Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1637463
MD5:	2002fdf412315d31fcdf5b6acbcaa53c
SHA1:	c3d77ad74a3c01eba18fd19eda94789cdd7b9cb1
SHA256:	b7bec68290b285cdcec37f9558f1488c36e971aded4b995b3a45a40ddcaf00dc
Tags:	exeuser-jstrosch
Infos:

Detection

LummaC Stealer

Score:	100
Range:	0 - 100
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Found malware configuration

Multi AV Scanner detection for submitted file

Yara detected LummaC Stealer

C2 URLs / IPs found in malware configuration

Contains functionality to inject code into remote processes

Found many strings related to Crypto-Wallets (likely being stolen)

Injects a PE file into a foreign processes

Joe Sandbox ML detected suspicious sample

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Query firmware table information (likely to detect VMs)

Sample uses string decryption to hide its real strings

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Crypto Currency Wallets

AV process strings found (often used to terminate AV products)

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Checks if the current process is being debugged

Contains functionality for read data from the clipboard

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to query locales information (e.g. system language)

Contains functionality to read the PEB

Contains functionality to read the clipboard data

Contains functionality to record screenshots

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Found inlined nop instructions (likely shell or obfuscated code)

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

One or more processes crash

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Searches for user specific document files

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Classification

Process Tree

System is w10x64

file.exe (PID: 7620 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 2002FDF412315D31FCDF5B6ACBCAA53C)

conhost.exe (PID: 7628 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

file.exe (PID: 7676 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 2002FDF412315D31FCDF5B6ACBCAA53C)

WerFault.exe (PID: 7768 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7620 -s 136 MD5: C31336C1EFC2CCB44B4326EA793040F2)

cleanup

Malware Configuration

Threatname: LummaC

{"C2 url": ["jowinjoinery.icu/bdWUa", "featureccus.shop/bdMAn", "mrodularmall.top/aNzS", "legenassedk.top/bdpWO", "htardwarehu.icu/Sbdsa", "cjlaspcorne.icu/DbIps", "bugildbett.top/bAuz"]}

Yara Signatures

Memory Dumps

Source	Rule	Description	Author
00000002.00000003.1862420065.0000000000C17000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000002.00000003.1830427056.0000000000C15000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000002.00000003.1862663095.0000000000C20000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000002.00000003.1768344063.0000000000C18000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000002.00000003.1766216026.0000000000C15000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000002.00000003.1856131396.0000000000C17000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000002.00000003.1766980324.0000000000C18000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: file.exe PID: 7676	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: file.exe PID: 7676	JoeSecurity_LummaCStealer	Yara detected LummaC Stealer	Joe Security
Click to see the 4 entries

Suricata Signatures

ET JA3 Hash - Possible Malware - Fake Firefox Font Update

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-03-13T16:59:43.250769+0100	2028371	3	Unknown Traffic	192.168.2.4	49761	23.197.127.21	443	TCP
2025-03-13T16:59:43.250769+0100	2028371	3	Unknown Traffic	192.168.2.4	49764	23.197.127.21	443	TCP
2025-03-13T16:59:43.250769+0100	2028371	3	Unknown Traffic	192.168.2.4	49758	23.197.127.21	443	TCP
2025-03-13T16:59:48.536297+0100	2028371	3	Unknown Traffic	192.168.2.4	49709	188.114.96.3	443	TCP
2025-03-13T16:59:54.069831+0100	2028371	3	Unknown Traffic	192.168.2.4	49722	104.21.16.1	443	TCP
2025-03-13T17:00:02.138310+0100	2028371	3	Unknown Traffic	192.168.2.4	49728	188.114.96.3	443	TCP
2025-03-13T17:00:04.928347+0100	2028371	3	Unknown Traffic	192.168.2.4	49732	188.114.96.3	443	TCP
2025-03-13T17:00:10.265769+0100	2028371	3	Unknown Traffic	192.168.2.4	49736	104.21.48.1	443	TCP
2025-03-13T17:00:15.661479+0100	2028371	3	Unknown Traffic	192.168.2.4	49739	104.21.112.1	443	TCP
2025-03-13T17:00:21.959334+0100	2028371	3	Unknown Traffic	192.168.2.4	49742	104.21.16.1	443	TCP
2025-03-13T17:00:26.469619+0100	2028371	3	Unknown Traffic	192.168.2.4	49745	23.197.127.21	443	TCP
2025-03-13T17:00:29.182823+0100	2028371	3	Unknown Traffic	192.168.2.4	49746	188.114.96.3	443	TCP
2025-03-13T17:00:32.086044+0100	2028371	3	Unknown Traffic	192.168.2.4	49747	23.197.127.21	443	TCP
2025-03-13T17:00:35.017219+0100	2028371	3	Unknown Traffic	192.168.2.4	49748	188.114.96.3	443	TCP
2025-03-13T17:00:37.878042+0100	2028371	3	Unknown Traffic	192.168.2.4	49749	23.197.127.21	443	TCP
2025-03-13T17:00:40.911390+0100	2028371	3	Unknown Traffic	192.168.2.4	49750	23.197.127.21	443	TCP
2025-03-13T17:00:44.055505+0100	2028371	3	Unknown Traffic	192.168.2.4	49752	23.197.127.21	443	TCP
2025-03-13T17:00:47.270833+0100	2028371	3	Unknown Traffic	192.168.2.4	49753	23.197.127.21	443	TCP
2025-03-13T17:00:50.177971+0100	2028371	3	Unknown Traffic	192.168.2.4	49754	188.114.96.3	443	TCP
2025-03-13T17:00:53.612680+0100	2028371	3	Unknown Traffic	192.168.2.4	49755	23.197.127.21	443	TCP
2025-03-13T17:00:56.398891+0100	2028371	3	Unknown Traffic	192.168.2.4	49756	188.114.96.3	443	TCP
2025-03-13T17:00:59.682599+0100	2028371	3	Unknown Traffic	192.168.2.4	49757	23.197.127.21	443	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: file.exe

Avira: detected

Found malware configuration

Source: 2.2.file.exe.400000.0.unpack

Malware Configuration Extractor: LummaC {"C2 url": ["jowinjoinery.icu/bdWUa", "featureccus.shop/bdMAn", "mrodularmall.top/aNzS", "legenassedk.top/bdpWO", "htardwarehu.icu/Sbdsa", "cjlaspcorne.icu/DbIps", "bugildbett.top/bAuz"]}

Multi AV Scanner detection for submitted file

Source: file.exe	Virustotal: Detection: 70%			Perma Link
Source: file.exe	ReversingLabs: Detection: 76%

Joe Sandbox ML detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 99.7% probability

Sample uses string decryption to hide its real strings

Source: 2.2.file.exe.400000.0.unpack	String decryptor: jowinjoinery.icu/bdWUa
Source: 2.2.file.exe.400000.0.unpack	String decryptor: featureccus.shop/bdMAn
Source: 2.2.file.exe.400000.0.unpack	String decryptor: mrodularmall.top/aNzS
Source: 2.2.file.exe.400000.0.unpack	String decryptor: legenassedk.top/bdpWO
Source: 2.2.file.exe.400000.0.unpack	String decryptor: htardwarehu.icu/Sbdsa
Source: 2.2.file.exe.400000.0.unpack	String decryptor: cjlaspcorne.icu/DbIps
Source: 2.2.file.exe.400000.0.unpack	String decryptor: bugildbett.top/bAuz

Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0041C833 CryptUnprotectData,CryptUnprotectData,	2_2_0041C833
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0041BCC0 CryptUnprotectData,	2_2_0041BCC0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0041C833 CryptUnprotectData,CryptUnprotectData,	2_2_0041C833

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown	HTTPS traffic detected: 23.197.127.21:443 -> 192.168.2.4:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.197.127.21:443 -> 192.168.2.4:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.197.127.21:443 -> 192.168.2.4:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.197.127.21:443 -> 192.168.2.4:49750 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.197.127.21:443 -> 192.168.2.4:49752 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.197.127.21:443 -> 192.168.2.4:49753 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49754 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.197.127.21:443 -> 192.168.2.4:49755 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49756 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.197.127.21:443 -> 192.168.2.4:49757 version: TLS 1.2

Source: file.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0069FCDE FindFirstFileExW,	0_2_0069FCDE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0069FD8F FindFirstFileExW,FindNextFileW,FindClose,FindClose,	0_2_0069FD8F
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0069FCDE FindFirstFileExW,	2_2_0069FCDE
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0069FD8F FindFirstFileExW,FindNextFileW,FindClose,FindClose,	2_2_0069FD8F

Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, byte ptr [esp+eax+00000104h]	2_2_0041C833
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edx+ecx*8], 6D58C181h	2_2_00421890
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, byte ptr [esp+ecx-4926828Eh]	2_2_00421890
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ecx, byte ptr [esi+eax+04h]	2_2_00413143
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], CF91E6EAh	2_2_0044A106
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then lea ecx, dword ptr [eax+eax]	2_2_00412AF8
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then lea ecx, dword ptr [eax-40000000h]	2_2_00412AF8
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then lea edx, dword ptr [ecx+ecx]	2_2_00412AF8
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp word ptr [edi+ebx], 0000h	2_2_0044C2A0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx eax, byte ptr [esp+ecx+44h]	2_2_00444300
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, byte ptr [esp+edi+3E8E80E8h]	2_2_0044D300
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [ecx], bx	2_2_0044D300
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], esi	2_2_0044C3A0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax-26h]	2_2_0044C3A0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ebp, ebx	2_2_0044C3A0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ecx, di	2_2_0042FE40
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax-1272D010h]	2_2_0042FE40
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax-26h]	2_2_0044D7F0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [edi], cx	2_2_00429840
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [00451018h]	2_2_0040F066
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edi, byte ptr [ecx+esi]	2_2_00402800
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 1ED597A4h	2_2_004480C0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx	2_2_00410897
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edi, byte ptr [esp+ecx]	2_2_00410897
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax-26h]	2_2_0044D950
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax-0D0EF488h]	2_2_0042D92B
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov dword ptr [esi], FFFFFFFFh	2_2_004019E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edi, byte ptr [esp+edx-51AE6CD0h]	2_2_0044AA55
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov dword ptr [esp], 8B8A8924h	2_2_0043F250
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx eax, byte ptr [esp+edx+19DCC0F6h]	2_2_00445250
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, byte ptr [ebp+edi+00h]	2_2_00445250
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [ecx], dl	2_2_00423A70
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [edi], cl	2_2_00423A70
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebx+esi*8], C446A772h	2_2_0041E21B
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax-4926821Eh]	2_2_0041E21B
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax-4926821Eh]	2_2_0041E21B
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edx+ecx*8], 656D2358h	2_2_0041E21B
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp eax	2_2_0041E21B
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax+70h]	2_2_0041E21B
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax-49268212h]	2_2_0041E21B
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx esi, byte ptr [eax]	2_2_00448220
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], 93A82FD1h	2_2_004292C0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax-6BB1A2B4h]	2_2_004482E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edi, byte ptr [esp+eax-000000FAh]	2_2_00433A88
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then push eax	2_2_00449B7F
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, byte ptr [esp+eax+00000104h]	2_2_0041C833
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then add eax, dword ptr [esp+ecx*4+24h]	2_2_0040A320
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ecx, word ptr [edi+esi*4]	2_2_0040A320
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edi, byte ptr [esp+eax-000000FAh]	2_2_00433A88
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax+34h]	2_2_00433330
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [esi], cl	2_2_00436BE5
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx eax, byte ptr [esp+edx+68h]	2_2_00437BB8
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [ecx], dl	2_2_00411C5F
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then add ebp, dword ptr [esp+0Ch]	2_2_00435C60
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov dword ptr [esp+08h], ebx	2_2_00445C70
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx	2_2_00410C1B
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx esi, byte ptr [esp+ecx]	2_2_00410C1B
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx eax, byte ptr [esp+esi+5Ch]	2_2_0042F430
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, byte ptr [edx]	2_2_00441480
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax+49408C66h]	2_2_00428CB0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-10h]	2_2_0044BD46
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [eax], cl	2_2_0041EDDC
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax+6D3F2F7Eh]	2_2_00420D90
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [eax]	2_2_00448590
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax+50h]	2_2_004305B2
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movsx eax, byte ptr [esi+ecx]	2_2_0041AE40
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [edi], cl	2_2_00438E42
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov dword ptr [esp+10h], ecx	2_2_00438E42
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then add eax, esi	2_2_00437627
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [ebp+ecx+00h]	2_2_0040CE30
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, byte ptr [eax+esi]	2_2_0040CE30
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov dword ptr [esp+10h], ecx	2_2_00438E39
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebp, byte ptr [esp+ecx+0Ah]	2_2_00445ED1
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax]	2_2_00445ED1
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax+18h]	2_2_004236EB
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [ebx], cl	2_2_004386EC
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx	2_2_00432F60
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edi, byte ptr [esi+edx]	2_2_00432F60
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx	2_2_00432F60
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx esi, byte ptr [esp+eax]	2_2_0041AF00
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esp+ecx-4926828Ah]	2_2_0041AF00
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax+1A92C912h]	2_2_0040C710
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esp+ecx-2Ah]	2_2_0044C7D0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ecx, byte ptr [esi+eax+04h]	2_2_00412FDB
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax]	2_2_00446790
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [eax], cl	2_2_0041EFAD
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esp+ecx+18h]	2_2_0040EFAE
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ebx, dword ptr [edi+04h]	2_2_00433FB0

Networking

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: jowinjoinery.icu/bdWUa
Source: Malware configuration extractor	URLs: featureccus.shop/bdMAn
Source: Malware configuration extractor	URLs: mrodularmall.top/aNzS
Source: Malware configuration extractor	URLs: legenassedk.top/bdpWO
Source: Malware configuration extractor	URLs: htardwarehu.icu/Sbdsa
Source: Malware configuration extractor	URLs: cjlaspcorne.icu/DbIps
Source: Malware configuration extractor	URLs: bugildbett.top/bAuz

Source: global traffic	HTTP traffic detected: GET /profiles/76561199822375128 HTTP/1.1Connection: Keep-AliveHost: steamcommunity.com
Source: global traffic	HTTP traffic detected: GET /profiles/76561199822375128 HTTP/1.1Connection: Keep-AliveHost: steamcommunity.com
Source: global traffic	HTTP traffic detected: GET /profiles/76561199822375128 HTTP/1.1Connection: Keep-AliveHost: steamcommunity.com
Source: global traffic	HTTP traffic detected: GET /profiles/76561199822375128 HTTP/1.1Connection: Keep-AliveHost: steamcommunity.com
Source: global traffic	HTTP traffic detected: GET /profiles/76561199822375128 HTTP/1.1Connection: Keep-AliveHost: steamcommunity.com
Source: global traffic	HTTP traffic detected: GET /profiles/76561199822375128 HTTP/1.1Connection: Keep-AliveHost: steamcommunity.com
Source: global traffic	HTTP traffic detected: GET /profiles/76561199822375128 HTTP/1.1Connection: Keep-AliveHost: steamcommunity.com
Source: global traffic	HTTP traffic detected: GET /profiles/76561199822375128 HTTP/1.1Connection: Keep-AliveHost: steamcommunity.com

Source: Joe Sandbox View	IP Address: 104.21.48.1 104.21.48.1
Source: Joe Sandbox View	IP Address: 104.21.48.1 104.21.48.1
Source: Joe Sandbox View	IP Address: 104.21.16.1 104.21.16.1
Source: Joe Sandbox View	IP Address: 104.21.16.1 104.21.16.1
Source: Joe Sandbox View	IP Address: 104.21.112.1 104.21.112.1
Source: Joe Sandbox View	IP Address: 104.21.112.1 104.21.112.1

Source: Joe Sandbox View

JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1

Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49709 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49728 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49732 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49739 -> 104.21.112.1:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49748 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49736 -> 104.21.48.1:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49745 -> 23.197.127.21:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49747 -> 23.197.127.21:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49752 -> 23.197.127.21:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49749 -> 23.197.127.21:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49754 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49746 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49753 -> 23.197.127.21:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49750 -> 23.197.127.21:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49756 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49742 -> 104.21.16.1:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49722 -> 104.21.16.1:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49757 -> 23.197.127.21:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49755 -> 23.197.127.21:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49761 -> 23.197.127.21:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49764 -> 23.197.127.21:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49758 -> 23.197.127.21:443

Source: global traffic	HTTP traffic detected: POST /bSHsyZD HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 51Host: guntac.bet
Source: global traffic	HTTP traffic detected: POST /bSHsyZD HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=7TfOY8Z8WqUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 19581Host: guntac.bet
Source: global traffic	HTTP traffic detected: POST /bSHsyZD HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=ajZC4mEcJc8User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 20396Host: guntac.bet
Source: global traffic	HTTP traffic detected: POST /bSHsyZD HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=szaEt3y8J9KurPDj4User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 2556Host: guntac.bet

