                                                              • CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
                                                                                                                                                                                                                              Version:3
                                                                                                                                                                                                                              Thumbprint MD5:31F605F0D1D4BA54250DA5C719A8200C
                                                                                                                                                                                                                              Thumbprint SHA-1:E8C15B4C98AD91E051EE5AF5F524A8729050B2A2
                                                                                                                                                                                                                              Thumbprint SHA-256:22A3C23E08C7DBB4E7F4591E58C04285C0514C2894E3C418AD157D817D7EDF3C
                                                                                                                                                                                                                              Serial:33000003DE8D56825AF1A4A9670000000003DE

                                                                                                                                                                                                                              Entrypoint Preview

                                                                                                                                                                                                                              Instruction
                                                                                                                                                                                                                              call 00007F529986B82Ah
                                                                                                                                                                                                                              jmp 00007F529986B699h
                                                                                                                                                                                                                              mov ecx, dword ptr [0045F840h]
                                                                                                                                                                                                                              push esi
                                                                                                                                                                                                                              push edi
                                                                                                                                                                                                                              mov edi, BB40E64Eh
                                                                                                                                                                                                                              mov esi, FFFF0000h
                                                                                                                                                                                                                              cmp ecx, edi
                                                                                                                                                                                                                              je 00007F529986B826h
                                                                                                                                                                                                                              test esi, ecx
                                                                                                                                                                                                                              jne 00007F529986B848h
                                                                                                                                                                                                                              call 00007F529986B851h
                                                                                                                                                                                                                              mov ecx, eax
                                                                                                                                                                                                                              cmp ecx, edi
                                                                                                                                                                                                                              jne 00007F529986B829h
                                                                                                                                                                                                                              mov ecx, BB40E64Fh
                                                                                                                                                                                                                              jmp 00007F529986B830h
                                                                                                                                                                                                                              test esi, ecx
                                                                                                                                                                                                                              jne 00007F529986B82Ch
                                                                                                                                                                                                                              or eax, 00004711h
                                                                                                                                                                                                                              shl eax, 10h
                                                                                                                                                                                                                              or ecx, eax
                                                                                                                                                                                                                              mov dword ptr [0045F840h], ecx
                                                                                                                                                                                                                              not ecx
                                                                                                                                                                                                                              pop edi
                                                                                                                                                                                                                              mov dword ptr [0045F880h], ecx
                                                                                                                                                                                                                              pop esi
                                                                                                                                                                                                                              ret
                                                                                                                                                                                                                              push ebp
                                                                                                                                                                                                                              mov ebp, esp
                                                                                                                                                                                                                              sub esp, 14h
                                                                                                                                                                                                                              lea eax, dword ptr [ebp-0Ch]
                                                                                                                                                                                                                              xorps xmm0, xmm0
                                                                                                                                                                                                                              push eax
                                                                                                                                                                                                                              movlpd qword ptr [ebp-0Ch], xmm0
                                                                                                                                                                                                                              call dword ptr [0045C860h]
                                                                                                                                                                                                                              mov eax, dword ptr [ebp-08h]
                                                                                                                                                                                                                              xor eax, dword ptr [ebp-0Ch]
                                                                                                                                                                                                                              mov dword ptr [ebp-04h], eax
                                                                                                                                                                                                                              call dword ptr [0045C820h]
                                                                                                                                                                                                                              xor dword ptr [ebp-04h], eax
                                                                                                                                                                                                                              call dword ptr [0045C81Ch]
                                                                                                                                                                                                                              xor dword ptr [ebp-04h], eax
                                                                                                                                                                                                                              lea eax, dword ptr [ebp-14h]
                                                                                                                                                                                                                              push eax
                                                                                                                                                                                                                              call dword ptr [0045C8A8h]
                                                                                                                                                                                                                              mov eax, dword ptr [ebp-10h]
                                                                                                                                                                                                                              lea ecx, dword ptr [ebp-04h]
                                                                                                                                                                                                                              xor eax, dword ptr [ebp-14h]
                                                                                                                                                                                                                              xor eax, dword ptr [ebp-04h]
                                                                                                                                                                                                                              xor eax, ecx
                                                                                                                                                                                                                              leave
                                                                                                                                                                                                                              ret
                                                                                                                                                                                                                              mov eax, 00004000h
                                                                                                                                                                                                                              ret
                                                                                                                                                                                                                              push 004614D0h
                                                                                                                                                                                                                              call dword ptr [0045C880h]
                                                                                                                                                                                                                              ret
                                                                                                                                                                                                                              push 00030000h
                                                                                                                                                                                                                              push 00010000h
                                                                                                                                                                                                                              push 00000000h
                                                                                                                                                                                                                              call 00007F5299872375h
                                                                                                                                                                                                                              add esp, 0Ch

                                                                                                                                                                                                                              Data Directories

                                                                                                                                                                                                                              NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x5c6500x28.rdata
                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0xb90000x4540.bss
                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x630000x276c.reloc
                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_TLS0x58b280x18.rdata
                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x54f980xc0.rdata
                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_IAT0x5c7c00x148.rdata
                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                              Sections

                                                                                                                                                                                                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                              .text0x10000x52cc00x52e00b955d299ddc749adb9e2a9fa46e5dda4False0.5095947633861236data6.772334323063753IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                              .rdata0x540000xa1240xa200147c72eee2c66963ee69f82cf3610cb3False0.4244068287037037data4.908125312415663IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                              .data0x5f0000x2c9c0x1600eab85ca8d24299491f287a6faf9660e1False0.4069602272727273data4.744736283390186IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                              .tls0x620000x90x2001f354d76203061bfdd5a53dae48d5435False0.033203125data0.020393135236084953IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                              .reloc0x630000x276c0x2800ed7d506be2e46b9b1c8fde31ac68b654False0.7849609375data6.600494306172883IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                              .bss0x660000x57a000x57a0041b8163128c25210889882063c781b17False1.0003231990014265data7.999460106949404IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                                                                                                                                                                                                              Imports

                                                                                                                                                                                                                              DLLImport
                                                                                                                                                                                                                              KERNEL32.dllAcquireSRWLockExclusive, CloseHandle, CompareStringW, CreateFileW, DecodePointer, DeleteCriticalSection, EncodePointer, EnterCriticalSection, EnumSystemLocalesW, ExitProcess, FindClose, FindFirstFileExW, FindNextFileW, FlushFileBuffers, FreeEnvironmentStringsW, FreeLibrary, GetACP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetConsoleMode, GetConsoleOutputCP, GetCurrentProcess, GetCurrentProcessId, GetCurrentThreadId, GetEnvironmentStringsW, GetFileSizeEx, GetFileType, GetLastError, GetLocaleInfoW, GetModuleFileNameW, GetModuleHandleA, GetModuleHandleExW, GetModuleHandleW, GetOEMCP, GetProcAddress, GetProcessHeap, GetStartupInfoW, GetStdHandle, GetStringTypeW, GetSystemTimeAsFileTime, GetUserDefaultLCID, HeapAlloc, HeapFree, HeapReAlloc, HeapSize, InitializeCriticalSectionAndSpinCount, InitializeCriticalSectionEx, InitializeSListHead, IsDebuggerPresent, IsProcessorFeaturePresent, IsValidCodePage, IsValidLocale, LCMapStringEx, LCMapStringW, LeaveCriticalSection, LoadLibraryExW, MultiByteToWideChar, QueryPerformanceCounter, RaiseException, ReadConsoleW, ReadFile, ReleaseSRWLockExclusive, RtlUnwind, SetEndOfFile, SetEnvironmentVariableW, SetFilePointerEx, SetLastError, SetStdHandle, SetUnhandledExceptionFilter, SleepConditionVariableSRW, TerminateProcess, TlsAlloc, TlsFree, TlsGetValue, TlsSetValue, UnhandledExceptionFilter, WakeAllConditionVariable, WideCharToMultiByte, WriteConsoleW, WriteFile