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /profiles/76561199822375128 HTTP/1.1Connection: Keep-AliveHost: steamcommunity.com
Source: global traffic	HTTP traffic detected: GET /profiles/76561199822375128 HTTP/1.1Connection: Keep-AliveHost: steamcommunity.com
Source: global traffic	HTTP traffic detected: GET /profiles/76561199822375128 HTTP/1.1Connection: Keep-AliveHost: steamcommunity.com
Source: global traffic	HTTP traffic detected: GET /profiles/76561199822375128 HTTP/1.1Connection: Keep-AliveHost: steamcommunity.com
Source: global traffic	HTTP traffic detected: GET /profiles/76561199822375128 HTTP/1.1Connection: Keep-AliveHost: steamcommunity.com
Source: global traffic	HTTP traffic detected: GET /profiles/76561199822375128 HTTP/1.1Connection: Keep-AliveHost: steamcommunity.com
Source: global traffic	HTTP traffic detected: GET /profiles/76561199822375128 HTTP/1.1Connection: Keep-AliveHost: steamcommunity.com
Source: global traffic	HTTP traffic detected: GET /profiles/76561199822375128 HTTP/1.1Connection: Keep-AliveHost: steamcommunity.com

Source: file.exe, 00000002.00000003.1955363181.000000000336D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://steamloopback.host https://store.steampowered.com/; equals www.youtube.com (Youtube)
Source: file.exe, 00000002.00000003.1620883393.0000000000C21000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://steamloopback.host https://store.steampowered.com/; equals www.youtube.com (Youtube)
Source: file.exe, 00000002.00000003.1955760363.0000000000C5D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Content-Security-Policydefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://steamloopback.host https://store.steampowered.com/;X-Frame-OptionsSAMEORIGINPersistent-AuthWWW-AuthenticateVarysteamCountry=US%7Cea39b42595266b29851bfdee2d9f6c8b; path=/; secure; HttpOnly; SameSite=Nonesessionid=5342c67ae37ad391cefc3a40; Path=/; Secure; SameSite=NoneSet-CookienginxServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedMon, 26 Jul 1997 05:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset=UTF-8Content-Type36122Content-LengthAllowWarningViaUpgradeTransfer-EncodingTrailerPragmaKeep-AliveThu, 13 Mar 2025 16:01:00 GMTDateProxy-ConnectioncloseConnectionno-cacheCache-Control>>X? equals www.youtube.com (Youtube)
Source: file.exe, 00000002.00000002.2249416627.00000000032F0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: Content-Security-Policydefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampoP: equals www.youtube.com (Youtube)
Source: file.exe, 00000002.00000003.1620883393.0000000000C19000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Content-Security-Policydefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://steamloopback.host https://store.steampowered.com/;X-Frame-OptionsSAMEORIGINPersistent-AuthWWW-AuthenticateVarysteamCountry=US%7C14c9dde9b41d2538b03ea660c9fb439f; path=/; secure; HttpOnly; SameSite=Nonesessionid=d48bf9fba63bf683817304e9; Path=/; Secure; SameSite=NoneSet-CookienginxServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedMon, 26 Jul 1997 05:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset=UTF-8Content-Type35710Content-LengthAllowWarningViaUpgradeTransfer-EncodingTrailerPragmaKeep-AliveThu, 13 Mar 2025 16:00:27 GMTDateProxy-ConnectioncloseConnectionno-cacheCache-Control equals www.youtube.com (Youtube)
Source: file.exe, 00000002.00000003.1830363766.0000000000C8D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Content-Security-Policydefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://steamloopback.host https://store.steampowered.com/;X-Frame-OptionsSAMEORIGINPersistent-AuthWWW-AuthenticateVarysteamCountry=US%7C14c9dde9b41d2538b03ea660c9fb439f; path=/; secure; HttpOnly; SameSite=Nonesessionid=d9001a9f396a110c58d4f05c; Path=/; Secure; SameSite=NoneSet-CookienginxServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedMon, 26 Jul 1997 05:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset=UTF-8Content-Type35710Content-LengthAllowWarningViaUpgradeTransfer-EncodingTrailerPragmaKeep-AliveThu, 13 Mar 2025 16:00:48 GMTDateProxy-ConnectioncloseConnectionno-cacheCache-Control__Y? equals www.youtube.com (Youtube)
Source: file.exe, 00000002.00000003.1955760363.0000000000C5D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://steamloopback.host https://store.steampowered.com/; equals www.youtube.com (Youtube)
Source: file.exe, 00000002.00000002.2249416627.00000000032F0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampoP: equals www.youtube.com (Youtube)
Source: file.exe, 00000002.00000003.1830363766.0000000000C8D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://steamloopback.host https://store.steampowered.com/; equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: jowinjoinery.icu
Source: global traffic	DNS traffic detected: DNS query: featureccus.shop
Source: global traffic	DNS traffic detected: DNS query: mrodularmall.top
Source: global traffic	DNS traffic detected: DNS query: legenassedk.top
Source: global traffic	DNS traffic detected: DNS query: htardwarehu.icu
Source: global traffic	DNS traffic detected: DNS query: cjlaspcorne.icu
Source: global traffic	DNS traffic detected: DNS query: bugildbett.top
Source: global traffic	DNS traffic detected: DNS query: latchclan.shop
Source: global traffic	DNS traffic detected: DNS query: steamcommunity.com
Source: global traffic	DNS traffic detected: DNS query: guntac.bet

Source: unknown

HTTP traffic detected: POST /bSHsyZD HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 51Host: guntac.bet