                                                                                                                                                                                                                              Network Behavior

                                                                                                                                                                                                                              Suricata IDS Alerts

                                                                                                                                                                                                                              TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                              2025-03-13T16:50:39.942646+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.849699104.21.64.1443TCP
                                                                                                                                                                                                                              2025-03-13T16:50:39.942646+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.849708104.21.32.1443TCP
                                                                                                                                                                                                                              2025-03-13T16:50:39.942646+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.849684188.114.96.3443TCP
                                                                                                                                                                                                                              2025-03-13T16:50:39.942646+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.849717104.73.234.102443TCP
                                                                                                                                                                                                                              2025-03-13T16:50:39.942646+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.849702104.21.112.1443TCP
                                                                                                                                                                                                                              2025-03-13T16:50:39.942646+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.849690104.21.112.1443TCP
                                                                                                                                                                                                                              2025-03-13T16:50:39.942646+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.849693188.114.97.3443TCP
                                                                                                                                                                                                                              2025-03-13T16:50:39.942646+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.849714104.73.234.102443TCP
                                                                                                                                                                                                                              2025-03-13T16:50:39.942646+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.849720104.73.234.102443TCP
                                                                                                                                                                                                                              2025-03-13T16:50:39.942646+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.849711104.73.234.102443TCP
                                                                                                                                                                                                                              2025-03-13T16:50:39.942646+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.849687104.21.48.1443TCP
                                                                                                                                                                                                                              2025-03-13T16:50:39.942646+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.849705104.21.112.1443TCP
                                                                                                                                                                                                                              2025-03-13T16:50:39.942646+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.849696188.114.97.3443TCP
                                                                                                                                                                                                                              2025-03-13T16:50:45.797007+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.849682188.114.96.3443TCP
                                                                                                                                                                                                                              2025-03-13T16:50:48.889982+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.849683188.114.96.3443TCP
                                                                                                                                                                                                                              2025-03-13T16:50:57.063905+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.84972323.197.127.21443TCP
                                                                                                                                                                                                                              2025-03-13T16:51:00.531465+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.849724188.114.96.3443TCP
                                                                                                                                                                                                                              2025-03-13T16:51:03.758619+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.84972723.197.127.21443TCP
                                                                                                                                                                                                                              2025-03-13T16:51:06.715043+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.84973123.197.127.21443TCP
                                                                                                                                                                                                                              2025-03-13T16:51:08.145988+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.84973223.197.127.21443TCP
                                                                                                                                                                                                                              2025-03-13T16:51:09.644822+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.84973323.197.127.21443TCP

                                                                                                                                                                                                                              Network Port Distribution

                                                                                                                                                                                                                              TCP Packets

                                                                                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                              Mar 13, 2025 16:50:44.189563036 CET49682443192.168.2.8188.114.96.3
                                                                                                                                                                                                                              Mar 13, 2025 16:50:44.189605951 CET44349682188.114.96.3192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:44.189754963 CET49682443192.168.2.8188.114.96.3
                                                                                                                                                                                                                              Mar 13, 2025 16:50:44.194327116 CET49682443192.168.2.8188.114.96.3
                                                                                                                                                                                                                              Mar 13, 2025 16:50:44.194349051 CET44349682188.114.96.3192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:45.796941042 CET44349682188.114.96.3192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:45.797007084 CET49682443192.168.2.8188.114.96.3
                                                                                                                                                                                                                              Mar 13, 2025 16:50:45.847989082 CET49682443192.168.2.8188.114.96.3
                                                                                                                                                                                                                              Mar 13, 2025 16:50:45.848007917 CET44349682188.114.96.3192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:45.848400116 CET44349682188.114.96.3192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:45.895704031 CET49682443192.168.2.8188.114.96.3
                                                                                                                                                                                                                              Mar 13, 2025 16:50:46.025229931 CET49682443192.168.2.8188.114.96.3
                                                                                                                                                                                                                              Mar 13, 2025 16:50:46.025229931 CET49682443192.168.2.8188.114.96.3
                                                                                                                                                                                                                              Mar 13, 2025 16:50:46.025376081 CET44349682188.114.96.3192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:46.900170088 CET44349682188.114.96.3192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:46.900333881 CET44349682188.114.96.3192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:46.900453091 CET44349682188.114.96.3192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:46.900456905 CET49682443192.168.2.8188.114.96.3
                                                                                                                                                                                                                              Mar 13, 2025 16:50:46.900479078 CET44349682188.114.96.3192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:46.900523901 CET49682443192.168.2.8188.114.96.3
                                                                                                                                                                                                                              Mar 13, 2025 16:50:46.900552034 CET44349682188.114.96.3192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:46.900691032 CET44349682188.114.96.3192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:46.900777102 CET49682443192.168.2.8188.114.96.3
                                                                                                                                                                                                                              Mar 13, 2025 16:50:46.900789976 CET44349682188.114.96.3192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:46.942578077 CET49682443192.168.2.8188.114.96.3
                                                                                                                                                                                                                              Mar 13, 2025 16:50:46.952847004 CET44349682188.114.96.3192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:46.954478025 CET44349682188.114.96.3192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:46.954561949 CET49682443192.168.2.8188.114.96.3
                                                                                                                                                                                                                              Mar 13, 2025 16:50:46.954570055 CET44349682188.114.96.3192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:46.986517906 CET44349682188.114.96.3192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:46.986613989 CET49682443192.168.2.8188.114.96.3
                                                                                                                                                                                                                              Mar 13, 2025 16:50:46.986627102 CET44349682188.114.96.3192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:47.036328077 CET49682443192.168.2.8188.114.96.3
                                                                                                                                                                                                                              Mar 13, 2025 16:50:47.126231909 CET44349682188.114.96.3192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:47.126319885 CET44349682188.114.96.3192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:47.126430035 CET49682443192.168.2.8188.114.96.3
                                                                                                                                                                                                                              Mar 13, 2025 16:50:47.127345085 CET49682443192.168.2.8188.114.96.3
                                                                                                                                                                                                                              Mar 13, 2025 16:50:47.127367973 CET44349682188.114.96.3192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:47.127404928 CET49682443192.168.2.8188.114.96.3
                                                                                                                                                                                                                              Mar 13, 2025 16:50:47.127412081 CET44349682188.114.96.3192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:47.351648092 CET49683443192.168.2.8188.114.96.3
                                                                                                                                                                                                                              Mar 13, 2025 16:50:47.351705074 CET44349683188.114.96.3192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:47.351780891 CET49683443192.168.2.8188.114.96.3
                                                                                                                                                                                                                              Mar 13, 2025 16:50:47.352123976 CET49683443192.168.2.8188.114.96.3
                                                                                                                                                                                                                              Mar 13, 2025 16:50:47.352139950 CET44349683188.114.96.3192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:48.889890909 CET44349683188.114.96.3192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:48.889981985 CET49683443192.168.2.8188.114.96.3
                                                                                                                                                                                                                              Mar 13, 2025 16:50:48.891330004 CET49683443192.168.2.8188.114.96.3
                                                                                                                                                                                                                              Mar 13, 2025 16:50:48.891349077 CET44349683188.114.96.3192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:48.891616106 CET44349683188.114.96.3192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:48.892934084 CET49683443192.168.2.8188.114.96.3
                                                                                                                                                                                                                              Mar 13, 2025 16:50:48.893086910 CET49683443192.168.2.8188.114.96.3
                                                                                                                                                                                                                              Mar 13, 2025 16:50:48.893120050 CET44349683188.114.96.3192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:50.098822117 CET44349683188.114.96.3192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:50.098927975 CET44349683188.114.96.3192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:50.099073887 CET49683443192.168.2.8188.114.96.3
                                                                                                                                                                                                                              Mar 13, 2025 16:50:50.099153042 CET49683443192.168.2.8188.114.96.3
                                                                                                                                                                                                                              Mar 13, 2025 16:50:50.099173069 CET44349683188.114.96.3192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:50.228431940 CET49684443192.168.2.8188.114.96.3
                                                                                                                                                                                                                              Mar 13, 2025 16:50:50.228478909 CET44349684188.114.96.3192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:50.228576899 CET49684443192.168.2.8188.114.96.3
                                                                                                                                                                                                                              Mar 13, 2025 16:50:50.228884935 CET49684443192.168.2.8188.114.96.3
                                                                                                                                                                                                                              Mar 13, 2025 16:50:50.228900909 CET44349684188.114.96.3192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:51.497987032 CET44349684188.114.96.3192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:51.498452902 CET49685443192.168.2.8188.114.96.3
                                                                                                                                                                                                                              Mar 13, 2025 16:50:51.498493910 CET44349685188.114.96.3192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:51.498558998 CET49685443192.168.2.8188.114.96.3
                                                                                                                                                                                                                              Mar 13, 2025 16:50:51.499047041 CET49685443192.168.2.8188.114.96.3
                                                                                                                                                                                                                              Mar 13, 2025 16:50:51.499058008 CET44349685188.114.96.3192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:51.500166893 CET44349685188.114.96.3192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:51.500503063 CET49686443192.168.2.8188.114.96.3
                                                                                                                                                                                                                              Mar 13, 2025 16:50:51.500534058 CET44349686188.114.96.3192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:51.500628948 CET49686443192.168.2.8188.114.96.3
                                                                                                                                                                                                                              Mar 13, 2025 16:50:51.501246929 CET49686443192.168.2.8188.114.96.3
                                                                                                                                                                                                                              Mar 13, 2025 16:50:51.501281023 CET44349686188.114.96.3192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:51.501385927 CET49686443192.168.2.8188.114.96.3
                                                                                                                                                                                                                              Mar 13, 2025 16:50:51.517606974 CET49687443192.168.2.8104.21.48.1
                                                                                                                                                                                                                              Mar 13, 2025 16:50:51.517633915 CET44349687104.21.48.1192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:51.517700911 CET49687443192.168.2.8104.21.48.1
                                                                                                                                                                                                                              Mar 13, 2025 16:50:51.518196106 CET49687443192.168.2.8104.21.48.1
                                                                                                                                                                                                                              Mar 13, 2025 16:50:51.518209934 CET44349687104.21.48.1192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:51.518837929 CET44349687104.21.48.1192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:51.519224882 CET49688443192.168.2.8104.21.48.1
                                                                                                                                                                                                                              Mar 13, 2025 16:50:51.519244909 CET44349688104.21.48.1192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:51.519296885 CET49688443192.168.2.8104.21.48.1
                                                                                                                                                                                                                              Mar 13, 2025 16:50:51.519587040 CET49688443192.168.2.8104.21.48.1
                                                                                                                                                                                                                              Mar 13, 2025 16:50:51.519597054 CET44349688104.21.48.1192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:51.520025969 CET44349688104.21.48.1192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:51.520396948 CET49689443192.168.2.8104.21.48.1