Source: file.exe, 00000002.00000003.1955760363.0000000000C5D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1862663095.0000000000C20000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1705380525.0000000000C17000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1956180927.0000000000C20000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766980324.0000000000C18000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1955816166.0000000000C17000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677472623.0000000003373000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1918578951.0000000000C17000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1646446540.0000000000C1B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620883393.0000000000C21000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1955363181.000000000336D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://127.0.0.1:27060
Source: file.exe, 00000002.00000003.1767069430.0000000003330000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
Source: file.exe, 00000002.00000003.1767069430.0000000003330000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
Source: file.exe, 00000002.00000003.1767069430.0000000003330000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
Source: file.exe, 00000002.00000003.1767069430.0000000003330000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
Source: file.exe, 00000002.00000003.1767069430.0000000003330000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: file.exe, 00000002.00000003.1767069430.0000000003330000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
Source: file.exe, 00000002.00000003.1767069430.0000000003330000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
Source: file.exe, 00000002.00000003.1767069430.0000000003330000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0
Source: file.exe, 00000002.00000003.1767069430.0000000003330000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
Source: file.exe, 00000002.00000003.1736435601.0000000003385000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1955251579.000000000333A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766567558.0000000000C82000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766067365.000000000337D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1830427056.0000000000C15000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.2249416627.0000000003342000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1736435601.000000000337F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620865188.0000000000C61000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1705364687.0000000000C87000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620794973.0000000000C55000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620926658.0000000000BCA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766300331.0000000003381000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1830363766.0000000000C84000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677096147.0000000003383000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677096147.000000000337D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677395422.000000000337E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766216026.0000000000C74000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620794973.0000000000C5B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1646423767.0000000000C69000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1830301702.0000000003313000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1736344383.000000000337D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
Source: file.exe, 00000002.00000003.1918728537.0000000000BCA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/p
Source: file.exe, 00000002.00000003.1736435601.0000000003385000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1955251579.000000000333A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766567558.0000000000C82000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766067365.000000000337D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1830427056.0000000000C15000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.2249416627.0000000003342000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1736435601.000000000337F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620865188.0000000000C61000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1705364687.0000000000C87000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620794973.0000000000C55000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620926658.0000000000BCA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766300331.0000000003381000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1830363766.0000000000C84000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677096147.0000000003383000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677096147.000000000337D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677395422.000000000337E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766216026.0000000000C74000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620794973.0000000000C5B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1646423767.0000000000C69000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1830301702.0000000003313000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1736344383.000000000337D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/privacy_agreement/
Source: file.exe, 00000002.00000003.1918728537.0000000000BCA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1736435601.0000000003385000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1955251579.000000000333A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766567558.0000000000C82000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766067365.000000000337D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1830427056.0000000000C15000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.2249416627.0000000003342000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1736435601.000000000337F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620865188.0000000000C61000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1705364687.0000000000C87000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620794973.0000000000C55000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620926658.0000000000BCA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766300331.0000000003381000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1830363766.0000000000C84000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677096147.0000000003383000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677096147.000000000337D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677395422.000000000337E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766216026.0000000000C74000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620794973.0000000000C5B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1646423767.0000000000C69000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1830301702.0000000003313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/subscriber_agreement/
Source: Amcache.hve.5.dr	String found in binary or memory: http://upx.sf.net
Source: file.exe, 00000002.00000003.1955363181.000000000337D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1736435601.0000000003385000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766166216.0000000003395000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620865188.0000000000C61000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1955580640.0000000000C84000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766067365.0000000003394000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677096147.0000000003383000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620794973.0000000000C5B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1830301702.0000000003313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.valvesoftware.com/legal.htm
Source: file.exe, 00000002.00000003.1767069430.0000000003330000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://x1.c.lencr.org/0
Source: file.exe, 00000002.00000003.1767069430.0000000003330000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://x1.i.lencr.org/0
Source: file.exe, 00000002.00000003.1648299420.000000000330B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org?q=
Source: file.exe, 00000002.00000003.1955363181.000000000336D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://api.steampowered.com/
Source: file.exe, 00000002.00000003.1955580640.0000000000C84000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://avatars.cloudflare.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
Source: file.exe, 00000002.00000003.1918728537.0000000000BCA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://avatars.fastly.steamstatic.com/fef49e7fa7e1997310d705b2a6158f
Source: file.exe, 00000002.00000003.1830301702.0000000003313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://avatars.fastly.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
Source: file.exe, 00000002.00000003.1955760363.0000000000C5D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1862663095.0000000000C20000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1705380525.0000000000C17000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1956180927.0000000000C20000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1918540959.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766980324.0000000000C18000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1955816166.0000000000C17000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677472623.0000000003373000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1918578951.0000000000C17000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1646446540.0000000000C1B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620883393.0000000000C21000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1955363181.000000000336D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://broadcast.st.dl.eccdnx.com
Source: file.exe, 00000002.00000003.1955760363.0000000000C5D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1955363181.000000000336D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/
Source: file.exe, 00000002.00000003.1648299420.000000000330B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: file.exe, 00000002.00000002.2249416627.00000000032F0000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1955816166.0000000000C17000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677472623.0000000003373000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1918578951.0000000000C17000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1646446540.0000000000C1B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620883393.0000000000C21000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/
Source: file.exe, 00000002.00000003.1648299420.000000000330B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: file.exe, 00000002.00000003.1648299420.000000000330B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: file.exe, 00000002.00000003.1955363181.000000000336D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://checkout.steampowered.com/
Source: file.exe, 00000002.00000003.1955363181.000000000336D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/
Source: file.exe, 00000002.00000003.1955363181.000000000337D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1955580640.0000000000C84000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.2249617720.000000000336C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/globalv2.css?v=N4H9vOOxi8kG&l=english&am
Source: file.exe, 00000002.00000003.1955363181.000000000337D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1955580640.0000000000C84000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.2249617720.000000000336C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/promo/summer2017/stickers.css?v=INiZALwvDIbb
Source: file.exe, 00000002.00000003.1955363181.000000000337D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1955580640.0000000000C84000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.2249617720.000000000336C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/skin_1/header.css?v=EZbG2DEumYDH&l=engli
Source: file.exe, 00000002.00000003.1955363181.000000000337D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1955580640.0000000000C84000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.2249617720.000000000336C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/skin_1/modalContent.css?v=WXAusLHclDIt&l
Source: file.exe, 00000002.00000003.1955363181.000000000337D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1955580640.0000000000C84000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.2249617720.000000000336C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/skin_1/profilev2.css?v=l1VAyDrxeeyo&l=en
Source: file.exe, 00000002.00000003.1955363181.000000000337D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1955580640.0000000000C84000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1955363181.000000000336D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/global.js?v=D1VziU1eIKI3&l=englis
Source: file.exe, 00000002.00000003.1955363181.000000000337D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1955580640.0000000000C84000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1955363181.000000000336D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=gQHVlrK4-jX-&a
Source: file.exe, 00000002.00000003.1955363181.000000000337D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1955580640.0000000000C84000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1955363181.000000000336D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/modalContent.js?v=XfYrwi9zUC4b&l=
Source: file.exe, 00000002.00000003.1955363181.000000000337D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1955580640.0000000000C84000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1955363181.000000000336D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/modalv2.js?v=zBXEuexVQ0FZ&l=engli
Source: file.exe, 00000002.00000003.1955363181.000000000337D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1955580640.0000000000C84000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/profile.js?v=47omfdMZRDiz&l=engli
Source: file.exe, 00000002.00000003.1955363181.000000000337D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1955580640.0000000000C84000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/promo/stickers.js?v=iGFW_JMULCcZ&
Source: file.exe, 00000002.00000003.1955363181.000000000337D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1955580640.0000000000C84000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.2249617720.000000000336C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&l
Source: file.exe, 00000002.00000003.1955363181.000000000337D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1955580640.0000000000C84000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/reportedcontent.js?v=-lZqrarogJr8&amp
Source: file.exe, 00000002.00000003.1955363181.000000000337D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1955580640.0000000000C84000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.2249617720.000000000336C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcD
Source: file.exe, 00000002.00000003.1955363181.000000000337D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1955580640.0000000000C84000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/webui/clientcom.js?v=whw8EcafG167&amp
Source: file.exe, 00000002.00000003.1955363181.000000000337D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1955580640.0000000000C84000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.2249617720.000000000336C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/buttons.css?v=G3UTKgHH4xLD&l=engl
Source: file.exe, 00000002.00000002.2249617720.000000000336C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/motiva_sans.css?v=nc69vwog8R9p&l=
Source: file.exe, 00000002.00000003.1955363181.000000000337D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1955580640.0000000000C84000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.2249617720.000000000336C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/shared_global.css?v=sd6kCnGQW5Ji&
Source: file.exe, 00000002.00000003.1955363181.000000000337D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1955580640.0000000000C84000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.2249617720.000000000336C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/shared_responsive.css?v=n4_f9JKDa7wP&
Source: file.exe, 00000002.00000003.1955363181.000000000337D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1955580640.0000000000C84000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
Source: file.exe, 00000002.00000003.1955363181.000000000337D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1955580640.0000000000C84000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_logo.png
Source: file.exe, 00000002.00000003.1955363181.000000000337D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1955580640.0000000000C84000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.p
Source: file.exe, 00000002.00000003.1955363181.000000000337D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1955580640.0000000000C84000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
Source: file.exe, 00000002.00000003.1955363181.000000000337D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1955580640.0000000000C84000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1955363181.000000000336D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2S
Source: file.exe, 00000002.00000003.1955363181.000000000337D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1955580640.0000000000C84000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1955363181.000000000336D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_global.js?v=oQ1d_VAfa_o
Source: file.exe, 00000002.00000003.1955363181.000000000337D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1955580640.0000000000C84000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v
Source: file.exe, 00000002.00000003.1955363181.000000000337D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1955580640.0000000000C84000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1955363181.000000000336D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&
Source: file.exe, 00000002.00000003.1955363181.0000000003389000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1855955491.0000000003386000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677096147.000000000337D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677395422.000000000337E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.fastl
Source: file.exe, 00000002.00000003.1620794973.0000000000C55000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastliG
Source: file.exe, 00000002.00000003.1620883393.0000000000C21000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/
Source: file.exe, 00000002.00000003.1918728537.0000000000BCA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/css/applications/
Source: file.exe, 00000002.00000003.1736435601.0000000003385000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1955251579.000000000333A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766619359.000000000337F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766067365.000000000337D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000002.2249416627.0000000003342000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620865188.0000000000C61000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1705364687.0000000000C87000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620794973.0000000000C55000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620926658.0000000000BCA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1830363766.0000000000C84000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677096147.0000000003383000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677096147.000000000337D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677395422.000000000337E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766347408.000000000337E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620794973.0000000000C5B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1830301702.0000000003313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=J1-T6FXbrr0Z&a
Source: file.exe, 00000002.00000003.1736435601.0000000003385000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1955363181.0000000003389000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1855955491.0000000003386000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766067365.0000000003389000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620865188.0000000000C61000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766300331.0000000003394000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620794973.0000000000C55000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766067365.0000000003394000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677096147.0000000003383000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677096147.000000000337D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677472623.000000000337D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620794973.0000000000C5B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1830301702.0000000003313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/css/globalv2.css?v=GlKQ1cghJWE2&l=english&_c
Source: file.exe, 00000002.00000003.1955363181.0000000003389000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1855955491.0000000003386000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620865188.0000000000C61000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620794973.0000000000C55000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677096147.0000000003383000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677096147.000000000337D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677395422.000000000337E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620794973.0000000000C5B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1830301702.0000000003313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/css/promo/summer2017/stickers.css?v=Ncr6N09yZIap&amp
Source: file.exe, 00000002.00000003.1736435601.0000000003385000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1955363181.0000000003389000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766067365.0000000003389000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766300331.0000000003394000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766067365.0000000003394000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/fatalerror.css?v=OFUqlcDNiD6y&l=engli
Source: file.exe, 00000002.00000003.1736435601.0000000003385000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1955363181.0000000003389000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1855955491.0000000003386000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766067365.0000000003389000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620865188.0000000000C61000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766300331.0000000003394000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620794973.0000000000C55000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766067365.0000000003394000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677096147.0000000003383000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677096147.000000000337D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677395422.000000000337E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620794973.0000000000C5B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1830301702.0000000003313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&l=english&a