                                                                                                                                                                                                                              Mar 13, 2025 16:50:51.520428896 CET44349689104.21.48.1192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:51.520489931 CET49689443192.168.2.8104.21.48.1
                                                                                                                                                                                                                              Mar 13, 2025 16:50:51.520667076 CET49689443192.168.2.8104.21.48.1
                                                                                                                                                                                                                              Mar 13, 2025 16:50:51.520701885 CET44349689104.21.48.1192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:51.520747900 CET49689443192.168.2.8104.21.48.1
                                                                                                                                                                                                                              Mar 13, 2025 16:50:51.824595928 CET49690443192.168.2.8104.21.112.1
                                                                                                                                                                                                                              Mar 13, 2025 16:50:51.824645996 CET44349690104.21.112.1192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:51.824732065 CET49690443192.168.2.8104.21.112.1
                                                                                                                                                                                                                              Mar 13, 2025 16:50:51.825107098 CET49690443192.168.2.8104.21.112.1
                                                                                                                                                                                                                              Mar 13, 2025 16:50:51.825115919 CET44349690104.21.112.1192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:51.826333046 CET44349690104.21.112.1192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:51.826667070 CET49691443192.168.2.8104.21.112.1
                                                                                                                                                                                                                              Mar 13, 2025 16:50:51.826705933 CET44349691104.21.112.1192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:51.826780081 CET49691443192.168.2.8104.21.112.1
                                                                                                                                                                                                                              Mar 13, 2025 16:50:51.827032089 CET49691443192.168.2.8104.21.112.1
                                                                                                                                                                                                                              Mar 13, 2025 16:50:51.827044010 CET44349691104.21.112.1192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:51.827477932 CET44349691104.21.112.1192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:51.827743053 CET49692443192.168.2.8104.21.112.1
                                                                                                                                                                                                                              Mar 13, 2025 16:50:51.827775955 CET44349692104.21.112.1192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:51.827877045 CET49692443192.168.2.8104.21.112.1
                                                                                                                                                                                                                              Mar 13, 2025 16:50:51.827986956 CET49692443192.168.2.8104.21.112.1
                                                                                                                                                                                                                              Mar 13, 2025 16:50:51.828015089 CET44349692104.21.112.1192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:51.828068018 CET49692443192.168.2.8104.21.112.1
                                                                                                                                                                                                                              Mar 13, 2025 16:50:51.875950098 CET49693443192.168.2.8188.114.97.3
                                                                                                                                                                                                                              Mar 13, 2025 16:50:51.875972033 CET44349693188.114.97.3192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:51.876063108 CET49693443192.168.2.8188.114.97.3
                                                                                                                                                                                                                              Mar 13, 2025 16:50:51.876435995 CET49693443192.168.2.8188.114.97.3
                                                                                                                                                                                                                              Mar 13, 2025 16:50:51.876447916 CET44349693188.114.97.3192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:51.877151966 CET44349693188.114.97.3192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:51.877474070 CET49694443192.168.2.8188.114.97.3
                                                                                                                                                                                                                              Mar 13, 2025 16:50:51.877491951 CET44349694188.114.97.3192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:51.877548933 CET49694443192.168.2.8188.114.97.3
                                                                                                                                                                                                                              Mar 13, 2025 16:50:51.877938986 CET49694443192.168.2.8188.114.97.3
                                                                                                                                                                                                                              Mar 13, 2025 16:50:51.877947092 CET44349694188.114.97.3192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:51.878427029 CET44349694188.114.97.3192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:51.878707886 CET49695443192.168.2.8188.114.97.3
                                                                                                                                                                                                                              Mar 13, 2025 16:50:51.878731966 CET44349695188.114.97.3192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:51.878778934 CET49695443192.168.2.8188.114.97.3
                                                                                                                                                                                                                              Mar 13, 2025 16:50:51.878917933 CET49695443192.168.2.8188.114.97.3
                                                                                                                                                                                                                              Mar 13, 2025 16:50:51.878948927 CET44349695188.114.97.3192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:51.879010916 CET49695443192.168.2.8188.114.97.3
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.256602049 CET49696443192.168.2.8188.114.97.3
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.256656885 CET44349696188.114.97.3192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.256854057 CET49696443192.168.2.8188.114.97.3
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.257132053 CET49696443192.168.2.8188.114.97.3
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.257148027 CET44349696188.114.97.3192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.257844925 CET44349696188.114.97.3192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.258321047 CET49697443192.168.2.8188.114.97.3
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.258375883 CET44349697188.114.97.3192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.258579969 CET49697443192.168.2.8188.114.97.3
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.258730888 CET49697443192.168.2.8188.114.97.3
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.258750916 CET44349697188.114.97.3192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.259126902 CET44349697188.114.97.3192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.259382963 CET49698443192.168.2.8188.114.97.3
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.259411097 CET44349698188.114.97.3192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.259485960 CET49698443192.168.2.8188.114.97.3
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.259608030 CET49698443192.168.2.8188.114.97.3
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.259638071 CET44349698188.114.97.3192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.259687901 CET49698443192.168.2.8188.114.97.3
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.285919905 CET49699443192.168.2.8104.21.64.1
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.285978079 CET44349699104.21.64.1192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.286185980 CET49699443192.168.2.8104.21.64.1
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.286705971 CET49699443192.168.2.8104.21.64.1
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.286724091 CET44349699104.21.64.1192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.287436008 CET44349699104.21.64.1192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.287760019 CET49700443192.168.2.8104.21.64.1
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.287802935 CET44349700104.21.64.1192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.287862062 CET49700443192.168.2.8104.21.64.1
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.288119078 CET49700443192.168.2.8104.21.64.1
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.288131952 CET44349700104.21.64.1192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.288515091 CET44349700104.21.64.1192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.288778067 CET49701443192.168.2.8104.21.64.1
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.288825035 CET44349701104.21.64.1192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.288887978 CET49701443192.168.2.8104.21.64.1
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.289020061 CET49701443192.168.2.8104.21.64.1
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.289048910 CET44349701104.21.64.1192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.289113998 CET49701443192.168.2.8104.21.64.1
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.316121101 CET49702443192.168.2.8104.21.112.1
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.316167116 CET44349702104.21.112.1192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.316266060 CET49702443192.168.2.8104.21.112.1
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.316643953 CET49702443192.168.2.8104.21.112.1
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.316663027 CET44349702104.21.112.1192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.317065954 CET44349702104.21.112.1192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.317384958 CET49703443192.168.2.8104.21.112.1
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.317406893 CET44349703104.21.112.1192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.317498922 CET49703443192.168.2.8104.21.112.1
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.317971945 CET49703443192.168.2.8104.21.112.1
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.317985058 CET44349703104.21.112.1192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.318334103 CET44349703104.21.112.1192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.318675995 CET49704443192.168.2.8104.21.112.1
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.318703890 CET44349704104.21.112.1192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.318886995 CET49704443192.168.2.8104.21.112.1
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.319036961 CET49704443192.168.2.8104.21.112.1
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.319523096 CET44349704104.21.112.1192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.319632053 CET49704443192.168.2.8104.21.112.1
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.674786091 CET49705443192.168.2.8104.21.112.1
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.674840927 CET44349705104.21.112.1192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.674916029 CET49705443192.168.2.8104.21.112.1
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.675259113 CET49705443192.168.2.8104.21.112.1
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.675271034 CET44349705104.21.112.1192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.676008940 CET44349705104.21.112.1192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.676290989 CET49706443192.168.2.8104.21.112.1
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.676342010 CET44349706104.21.112.1192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.676398993 CET49706443192.168.2.8104.21.112.1
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.676630974 CET49706443192.168.2.8104.21.112.1
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.676641941 CET44349706104.21.112.1192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.677067995 CET44349706104.21.112.1192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.677496910 CET49707443192.168.2.8104.21.112.1
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.677537918 CET44349707104.21.112.1192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.677598000 CET49707443192.168.2.8104.21.112.1
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.677791119 CET49707443192.168.2.8104.21.112.1
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.677818060 CET44349707104.21.112.1192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.677870035 CET49707443192.168.2.8104.21.112.1
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.695204020 CET49708443192.168.2.8104.21.32.1
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.695255041 CET44349708104.21.32.1192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.695333004 CET49708443192.168.2.8104.21.32.1
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.695696115 CET49708443192.168.2.8104.21.32.1
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.695713043 CET44349708104.21.32.1192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.696449041 CET44349708104.21.32.1192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.696820021 CET49709443192.168.2.8104.21.32.1
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.696866035 CET44349709104.21.32.1192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.696952105 CET49709443192.168.2.8104.21.32.1
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.697232962 CET49709443192.168.2.8104.21.32.1
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.697257996 CET44349709104.21.32.1192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.697654963 CET44349709104.21.32.1192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.698003054 CET49710443192.168.2.8104.21.32.1
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.698028088 CET44349710104.21.32.1192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.698077917 CET49710443192.168.2.8104.21.32.1
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.698242903 CET49710443192.168.2.8104.21.32.1
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.698271036 CET44349710104.21.32.1192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.698316097 CET49710443192.168.2.8104.21.32.1
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.706772089 CET49711443192.168.2.8104.73.234.102
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.706809998 CET44349711104.73.234.102192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.706876993 CET49711443192.168.2.8104.73.234.102
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.707194090 CET49711443192.168.2.8104.73.234.102
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.707211971 CET44349711104.73.234.102192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.707767010 CET44349711104.73.234.102192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.708142042 CET49712443192.168.2.8104.73.234.102
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.708169937 CET44349712104.73.234.102192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.708218098 CET49712443192.168.2.8104.73.234.102
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.708762884 CET49712443192.168.2.8104.73.234.102
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.708775043 CET44349712104.73.234.102192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.709156036 CET44349712104.73.234.102192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.709527016 CET49713443192.168.2.8104.73.234.102
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.709556103 CET44349713104.73.234.102192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.709620953 CET49713443192.168.2.8104.73.234.102
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.709805965 CET49713443192.168.2.8104.73.234.102
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.709831953 CET44349713104.73.234.102192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.709882021 CET49713443192.168.2.8104.73.234.102
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.712331057 CET49714443192.168.2.8104.73.234.102
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.712368011 CET44349714104.73.234.102192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.712445974 CET49714443192.168.2.8104.73.234.102
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.712683916 CET49714443192.168.2.8104.73.234.102
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.712697983 CET44349714104.73.234.102192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.713040113 CET44349714104.73.234.102192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.713421106 CET49715443192.168.2.8104.73.234.102
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.713454008 CET44349715104.73.234.102192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.713515043 CET49715443192.168.2.8104.73.234.102
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.713751078 CET49715443192.168.2.8104.73.234.102
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.713763952 CET44349715104.73.234.102192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.714097023 CET44349715104.73.234.102192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.714462996 CET49716443192.168.2.8104.73.234.102
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.714473009 CET44349716104.73.234.102192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.714525938 CET49716443192.168.2.8104.73.234.102
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.714677095 CET49716443192.168.2.8104.73.234.102
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.714708090 CET44349716104.73.234.102192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.714750051 CET49716443192.168.2.8104.73.234.102
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.966342926 CET49717443192.168.2.8104.73.234.102
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.966397047 CET44349717104.73.234.102192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.966454983 CET49717443192.168.2.8104.73.234.102
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.966793060 CET49717443192.168.2.8104.73.234.102
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.966804981 CET44349717104.73.234.102192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.967477083 CET44349717104.73.234.102192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.967777967 CET49718443192.168.2.8104.73.234.102
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.967809916 CET44349718104.73.234.102192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.967885017 CET49718443192.168.2.8104.73.234.102
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.968102932 CET49718443192.168.2.8104.73.234.102
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.968120098 CET44349718104.73.234.102192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.968497992 CET44349718104.73.234.102192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.968735933 CET49719443192.168.2.8104.73.234.102
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.968782902 CET44349719104.73.234.102192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.968828917 CET49719443192.168.2.8104.73.234.102
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.968952894 CET49719443192.168.2.8104.73.234.102
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.968986034 CET44349719104.73.234.102192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.969032049 CET49719443192.168.2.8104.73.234.102
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.970012903 CET49720443192.168.2.8104.73.234.102
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.970046043 CET44349720104.73.234.102192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.970117092 CET49720443192.168.2.8104.73.234.102
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.970341921 CET49720443192.168.2.8104.73.234.102
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.970364094 CET44349720104.73.234.102192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.970711946 CET44349720104.73.234.102192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.971010923 CET49721443192.168.2.8104.73.234.102
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.971055031 CET44349721104.73.234.102192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.971117020 CET49721443192.168.2.8104.73.234.102
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.971335888 CET49721443192.168.2.8104.73.234.102
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.971349955 CET44349721104.73.234.102192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.971673965 CET44349721104.73.234.102192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.971895933 CET49722443192.168.2.8104.73.234.102
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.971929073 CET44349722104.73.234.102192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.971972942 CET49722443192.168.2.8104.73.234.102
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.972085953 CET49722443192.168.2.8104.73.234.102
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.972117901 CET44349722104.73.234.102192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.972160101 CET49722443192.168.2.8104.73.234.102
                                                                                                                                                                                                                              Mar 13, 2025 16:50:54.267585993 CET49723443192.168.2.823.197.127.21
                                                                                                                                                                                                                              Mar 13, 2025 16:50:54.267633915 CET4434972323.197.127.21192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:54.268235922 CET49723443192.168.2.823.197.127.21
                                                                                                                                                                                                                              Mar 13, 2025 16:50:54.268531084 CET49723443192.168.2.823.197.127.21
                                                                                                                                                                                                                              Mar 13, 2025 16:50:54.268551111 CET4434972323.197.127.21192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:57.063811064 CET4434972323.197.127.21192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:57.063905001 CET49723443192.168.2.823.197.127.21
                                                                                                                                                                                                                              Mar 13, 2025 16:50:57.067373037 CET49723443192.168.2.823.197.127.21
                                                                                                                                                                                                                              Mar 13, 2025 16:50:57.067397118 CET4434972323.197.127.21192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:57.067660093 CET4434972323.197.127.21192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:57.069298029 CET49723443192.168.2.823.197.127.21
                                                                                                                                                                                                                              Mar 13, 2025 16:50:57.112333059 CET4434972323.197.127.21192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:58.916193008 CET4434972323.197.127.21192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:58.916234016 CET4434972323.197.127.21192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:58.916250944 CET4434972323.197.127.21192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:58.916311026 CET49723443192.168.2.823.197.127.21
                                                                                                                                                                                                                              Mar 13, 2025 16:50:58.916342974 CET4434972323.197.127.21192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:58.916371107 CET49723443192.168.2.823.197.127.21
                                                                                                                                                                                                                              Mar 13, 2025 16:50:58.916398048 CET49723443192.168.2.823.197.127.21
                                                                                                                                                                                                                              Mar 13, 2025 16:50:59.026717901 CET4434972323.197.127.21192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:59.026777029 CET4434972323.197.127.21192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:59.026818991 CET49723443192.168.2.823.197.127.21
                                                                                                                                                                                                                              Mar 13, 2025 16:50:59.026839972 CET4434972323.197.127.21192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:59.026875019 CET49723443192.168.2.823.197.127.21
                                                                                                                                                                                                                              Mar 13, 2025 16:50:59.104634047 CET4434972323.197.127.21192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:59.104681969 CET4434972323.197.127.21192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:59.104703903 CET49723443192.168.2.823.197.127.21
                                                                                                                                                                                                                              Mar 13, 2025 16:50:59.104717970 CET4434972323.197.127.21192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:59.104733944 CET4434972323.197.127.21192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:59.104741096 CET49723443192.168.2.823.197.127.21
                                                                                                                                                                                                                              Mar 13, 2025 16:50:59.104794025 CET49723443192.168.2.823.197.127.21
                                                                                                                                                                                                                              Mar 13, 2025 16:50:59.149755001 CET49723443192.168.2.823.197.127.21
                                                                                                                                                                                                                              Mar 13, 2025 16:50:59.149790049 CET4434972323.197.127.21192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:59.149805069 CET49723443192.168.2.823.197.127.21
                                                                                                                                                                                                                              Mar 13, 2025 16:50:59.149811983 CET4434972323.197.127.21192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:59.186475992 CET49724443192.168.2.8188.114.96.3
                                                                                                                                                                                                                              Mar 13, 2025 16:50:59.186520100 CET44349724188.114.96.3192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:59.186599970 CET49724443192.168.2.8188.114.96.3
                                                                                                                                                                                                                              Mar 13, 2025 16:50:59.186948061 CET49724443192.168.2.8188.114.96.3
                                                                                                                                                                                                                              Mar 13, 2025 16:50:59.186960936 CET44349724188.114.96.3192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:51:00.531359911 CET44349724188.114.96.3192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:51:00.531465054 CET49724443192.168.2.8188.114.96.3
                                                                                                                                                                                                                              Mar 13, 2025 16:51:00.533027887 CET49724443192.168.2.8188.114.96.3
                                                                                                                                                                                                                              Mar 13, 2025 16:51:00.533039093 CET44349724188.114.96.3192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:51:00.533289909 CET44349724188.114.96.3192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:51:00.534425020 CET49724443192.168.2.8188.114.96.3
                                                                                                                                                                                                                              Mar 13, 2025 16:51:00.534553051 CET49724443192.168.2.8188.114.96.3
                                                                                                                                                                                                                              Mar 13, 2025 16:51:00.534570932 CET44349724188.114.96.3192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:51:01.376427889 CET44349724188.114.96.3192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:51:01.376658916 CET49724443192.168.2.8188.114.96.3
                                                                                                                                                                                                                              Mar 13, 2025 16:51:01.891612053 CET49727443192.168.2.823.197.127.21
                                                                                                                                                                                                                              Mar 13, 2025 16:51:01.891658068 CET4434972723.197.127.21192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:51:01.891733885 CET49727443192.168.2.823.197.127.21
                                                                                                                                                                                                                              Mar 13, 2025 16:51:01.892026901 CET49727443192.168.2.823.197.127.21
                                                                                                                                                                                                                              Mar 13, 2025 16:51:01.892039061 CET4434972723.197.127.21192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:51:03.758543968 CET4434972723.197.127.21192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:51:03.758619070 CET49727443192.168.2.823.197.127.21