Source: file.exe, 00000002.00000003.1955363181.0000000003389000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1855955491.0000000003386000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620865188.0000000000C61000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620794973.0000000000C55000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677096147.0000000003383000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677096147.000000000337D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677395422.000000000337E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620794973.0000000000C5B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1830301702.0000000003313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/modalContent.css?v=WXAusLHclDIt&l=eng
Source: file.exe, 00000002.00000003.1955363181.0000000003389000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1855955491.0000000003386000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620865188.0000000000C61000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620794973.0000000000C55000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677096147.0000000003383000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677096147.000000000337D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677395422.000000000337E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620794973.0000000000C5B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1830301702.0000000003313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/profilev2.css?v=fe66ET2uI50l&l=englis
Source: file.exe, 00000002.00000003.1918728537.0000000000BCA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1955251579.000000000333A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000002.2249416627.0000000003342000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620865188.0000000000C61000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1705364687.0000000000C87000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620794973.0000000000C55000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620926658.0000000000BCA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1830363766.0000000000C84000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677096147.0000000003383000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677096147.000000000337D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677395422.000000000337E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620794973.0000000000C5B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1830301702.0000000003313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
Source: file.exe, 00000002.00000003.1736435601.0000000003385000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1955251579.000000000333A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766567558.0000000000C82000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1862740439.0000000000C11000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766067365.000000000337D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000002.2249416627.0000000003342000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1736435601.000000000337F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620865188.0000000000C61000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1862420065.0000000000C06000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1705364687.0000000000C87000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620794973.0000000000C55000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620926658.0000000000BCA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766300331.0000000003381000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1955816166.0000000000C06000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1830363766.0000000000C84000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677096147.0000000003383000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1918578951.0000000000C06000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677096147.000000000337D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677395422.000000000337E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766216026.0000000000C74000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620794973.0000000000C5B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
Source: file.exe, 00000002.00000003.1918728537.0000000000BCA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin~9T
Source: file.exe, 00000002.00000003.1918728537.0000000000BCA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applX8
Source: file.exe, 00000002.00000003.1736435601.0000000003385000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1955251579.000000000333A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766619359.000000000337F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766067365.000000000337D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000002.2249416627.0000000003342000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620865188.0000000000C61000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1705364687.0000000000C87000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620794973.0000000000C55000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620926658.0000000000BCA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1830363766.0000000000C84000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677096147.0000000003383000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677096147.000000000337D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677395422.000000000337E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766347408.000000000337E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620794973.0000000000C5B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1830301702.0000000003313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
Source: file.exe, 00000002.00000003.1918728537.0000000000BCA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1736435601.0000000003385000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1955251579.000000000333A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766619359.000000000337F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766067365.000000000337D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000002.2249416627.0000000003342000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620865188.0000000000C61000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1705364687.0000000000C87000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620794973.0000000000C55000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620926658.0000000000BCA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1830363766.0000000000C84000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677096147.0000000003383000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677096147.000000000337D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677395422.000000000337E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766347408.000000000337E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620794973.0000000000C5B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1830301702.0000000003313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/main.js?v=jfdbROVe
Source: file.exe, 00000002.00000003.1918728537.0000000000BCA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1736435601.0000000003385000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1955251579.000000000333A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766619359.000000000337F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766067365.000000000337D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000002.2249416627.0000000003342000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620865188.0000000000C61000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1705364687.0000000000C87000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620794973.0000000000C55000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620926658.0000000000BCA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1830363766.0000000000C84000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677096147.0000000003383000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677096147.000000000337D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677395422.000000000337E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766347408.000000000337E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620794973.0000000000C5B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1830301702.0000000003313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=39xC
Source: file.exe, 00000002.00000003.1736435601.0000000003385000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1955363181.0000000003389000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1855955491.0000000003386000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766067365.0000000003389000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766166216.0000000003395000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620865188.0000000000C61000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620794973.0000000000C55000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766067365.0000000003394000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677096147.0000000003383000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677096147.000000000337D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677395422.000000000337E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620794973.0000000000C5B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1830301702.0000000003313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/global.js?v=cMt-H-zOgNUp&l=english&am
Source: file.exe, 00000002.00000003.1736435601.0000000003385000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1955363181.0000000003389000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1855955491.0000000003386000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766067365.0000000003389000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766166216.0000000003395000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620865188.0000000000C61000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620794973.0000000000C55000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766067365.0000000003394000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677096147.0000000003383000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677096147.000000000337D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677395422.000000000337E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620794973.0000000000C5B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1830301702.0000000003313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=gQHVlrK4-jX-&l
Source: file.exe, 00000002.00000003.1955363181.0000000003389000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1855955491.0000000003386000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620865188.0000000000C61000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620794973.0000000000C55000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677096147.0000000003383000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677096147.000000000337D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677395422.000000000337E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620794973.0000000000C5B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1830301702.0000000003313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/modalContent.js?v=uqf5ttWTRe7l&l=engl
Source: file.exe, 00000002.00000003.1955363181.0000000003389000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1855955491.0000000003386000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620865188.0000000000C61000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620794973.0000000000C55000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677096147.0000000003383000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677096147.000000000337D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677395422.000000000337E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620794973.0000000000C5B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1830301702.0000000003313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/modalv2.js?v=zBXEuexVQ0FZ&l=english&a
Source: file.exe, 00000002.00000003.1955363181.0000000003389000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1855955491.0000000003386000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620865188.0000000000C61000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620794973.0000000000C55000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677096147.0000000003383000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677096147.000000000337D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677395422.000000000337E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620794973.0000000000C5B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1830301702.0000000003313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/profile.js?v=GeQ6v03mWpAc&l=english&a
Source: file.exe, 00000002.00000003.1620865188.0000000000C61000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677096147.0000000003383000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620794973.0000000000C5B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1830301702.0000000003313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/promo/stickers.js?v=CcLRHsa04otQ&l=en
Source: file.exe, 00000002.00000003.1736435601.0000000003385000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1955363181.0000000003389000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1855955491.0000000003386000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766067365.0000000003389000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620865188.0000000000C61000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766300331.0000000003394000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620794973.0000000000C55000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766067365.0000000003394000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677096147.0000000003383000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677096147.000000000337D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677395422.000000000337E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620794973.0000000000C5B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1830301702.0000000003313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&l=eng
Source: file.exe, 00000002.00000003.1620865188.0000000000C61000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677096147.0000000003383000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620794973.0000000000C5B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1830301702.0000000003313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/reportedcontent.js?v=-lZqrarogJr8&l=e
Source: file.exe, 00000002.00000003.1736435601.0000000003385000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1955363181.0000000003389000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1855955491.0000000003386000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766067365.0000000003389000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766166216.0000000003395000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620865188.0000000000C61000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620794973.0000000000C55000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766067365.0000000003394000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677096147.0000000003383000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677096147.000000000337D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677395422.000000000337E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620794973.0000000000C5B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1830301702.0000000003313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbC
Source: file.exe, 00000002.00000003.1620865188.0000000000C61000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677096147.0000000003383000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620794973.0000000000C5B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1830301702.0000000003313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/webui/clientcom.js?v=whw8EcafG167&l=e
Source: file.exe, 00000002.00000003.1736435601.0000000003385000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1955363181.0000000003389000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1855955491.0000000003386000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766067365.0000000003389000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620865188.0000000000C61000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766300331.0000000003394000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620794973.0000000000C55000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766067365.0000000003394000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677096147.0000000003383000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677096147.000000000337D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677472623.000000000337D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620794973.0000000000C5B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1830301702.0000000003313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&l=english&
Source: file.exe, 00000002.00000003.1830301702.0000000003313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&l=engl
Source: file.exe, 00000002.00000003.1736435601.0000000003385000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1955363181.0000000003389000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1855955491.0000000003386000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766067365.0000000003389000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620865188.0000000000C61000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766300331.0000000003394000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620794973.0000000000C55000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766067365.0000000003394000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677096147.0000000003383000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677096147.000000000337D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677472623.000000000337D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620794973.0000000000C5B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1830301702.0000000003313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=Eq36AUaEgab8&l=en
Source: file.exe, 00000002.00000003.1736435601.0000000003385000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1955363181.0000000003389000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1855955491.0000000003386000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766067365.0000000003389000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620865188.0000000000C61000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766300331.0000000003394000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620794973.0000000000C55000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766067365.0000000003394000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677096147.0000000003383000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677096147.000000000337D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677395422.000000000337E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620794973.0000000000C5B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1830301702.0000000003313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&
Source: file.exe, 00000002.00000003.1736435601.0000000003385000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766166216.0000000003395000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620865188.0000000000C61000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766067365.0000000003394000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677096147.0000000003383000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1918468538.000000000337E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620794973.0000000000C5B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1830301702.0000000003313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
Source: file.exe, 00000002.00000003.1736435601.0000000003385000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766166216.0000000003395000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620865188.0000000000C61000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766067365.0000000003394000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677096147.0000000003383000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620794973.0000000000C5B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1830301702.0000000003313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_logo.png
Source: file.exe, 00000002.00000003.1736435601.0000000003385000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766166216.0000000003395000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620865188.0000000000C61000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766067365.0000000003394000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677096147.0000000003383000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620794973.0000000000C5B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1830301702.0000000003313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
Source: file.exe, 00000002.00000003.1736435601.0000000003385000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766166216.0000000003395000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620865188.0000000000C61000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766067365.0000000003394000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677096147.0000000003383000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620794973.0000000000C5B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1830301702.0000000003313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
Source: file.exe, 00000002.00000003.1736435601.0000000003385000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1955363181.0000000003389000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1855955491.0000000003386000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766067365.0000000003389000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766166216.0000000003395000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620865188.0000000000C61000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620794973.0000000000C55000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766067365.0000000003394000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677096147.0000000003383000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677096147.000000000337D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677395422.000000000337E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620794973.0000000000C5B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1830301702.0000000003313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2S&amp
Source: file.exe, 00000002.00000003.1736435601.0000000003385000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1955363181.0000000003389000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1855955491.0000000003386000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766067365.0000000003389000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766166216.0000000003395000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620865188.0000000000C61000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620794973.0000000000C55000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766067365.0000000003394000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677096147.0000000003383000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677096147.000000000337D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677395422.000000000337E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620794973.0000000000C5B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1830301702.0000000003313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=PCCoCNLxwF4M&am