                                                                                                                                                                                                                              Mar 13, 2025 16:51:03.766321898 CET49727443192.168.2.823.197.127.21
                                                                                                                                                                                                                              Mar 13, 2025 16:51:03.766345024 CET4434972723.197.127.21192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:51:03.766590118 CET4434972723.197.127.21192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:51:03.782210112 CET49727443192.168.2.823.197.127.21
                                                                                                                                                                                                                              Mar 13, 2025 16:51:03.828325033 CET4434972723.197.127.21192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:51:04.854252100 CET4434972723.197.127.21192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:51:04.854285002 CET4434972723.197.127.21192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:51:04.854319096 CET49727443192.168.2.823.197.127.21
                                                                                                                                                                                                                              Mar 13, 2025 16:51:04.854362965 CET4434972723.197.127.21192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:51:04.854413033 CET4434972723.197.127.21192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:51:04.854427099 CET49727443192.168.2.823.197.127.21
                                                                                                                                                                                                                              Mar 13, 2025 16:51:04.854434013 CET49727443192.168.2.823.197.127.21
                                                                                                                                                                                                                              Mar 13, 2025 16:51:04.854465008 CET49727443192.168.2.823.197.127.21
                                                                                                                                                                                                                              Mar 13, 2025 16:51:04.964049101 CET4434972723.197.127.21192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:51:04.964128971 CET49727443192.168.2.823.197.127.21
                                                                                                                                                                                                                              Mar 13, 2025 16:51:04.964159012 CET4434972723.197.127.21192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:51:04.964200020 CET4434972723.197.127.21192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:51:04.964252949 CET49727443192.168.2.823.197.127.21
                                                                                                                                                                                                                              Mar 13, 2025 16:51:04.995531082 CET4434972723.197.127.21192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:51:04.995598078 CET49727443192.168.2.823.197.127.21
                                                                                                                                                                                                                              Mar 13, 2025 16:51:04.995628119 CET4434972723.197.127.21192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:51:04.995646000 CET4434972723.197.127.21192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:51:04.995738029 CET49727443192.168.2.823.197.127.21
                                                                                                                                                                                                                              Mar 13, 2025 16:51:04.995762110 CET49727443192.168.2.823.197.127.21
                                                                                                                                                                                                                              Mar 13, 2025 16:51:04.995775938 CET4434972723.197.127.21192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:51:04.995785952 CET49727443192.168.2.823.197.127.21
                                                                                                                                                                                                                              Mar 13, 2025 16:51:04.995790958 CET4434972723.197.127.21192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:51:04.997323990 CET49731443192.168.2.823.197.127.21
                                                                                                                                                                                                                              Mar 13, 2025 16:51:04.997381926 CET4434973123.197.127.21192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:51:04.997463942 CET49731443192.168.2.823.197.127.21
                                                                                                                                                                                                                              Mar 13, 2025 16:51:04.997781038 CET49731443192.168.2.823.197.127.21
                                                                                                                                                                                                                              Mar 13, 2025 16:51:04.997798920 CET4434973123.197.127.21192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:51:06.714929104 CET4434973123.197.127.21192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:51:06.715043068 CET49731443192.168.2.823.197.127.21
                                                                                                                                                                                                                              Mar 13, 2025 16:51:06.716403008 CET49731443192.168.2.823.197.127.21
                                                                                                                                                                                                                              Mar 13, 2025 16:51:06.716413975 CET4434973123.197.127.21192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:51:06.716679096 CET4434973123.197.127.21192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:51:06.725522995 CET49731443192.168.2.823.197.127.21
                                                                                                                                                                                                                              Mar 13, 2025 16:51:06.772316933 CET4434973123.197.127.21192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:51:07.630546093 CET4434973123.197.127.21192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:51:07.630578041 CET4434973123.197.127.21192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:51:07.630593061 CET4434973123.197.127.21192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:51:07.630641937 CET49731443192.168.2.823.197.127.21
                                                                                                                                                                                                                              Mar 13, 2025 16:51:07.630670071 CET4434973123.197.127.21192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:51:07.630702972 CET49731443192.168.2.823.197.127.21
                                                                                                                                                                                                                              Mar 13, 2025 16:51:07.630733967 CET49731443192.168.2.823.197.127.21
                                                                                                                                                                                                                              Mar 13, 2025 16:51:07.712960005 CET4434973123.197.127.21192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:51:07.713088989 CET4434973123.197.127.21192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:51:07.713134050 CET49731443192.168.2.823.197.127.21
                                                                                                                                                                                                                              Mar 13, 2025 16:51:07.713191032 CET49731443192.168.2.823.197.127.21
                                                                                                                                                                                                                              Mar 13, 2025 16:51:07.713366032 CET49731443192.168.2.823.197.127.21
                                                                                                                                                                                                                              Mar 13, 2025 16:51:07.713387012 CET4434973123.197.127.21192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:51:07.713399887 CET49731443192.168.2.823.197.127.21
                                                                                                                                                                                                                              Mar 13, 2025 16:51:07.713407040 CET4434973123.197.127.21192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:51:07.757925034 CET49732443192.168.2.823.197.127.21
                                                                                                                                                                                                                              Mar 13, 2025 16:51:07.757962942 CET4434973223.197.127.21192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:51:07.758057117 CET49732443192.168.2.823.197.127.21
                                                                                                                                                                                                                              Mar 13, 2025 16:51:07.758341074 CET49732443192.168.2.823.197.127.21
                                                                                                                                                                                                                              Mar 13, 2025 16:51:07.758354902 CET4434973223.197.127.21192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:51:08.145987988 CET49732443192.168.2.823.197.127.21
                                                                                                                                                                                                                              Mar 13, 2025 16:51:08.147620916 CET49733443192.168.2.823.197.127.21
                                                                                                                                                                                                                              Mar 13, 2025 16:51:08.147671938 CET4434973323.197.127.21192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:51:08.147783995 CET49733443192.168.2.823.197.127.21
                                                                                                                                                                                                                              Mar 13, 2025 16:51:08.148063898 CET49733443192.168.2.823.197.127.21
                                                                                                                                                                                                                              Mar 13, 2025 16:51:08.148075104 CET4434973323.197.127.21192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:51:09.644675016 CET4434973323.197.127.21192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:51:09.644821882 CET49733443192.168.2.823.197.127.21
                                                                                                                                                                                                                              Mar 13, 2025 16:51:09.646377087 CET49733443192.168.2.823.197.127.21
                                                                                                                                                                                                                              Mar 13, 2025 16:51:09.646390915 CET4434973323.197.127.21192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:51:09.646636009 CET4434973323.197.127.21192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:51:09.648083925 CET49733443192.168.2.823.197.127.21
                                                                                                                                                                                                                              Mar 13, 2025 16:51:09.692329884 CET4434973323.197.127.21192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:51:10.580548048 CET4434973323.197.127.21192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:51:10.580621958 CET4434973323.197.127.21192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:51:10.580665112 CET4434973323.197.127.21192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:51:10.580708981 CET49733443192.168.2.823.197.127.21
                                                                                                                                                                                                                              Mar 13, 2025 16:51:10.580730915 CET4434973323.197.127.21192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:51:10.580753088 CET49733443192.168.2.823.197.127.21
                                                                                                                                                                                                                              Mar 13, 2025 16:51:10.580787897 CET49733443192.168.2.823.197.127.21
                                                                                                                                                                                                                              Mar 13, 2025 16:51:10.664323092 CET4434973323.197.127.21192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:51:10.664380074 CET4434973323.197.127.21192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:51:10.664453983 CET49733443192.168.2.823.197.127.21
                                                                                                                                                                                                                              Mar 13, 2025 16:51:10.664472103 CET4434973323.197.127.21192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:51:10.664516926 CET49733443192.168.2.823.197.127.21
                                                                                                                                                                                                                              Mar 13, 2025 16:51:10.667515993 CET4434973323.197.127.21192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:51:10.667581081 CET49733443192.168.2.823.197.127.21
                                                                                                                                                                                                                              Mar 13, 2025 16:51:10.667587996 CET4434973323.197.127.21192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:51:10.667635918 CET49733443192.168.2.823.197.127.21
                                                                                                                                                                                                                              Mar 13, 2025 16:51:10.667640924 CET4434973323.197.127.21192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:51:10.667663097 CET49733443192.168.2.823.197.127.21
                                                                                                                                                                                                                              Mar 13, 2025 16:51:10.667700052 CET4434973323.197.127.21192.168.2.8