Source: file.exe, 00000002.00000003.1736435601.0000000003385000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1955363181.0000000003389000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766067365.0000000003389000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766166216.0000000003395000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620865188.0000000000C61000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766067365.0000000003394000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677096147.0000000003383000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620794973.0000000000C5B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1830301702.0000000003313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=tvQ
Source: file.exe, 00000002.00000003.1736435601.0000000003385000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1955363181.0000000003389000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1855955491.0000000003386000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766067365.0000000003389000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766166216.0000000003395000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620865188.0000000000C61000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620794973.0000000000C55000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766067365.0000000003394000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677096147.0000000003383000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677096147.000000000337D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677395422.000000000337E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620794973.0000000000C5B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1830301702.0000000003313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&l=en
Source: file.exe, 00000002.00000003.1648299420.000000000330B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: file.exe, 00000002.00000003.1648299420.000000000330B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtabv20
Source: file.exe, 00000002.00000003.1648299420.000000000330B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: file.exe, 00000002.00000003.1648299420.000000000330B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://gemini.google.com/app?q=
Source: file.exe, 00000002.00000003.1918540959.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1646446540.0000000000C1B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://guntac.bet/
Source: file.exe, 00000002.00000003.1646446540.0000000000C1B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://guntac.bet/&1
Source: file.exe, 00000002.00000003.1856280130.0000000000C8C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1856302719.0000000000C90000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1856052645.0000000000C89000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1862153776.0000000000C91000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://guntac.bet/C
Source: file.exe, 00000002.00000003.1705342661.0000000000C8C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://guntac.bet/W
Source: file.exe, 00000002.00000003.1856052645.0000000000C89000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1856321823.0000000000C74000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1862153776.0000000000C91000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1918540959.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1706395023.0000000000C90000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1646446540.0000000000C1B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://guntac.bet/bSHsyZD
Source: file.exe, 00000002.00000003.1705342661.0000000000C8C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://guntac.bet/bSHsyZDA=P:
Source: file.exe, 00000002.00000003.1646446540.0000000000C1B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://guntac.bet/l1
Source: file.exe, 00000002.00000003.1856280130.0000000000C8C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1856302719.0000000000C90000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1856052645.0000000000C89000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://guntac.bet/o
Source: file.exe, 00000002.00000003.1705364687.0000000000C87000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.2249416627.00000000032F0000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1705643521.0000000000C89000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://guntac.bet:443/bSHsyZD
Source: file.exe, 00000002.00000003.1856321823.0000000000C74000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://guntac.bet:443/bSHsyZDZQ
Source: file.exe, 00000002.00000002.2249416627.00000000032F0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://help.steampoP:
Source: file.exe, 00000002.00000003.1955363181.000000000336D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://help.steampowered.com/
Source: file.exe, 00000002.00000003.1955363181.000000000337D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1736435601.0000000003385000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766166216.0000000003395000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620865188.0000000000C61000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1955580640.0000000000C84000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766067365.0000000003394000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677096147.0000000003383000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1918468538.000000000337E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620794973.0000000000C5B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1830301702.0000000003313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://help.steampowered.com/en/
Source: file.exe, 00000002.00000003.1955363181.000000000336D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://login.steampowered.com/
Source: file.exe, 00000002.00000003.1955760363.0000000000C5D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1862663095.0000000000C20000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1705380525.0000000000C17000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1956180927.0000000000C20000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1918540959.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766980324.0000000000C18000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1955816166.0000000000C17000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677472623.0000000003373000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1918578951.0000000000C17000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1646446540.0000000000C1B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620883393.0000000000C21000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1955363181.000000000336D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lv.queniujq.cn
Source: file.exe, 00000002.00000003.1955760363.0000000000C5D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1862663095.0000000000C20000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1705380525.0000000000C17000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1956180927.0000000000C20000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766980324.0000000000C18000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1955816166.0000000000C17000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677472623.0000000003373000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1918578951.0000000000C17000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1646446540.0000000000C1B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620883393.0000000000C21000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1955363181.000000000336D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://medal.tv
Source: file.exe, 00000002.00000003.1955580640.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1918540959.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.2248305707.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://medal.tv4
Source: file.exe, 00000002.00000003.1955760363.0000000000C5D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1862663095.0000000000C20000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1705380525.0000000000C17000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1956180927.0000000000C20000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1918540959.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766980324.0000000000C18000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1955816166.0000000000C17000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677472623.0000000003373000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1918578951.0000000000C17000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1646446540.0000000000C1B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.2248305707.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620883393.0000000000C21000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1955363181.000000000336D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://player.vimeo.com
Source: file.exe, 00000002.00000002.2249416627.00000000032F0000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1955816166.0000000000C17000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677472623.0000000003373000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1918578951.0000000000C17000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1646446540.0000000000C1B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.2248305707.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620883393.0000000000C21000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1955363181.000000000336D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://recaptcha.net
Source: file.exe, 00000002.00000003.1955760363.0000000000C5D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1862663095.0000000000C20000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1705380525.0000000000C17000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1956180927.0000000000C20000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1918540959.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766980324.0000000000C18000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1955816166.0000000000C17000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677472623.0000000003373000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1918578951.0000000000C17000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1646446540.0000000000C1B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.2248305707.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620883393.0000000000C21000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1955363181.000000000336D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://recaptcha.net/recaptcha/;
Source: file.exe, 00000002.00000002.2249416627.00000000032F0000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1955816166.0000000000C17000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677472623.0000000003373000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1918578951.0000000000C17000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1646446540.0000000000C1B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620883393.0000000000C21000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1955363181.000000000336D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://s.ytimg.com;
Source: file.exe, 00000002.00000003.1955760363.0000000000C5D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1862663095.0000000000C20000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1705380525.0000000000C17000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1956180927.0000000000C20000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1918540959.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766980324.0000000000C18000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1955816166.0000000000C17000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677472623.0000000003373000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1918578951.0000000000C17000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1646446540.0000000000C1B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.2248305707.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620883393.0000000000C21000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1955363181.000000000336D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://sketchfab.com
Source: file.exe, 00000002.00000003.1955760363.0000000000C5D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1862663095.0000000000C20000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1705380525.0000000000C17000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1956180927.0000000000C20000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1918540959.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766980324.0000000000C18000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1955816166.0000000000C17000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677472623.0000000003373000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1918578951.0000000000C17000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1646446540.0000000000C1B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.2248305707.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620883393.0000000000C21000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1955363181.000000000336D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://steam.tv/
Source: file.exe, 00000002.00000003.1918540959.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcast-test.akamai
Source: file.exe, 00000002.00000003.1955760363.0000000000C5D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1862663095.0000000000C20000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1705380525.0000000000C17000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1956180927.0000000000C20000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766980324.0000000000C18000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1955816166.0000000000C17000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677472623.0000000003373000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1918578951.0000000000C17000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1646446540.0000000000C1B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620883393.0000000000C21000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1955363181.000000000336D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcast-test.akamaized.net
Source: file.exe, 00000002.00000003.1955760363.0000000000C5D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1862663095.0000000000C20000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1705380525.0000000000C17000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1956180927.0000000000C20000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1918540959.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766980324.0000000000C18000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1955816166.0000000000C17000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677472623.0000000003373000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1918578951.0000000000C17000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1646446540.0000000000C1B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620883393.0000000000C21000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1955363181.000000000336D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcast.akamaized.net
Source: file.exe, 00000002.00000003.1918540959.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcastchat.akamaized.n
Source: file.exe, 00000002.00000003.1955760363.0000000000C5D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1862663095.0000000000C20000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1705380525.0000000000C17000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1956180927.0000000000C20000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766980324.0000000000C18000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1955816166.0000000000C17000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677472623.0000000003373000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1918578951.0000000000C17000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1646446540.0000000000C1B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620883393.0000000000C21000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1955363181.000000000336D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcastchat.akamaized.net
Source: file.exe, 00000002.00000003.1736435601.0000000003385000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com
Source: file.exe, 00000002.00000003.1830301702.0000000003313000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1955363181.000000000336D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000002.2248089669.0000000000C06000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/
Source: file.exe, 00000002.00000003.1856280130.0000000000C8C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1856302719.0000000000C90000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1856052645.0000000000C89000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1955580640.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1830363766.0000000000C8D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1862153776.0000000000C91000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1918540959.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.2248305707.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/2
Source: file.exe, 00000002.00000003.1955363181.000000000337D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1736435601.0000000003385000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766166216.0000000003395000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620865188.0000000000C61000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1955580640.0000000000C84000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766067365.0000000003394000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677096147.0000000003383000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1918468538.000000000337E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620794973.0000000000C5B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1830301702.0000000003313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
Source: file.exe, 00000002.00000003.1830363766.0000000000C8D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766181435.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/DataP:
Source: file.exe, 00000002.00000003.1955816166.0000000000C06000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1918578951.0000000000C06000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.2248089669.0000000000C06000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/O
Source: file.exe, 00000002.00000003.1955580640.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1830363766.0000000000C8D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.2248305707.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/R
Source: file.exe, 00000002.00000003.1766651195.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1736464950.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766181435.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/Z
Source: file.exe, 00000002.00000003.1955580640.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1918540959.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.2248305707.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/ataP:
Source: file.exe, 00000002.00000003.1736464950.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/b
Source: file.exe, 00000002.00000003.1862420065.0000000000C17000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1830427056.0000000000C15000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1856131396.0000000000C17000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1862740439.0000000000C17000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/c
Source: file.exe, 00000002.00000003.1955363181.000000000337D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1736435601.0000000003385000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766166216.0000000003395000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620865188.0000000000C61000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1955580640.0000000000C84000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766067365.0000000003394000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677096147.0000000003383000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1918468538.000000000337E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620794973.0000000000C5B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1830301702.0000000003313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/discussions/
Source: file.exe, 00000002.00000003.1918728537.0000000000BCA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1736435601.0000000003385000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1955251579.000000000333A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766567558.0000000000C82000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1862740439.0000000000C11000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766067365.000000000337D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000002.2249416627.0000000003342000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1736435601.000000000337F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620865188.0000000000C61000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1862420065.0000000000C06000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1705364687.0000000000C87000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620794973.0000000000C55000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620926658.0000000000BCA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766300331.0000000003381000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1955816166.0000000000C06000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1830363766.0000000000C84000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677096147.0000000003383000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1918578951.0000000000C06000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677096147.000000000337D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677395422.000000000337E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766216026.0000000000C74000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
Source: file.exe, 00000002.00000003.1830301702.0000000003313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199822375128
Source: file.exe, 00000002.00000003.1955363181.000000000337D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1736435601.0000000003385000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766166216.0000000003395000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620865188.0000000000C61000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1955580640.0000000000C84000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766067365.0000000003394000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677096147.0000000003383000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1918468538.000000000337E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620794973.0000000000C5B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1830301702.0000000003313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/market/
Source: file.exe, 00000002.00000003.1955363181.000000000337D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1736435601.0000000003385000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766166216.0000000003395000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620865188.0000000000C61000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1955580640.0000000000C84000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766067365.0000000003394000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677096147.0000000003383000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1918468538.000000000337E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620794973.0000000000C5B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1830301702.0000000003313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/my/wishlist/
Source: file.exe, 00000002.00000003.1918728537.0000000000BCA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles
Source: file.exe, 00000002.00000002.2248305707.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620926658.0000000000C06000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199822375128
Source: file.exe, 00000002.00000003.1955251579.000000000333A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000002.2249416627.0000000003342000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620865188.0000000000C61000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1705364687.0000000000C87000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620794973.0000000000C55000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620926658.0000000000BCA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1830363766.0000000000C84000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677096147.0000000003383000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677096147.000000000337D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677395422.000000000337E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620794973.0000000000C5B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1830301702.0000000003313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199822375128/badges
Source: file.exe, 00000002.00000003.1955251579.000000000333A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000002.2249416627.0000000003342000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620865188.0000000000C61000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1705364687.0000000000C87000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620794973.0000000000C55000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620926658.0000000000BCA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1830363766.0000000000C84000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677096147.0000000003383000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677096147.000000000337D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677395422.000000000337E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620794973.0000000000C5B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1646423767.0000000000C69000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1830301702.0000000003313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199822375128/inventory/
Source: file.exe, 00000002.00000003.1955580640.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.2248305707.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/765611998223751280
Source: file.exe, 00000002.00000003.1830363766.0000000000C8D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199822375128B
Source: file.exe, 00000002.00000003.1766651195.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766181435.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199822375128Y
Source: file.exe, 00000002.00000003.1766651195.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1736464950.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766181435.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/r
Source: file.exe, 00000002.00000003.1955363181.000000000337D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1736435601.0000000003385000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766166216.0000000003395000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620865188.0000000000C61000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1955580640.0000000000C84000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766067365.0000000003394000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677096147.0000000003383000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1918468538.000000000337E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620794973.0000000000C5B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1830301702.0000000003313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/workshop/
Source: file.exe, 00000002.00000003.1766567558.0000000000C89000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766181435.0000000000C85000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1830573581.0000000000C74000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1856321823.0000000000C74000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1736464950.0000000000C85000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.2249416627.00000000032F0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com:443/profiles/76561199822375128
Source: file.exe, 00000002.00000002.2249416627.00000000032F0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com:443/profiles/76561199822375128nd-point:w
Source: file.exe, 00000002.00000002.2249416627.00000000032F0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com:443/profiles/76561199822375128oxy-ConnectioncloseConnectionno-cacheCache-
Source: file.exe, 00000002.00000003.1955760363.0000000000C5D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1862663095.0000000000C20000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1705380525.0000000000C17000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1956180927.0000000000C20000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766980324.0000000000C18000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1955816166.0000000000C17000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677472623.0000000003373000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1918578951.0000000000C17000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1646446540.0000000000C1B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620883393.0000000000C21000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1955363181.000000000336D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://steamloopback.host
Source: file.exe, 00000002.00000003.1955363181.000000000336D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/
Source: file.exe, 00000002.00000002.2248166423.0000000000C21000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620832268.0000000000C21000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1862420065.0000000000C17000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1918783991.0000000000C20000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1830427056.0000000000C15000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620883393.0000000000C19000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1767373482.0000000003371000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1956374409.0000000000C62000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1955580640.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1856131396.0000000000C17000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1736344383.0000000003373000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766216026.0000000000C15000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1830363766.0000000000C8D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1768344063.0000000000C18000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1955760363.0000000000C5D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1862663095.0000000000C20000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1705380525.0000000000C17000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1956180927.0000000000C20000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1918540959.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766980324.0000000000C18000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1955816166.0000000000C17000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/;
Source: file.exe, 00000002.00000003.1955580640.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1918540959.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.2248305707.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/;X-Frame-OptionsSAMEORIGINPersistent-AuthWWW-Authenti
Source: file.exe, 00000002.00000003.1620883393.0000000000C19000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1956374409.0000000000C62000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1830363766.0000000000C8D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1955760363.0000000000C5D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/;X-Frame-OptionsSAMEORIGINPersistent-AuthWWW-AuthenticateVarysteamCou
Source: file.exe, 00000002.00000003.1830301702.0000000003313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/about/
Source: file.exe, 00000002.00000003.1955363181.000000000337D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1736435601.0000000003385000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766166216.0000000003395000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620865188.0000000000C61000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1955580640.0000000000C84000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766067365.0000000003394000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677096147.0000000003383000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1918468538.000000000337E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620794973.0000000000C5B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1830301702.0000000003313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/explore/
Source: file.exe, 00000002.00000003.1736435601.0000000003385000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1955251579.000000000333A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766567558.0000000000C82000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766067365.000000000337D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1830427056.0000000000C15000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.2249416627.0000000003342000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1736435601.000000000337F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620865188.0000000000C61000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1705364687.0000000000C87000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620794973.0000000000C55000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620926658.0000000000BCA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766300331.0000000003381000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1830363766.0000000000C84000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677096147.0000000003383000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677096147.000000000337D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677395422.000000000337E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766216026.0000000000C74000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620794973.0000000000C5B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1646423767.0000000000C69000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1830301702.0000000003313000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1736344383.000000000337D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/legal/
Source: file.exe, 00000002.00000003.1955363181.000000000337D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1736435601.0000000003385000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766166216.0000000003395000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620865188.0000000000C61000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1955580640.0000000000C84000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766067365.0000000003394000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677096147.0000000003383000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620794973.0000000000C5B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1830301702.0000000003313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/mobile
Source: file.exe, 00000002.00000003.1955363181.000000000337D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1955251579.0000000003346000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1736435601.0000000003385000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766166216.0000000003395000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620865188.0000000000C61000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1955580640.0000000000C84000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766067365.0000000003394000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677096147.0000000003383000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1918468538.000000000337E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620794973.0000000000C5B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1830301702.0000000003313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/news/
Source: file.exe, 00000002.00000003.1955363181.000000000337D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1736435601.0000000003385000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766166216.0000000003395000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620865188.0000000000C61000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1955580640.0000000000C84000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766067365.0000000003394000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677096147.0000000003383000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1918468538.000000000337E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620794973.0000000000C5B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1830301702.0000000003313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/points/shop/
Source: file.exe, 00000002.00000003.1955363181.000000000337D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1736435601.0000000003385000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766166216.0000000003395000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620865188.0000000000C61000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1955580640.0000000000C84000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766067365.0000000003394000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677096147.0000000003383000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620794973.0000000000C5B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1830301702.0000000003313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/privacy_agreement/
Source: file.exe, 00000002.00000003.1955363181.000000000337D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1736435601.0000000003385000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766166216.0000000003395000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620865188.0000000000C61000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1955580640.0000000000C84000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766067365.0000000003394000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677096147.0000000003383000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1918468538.000000000337E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620794973.0000000000C5B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1830301702.0000000003313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/stats/
Source: file.exe, 00000002.00000003.1955363181.000000000337D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1736435601.0000000003385000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766166216.0000000003395000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620865188.0000000000C61000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1955580640.0000000000C84000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766067365.0000000003394000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677096147.0000000003383000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620794973.0000000000C5B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1830301702.0000000003313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/steam_refunds/
Source: file.exe, 00000002.00000003.1955363181.000000000337D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1736435601.0000000003385000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766166216.0000000003395000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620865188.0000000000C61000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1955580640.0000000000C84000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766067365.0000000003394000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677096147.0000000003383000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620794973.0000000000C5B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1830301702.0000000003313000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/subscriber_agreement/
Source: file.exe, 00000002.00000003.1768469682.000000000351D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: file.exe, 00000002.00000003.1768469682.000000000351D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
Source: file.exe, 00000002.00000003.1648299420.000000000330B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/newtab/v20
Source: file.exe, 00000002.00000003.1955760363.0000000000C5D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1862663095.0000000000C20000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1705380525.0000000000C17000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1956180927.0000000000C20000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1918540959.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766980324.0000000000C18000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1955816166.0000000000C17000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677472623.0000000003373000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1918578951.0000000000C17000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1646446540.0000000000C1B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.2248305707.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620883393.0000000000C21000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1955363181.000000000336D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com
Source: file.exe, 00000002.00000003.1648299420.000000000330B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_alldp.ico
Source: file.exe, 00000002.00000003.1955363181.000000000336D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/recaptcha/
Source: file.exe, 00000002.00000002.2249416627.00000000032F0000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1955816166.0000000000C17000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677472623.0000000003373000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1918578951.0000000000C17000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1646446540.0000000000C1B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620883393.0000000000C21000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1955363181.000000000336D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.cn/recaptcha/
Source: file.exe, 00000002.00000002.2249416627.00000000032F0000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1955816166.0000000000C17000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677472623.0000000003373000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1918578951.0000000000C17000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1646446540.0000000000C1B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620883393.0000000000C21000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1955363181.000000000336D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/recaptcha/
Source: file.exe, 00000002.00000003.1768469682.000000000351D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
Source: file.exe, 00000002.00000003.1768469682.000000000351D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
Source: file.exe, 00000002.00000003.1768469682.000000000351D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
Source: file.exe, 00000002.00000003.1768469682.000000000351D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: file.exe, 00000002.00000003.1768469682.000000000351D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
Source: file.exe, 00000002.00000002.2248305707.0000000000C89000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1955363181.000000000337D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1955251579.0000000003346000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1736435601.0000000003385000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766166216.0000000003395000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766181435.0000000000C85000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766067365.000000000337D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1830427056.0000000000C15000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1736435601.000000000337F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1956005308.0000000000BCA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620865188.0000000000C61000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1955580640.0000000000C84000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766067365.0000000003394000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766300331.0000000003381000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677096147.0000000003383000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1736464950.0000000000C85000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1918468538.000000000337E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620794973.0000000000C5B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1830301702.0000000003313000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1736344383.000000000337D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
Source: file.exe, 00000002.00000003.1955760363.0000000000C5D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1862663095.0000000000C20000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1705380525.0000000000C17000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1956180927.0000000000C20000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1766980324.0000000000C18000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1955816166.0000000000C17000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677472623.0000000003373000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1918578951.0000000000C17000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1646446540.0000000000C1B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620883393.0000000000C21000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1955363181.000000000336D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com
Source: file.exe, 00000002.00000002.2249416627.00000000032F0000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1955816166.0000000000C17000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1677472623.0000000003373000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1918578951.0000000000C17000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1646446540.0000000000C1B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620883393.0000000000C21000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1955363181.000000000336D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 23.197.127.21:443 -> 192.168.2.4:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.197.127.21:443 -> 192.168.2.4:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.197.127.21:443 -> 192.168.2.4:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.197.127.21:443 -> 192.168.2.4:49750 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.197.127.21:443 -> 192.168.2.4:49752 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.197.127.21:443 -> 192.168.2.4:49753 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49754 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.197.127.21:443 -> 192.168.2.4:49755 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49756 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.197.127.21:443 -> 192.168.2.4:49757 version: TLS 1.2