                                                                                                                                                                                                                              UDP Packets

                                                                                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                              Mar 13, 2025 16:50:44.167203903 CET6231553192.168.2.81.1.1.1
                                                                                                                                                                                                                              Mar 13, 2025 16:50:44.181704044 CET53623151.1.1.1192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:51.502306938 CET5454953192.168.2.81.1.1.1
                                                                                                                                                                                                                              Mar 13, 2025 16:50:51.516741037 CET53545491.1.1.1192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:51.521652937 CET6357553192.168.2.81.1.1.1
                                                                                                                                                                                                                              Mar 13, 2025 16:50:51.823621988 CET53635751.1.1.1192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:51.828933001 CET6204153192.168.2.81.1.1.1
                                                                                                                                                                                                                              Mar 13, 2025 16:50:51.875003099 CET53620411.1.1.1192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:51.879767895 CET5743753192.168.2.81.1.1.1
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.255280018 CET53574371.1.1.1192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.260503054 CET6142453192.168.2.81.1.1.1
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.284948111 CET53614241.1.1.1192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.289894104 CET6427753192.168.2.81.1.1.1
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.315159082 CET53642771.1.1.1192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.319736958 CET5214153192.168.2.81.1.1.1
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.673763990 CET53521411.1.1.1192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.678654909 CET5537053192.168.2.81.1.1.1
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.694344044 CET53553701.1.1.1192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.699363947 CET5390353192.168.2.81.1.1.1
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.705996037 CET53539031.1.1.1192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:54.260126114 CET4998853192.168.2.81.1.1.1
                                                                                                                                                                                                                              Mar 13, 2025 16:50:54.266773939 CET53499881.1.1.1192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:50:59.175462961 CET6398153192.168.2.81.1.1.1
                                                                                                                                                                                                                              Mar 13, 2025 16:50:59.185751915 CET53639811.1.1.1192.168.2.8
                                                                                                                                                                                                                              Mar 13, 2025 16:51:07.749839067 CET5339153192.168.2.81.1.1.1
                                                                                                                                                                                                                              Mar 13, 2025 16:51:07.757247925 CET53533911.1.1.1192.168.2.8

                                                                                                                                                                                                                              DNS Queries

                                                                                                                                                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                              Mar 13, 2025 16:50:44.167203903 CET192.168.2.81.1.1.10xb498Standard query (0)citydisco.betA (IP address)IN (0x0001)false
                                                                                                                                                                                                                              Mar 13, 2025 16:50:51.502306938 CET192.168.2.81.1.1.10xc9a5Standard query (0)crosshairc.lifeA (IP address)IN (0x0001)false
                                                                                                                                                                                                                              Mar 13, 2025 16:50:51.521652937 CET192.168.2.81.1.1.10xeee8Standard query (0)mrodularmall.topA (IP address)IN (0x0001)false
                                                                                                                                                                                                                              Mar 13, 2025 16:50:51.828933001 CET192.168.2.81.1.1.10xd132Standard query (0)jowinjoinery.icuA (IP address)IN (0x0001)false
                                                                                                                                                                                                                              Mar 13, 2025 16:50:51.879767895 CET192.168.2.81.1.1.10x5aa8Standard query (0)legenassedk.topA (IP address)IN (0x0001)false
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.260503054 CET192.168.2.81.1.1.10xf5faStandard query (0)htardwarehu.icuA (IP address)IN (0x0001)false
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.289894104 CET192.168.2.81.1.1.10xfaa0Standard query (0)cjlaspcorne.icuA (IP address)IN (0x0001)false
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.319736958 CET192.168.2.81.1.1.10xde16Standard query (0)bugildbett.topA (IP address)IN (0x0001)false
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.678654909 CET192.168.2.81.1.1.10xa190Standard query (0)weaponrywo.digitalA (IP address)IN (0x0001)false
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.699363947 CET192.168.2.81.1.1.10x7006Standard query (0)steamcommunity.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                              Mar 13, 2025 16:50:54.260126114 CET192.168.2.81.1.1.10x5169Standard query (0)steamcommunity.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                              Mar 13, 2025 16:50:59.175462961 CET192.168.2.81.1.1.10xdcebStandard query (0)guntac.betA (IP address)IN (0x0001)false
                                                                                                                                                                                                                              Mar 13, 2025 16:51:07.749839067 CET192.168.2.81.1.1.10x657aStandard query (0)steamcommunity.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                                              DNS Answers

                                                                                                                                                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                              Mar 13, 2025 16:50:44.181704044 CET1.1.1.1192.168.2.80xb498No error (0)citydisco.bet188.114.96.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                              Mar 13, 2025 16:50:44.181704044 CET1.1.1.1192.168.2.80xb498No error (0)citydisco.bet188.114.97.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                              Mar 13, 2025 16:50:51.516741037 CET1.1.1.1192.168.2.80xc9a5No error (0)crosshairc.life104.21.48.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                              Mar 13, 2025 16:50:51.516741037 CET1.1.1.1192.168.2.80xc9a5No error (0)crosshairc.life104.21.32.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                              Mar 13, 2025 16:50:51.516741037 CET1.1.1.1192.168.2.80xc9a5No error (0)crosshairc.life104.21.16.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                              Mar 13, 2025 16:50:51.516741037 CET1.1.1.1192.168.2.80xc9a5No error (0)crosshairc.life104.21.112.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                              Mar 13, 2025 16:50:51.516741037 CET1.1.1.1192.168.2.80xc9a5No error (0)crosshairc.life104.21.64.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                              Mar 13, 2025 16:50:51.516741037 CET1.1.1.1192.168.2.80xc9a5No error (0)crosshairc.life104.21.80.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                              Mar 13, 2025 16:50:51.516741037 CET1.1.1.1192.168.2.80xc9a5No error (0)crosshairc.life104.21.96.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                              Mar 13, 2025 16:50:51.823621988 CET1.1.1.1192.168.2.80xeee8No error (0)mrodularmall.top104.21.112.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                              Mar 13, 2025 16:50:51.823621988 CET1.1.1.1192.168.2.80xeee8No error (0)mrodularmall.top104.21.96.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                              Mar 13, 2025 16:50:51.823621988 CET1.1.1.1192.168.2.80xeee8No error (0)mrodularmall.top104.21.32.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                              Mar 13, 2025 16:50:51.823621988 CET1.1.1.1192.168.2.80xeee8No error (0)mrodularmall.top104.21.80.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                              Mar 13, 2025 16:50:51.823621988 CET1.1.1.1192.168.2.80xeee8No error (0)mrodularmall.top104.21.64.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                              Mar 13, 2025 16:50:51.823621988 CET1.1.1.1192.168.2.80xeee8No error (0)mrodularmall.top104.21.16.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                              Mar 13, 2025 16:50:51.823621988 CET1.1.1.1192.168.2.80xeee8No error (0)mrodularmall.top104.21.48.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                              Mar 13, 2025 16:50:51.875003099 CET1.1.1.1192.168.2.80xd132No error (0)jowinjoinery.icu188.114.97.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                              Mar 13, 2025 16:50:51.875003099 CET1.1.1.1192.168.2.80xd132No error (0)jowinjoinery.icu188.114.96.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.255280018 CET1.1.1.1192.168.2.80x5aa8No error (0)legenassedk.top188.114.97.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.255280018 CET1.1.1.1192.168.2.80x5aa8No error (0)legenassedk.top188.114.96.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.284948111 CET1.1.1.1192.168.2.80xf5faNo error (0)htardwarehu.icu104.21.64.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.284948111 CET1.1.1.1192.168.2.80xf5faNo error (0)htardwarehu.icu104.21.16.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.284948111 CET1.1.1.1192.168.2.80xf5faNo error (0)htardwarehu.icu104.21.80.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.284948111 CET1.1.1.1192.168.2.80xf5faNo error (0)htardwarehu.icu104.21.48.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.284948111 CET1.1.1.1192.168.2.80xf5faNo error (0)htardwarehu.icu104.21.32.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.284948111 CET1.1.1.1192.168.2.80xf5faNo error (0)htardwarehu.icu104.21.96.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.284948111 CET1.1.1.1192.168.2.80xf5faNo error (0)htardwarehu.icu104.21.112.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.315159082 CET1.1.1.1192.168.2.80xfaa0No error (0)cjlaspcorne.icu104.21.112.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.315159082 CET1.1.1.1192.168.2.80xfaa0No error (0)cjlaspcorne.icu104.21.80.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.315159082 CET1.1.1.1192.168.2.80xfaa0No error (0)cjlaspcorne.icu104.21.64.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.315159082 CET1.1.1.1192.168.2.80xfaa0No error (0)cjlaspcorne.icu104.21.96.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.315159082 CET1.1.1.1192.168.2.80xfaa0No error (0)cjlaspcorne.icu104.21.48.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.315159082 CET1.1.1.1192.168.2.80xfaa0No error (0)cjlaspcorne.icu104.21.32.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.315159082 CET1.1.1.1192.168.2.80xfaa0No error (0)cjlaspcorne.icu104.21.16.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.673763990 CET1.1.1.1192.168.2.80xde16No error (0)bugildbett.top104.21.112.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.673763990 CET1.1.1.1192.168.2.80xde16No error (0)bugildbett.top104.21.32.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.673763990 CET1.1.1.1192.168.2.80xde16No error (0)bugildbett.top104.21.96.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.673763990 CET1.1.1.1192.168.2.80xde16No error (0)bugildbett.top104.21.16.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.673763990 CET1.1.1.1192.168.2.80xde16No error (0)bugildbett.top104.21.48.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.673763990 CET1.1.1.1192.168.2.80xde16No error (0)bugildbett.top104.21.80.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.673763990 CET1.1.1.1192.168.2.80xde16No error (0)bugildbett.top104.21.64.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.694344044 CET1.1.1.1192.168.2.80xa190No error (0)weaponrywo.digital104.21.32.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.694344044 CET1.1.1.1192.168.2.80xa190No error (0)weaponrywo.digital104.21.16.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.694344044 CET1.1.1.1192.168.2.80xa190No error (0)weaponrywo.digital104.21.96.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.694344044 CET1.1.1.1192.168.2.80xa190No error (0)weaponrywo.digital104.21.48.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.694344044 CET1.1.1.1192.168.2.80xa190No error (0)weaponrywo.digital104.21.64.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.694344044 CET1.1.1.1192.168.2.80xa190No error (0)weaponrywo.digital104.21.112.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.694344044 CET1.1.1.1192.168.2.80xa190No error (0)weaponrywo.digital104.21.80.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                              Mar 13, 2025 16:50:52.705996037 CET1.1.1.1192.168.2.80x7006No error (0)steamcommunity.com104.73.234.102A (IP address)IN (0x0001)false
                                                                                                                                                                                                                              Mar 13, 2025 16:50:54.266773939 CET1.1.1.1192.168.2.80x5169No error (0)steamcommunity.com23.197.127.21