Source: C:\Users\user\Desktop\file.exe

Code function: 2_2_0043F410 OpenClipboard,GetClipboardData,GlobalLock,GetWindowRect,GlobalUnlock,CloseClipboard,

2_2_0043F410

Source: C:\Users\user\Desktop\file.exe

Code function: 2_2_0043F410 OpenClipboard,GetClipboardData,GlobalLock,GetWindowRect,GlobalUnlock,CloseClipboard,

2_2_0043F410

Source: C:\Users\user\Desktop\file.exe

Code function: 2_2_0043FE3C GetDC,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetCurrentObject,GetObjectW,DeleteObject,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,SelectObject,DeleteDC,ReleaseDC,DeleteObject,

2_2_0043FE3C

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00666460	0_2_00666460
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0062553B	0_2_0062553B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00664CB0	0_2_00664CB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00641F50	0_2_00641F50
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0065D070	0_2_0065D070
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0067D070	0_2_0067D070
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0067C050	0_2_0067C050
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0064E020	0_2_0064E020
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0062E030	0_2_0062E030
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0068A030	0_2_0068A030
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00621000	0_2_00621000
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00676010	0_2_00676010
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_006350E0	0_2_006350E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_006400E0	0_2_006400E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0063A0F0	0_2_0063A0F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_006790F0	0_2_006790F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0067E0F0	0_2_0067E0F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0068B0F0	0_2_0068B0F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00666090	0_2_00666090
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00657170	0_2_00657170
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00639150	0_2_00639150
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00658130	0_2_00658130
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00650110	0_2_00650110
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00674110	0_2_00674110
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_006241D0	0_2_006241D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_006841D0	0_2_006841D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_006301A0	0_2_006301A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0063F190	0_2_0063F190
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00660240	0_2_00660240
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0062D250	0_2_0062D250
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00698230	0_2_00698230
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00643200	0_2_00643200
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00682210	0_2_00682210
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_006272E0	0_2_006272E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_006922CA	0_2_006922CA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_006382B0	0_2_006382B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_006812B0	0_2_006812B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00645290	0_2_00645290
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00649360	0_2_00649360
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0066A350	0_2_0066A350
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00670350	0_2_00670350
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0067C350	0_2_0067C350
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00647320	0_2_00647320
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00661320	0_2_00661320
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0064D330	0_2_0064D330
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00683330	0_2_00683330
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0062A300	0_2_0062A300
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00628310	0_2_00628310
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0063B310	0_2_0063B310
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_006893E0	0_2_006893E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0064A3F0	0_2_0064A3F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_006693D0	0_2_006693D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0063E3A0	0_2_0063E3A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_006553A0	0_2_006553A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0067D3B0	0_2_0067D3B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00632450	0_2_00632450
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00645450	0_2_00645450
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00688420	0_2_00688420
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00630430	0_2_00630430
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00634430	0_2_00634430
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00673430	0_2_00673430
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0063D410	0_2_0063D410
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00656410	0_2_00656410
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_006784C0	0_2_006784C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0068A4C0	0_2_0068A4C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0064E490	0_2_0064E490
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0065B560	0_2_0065B560
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00679576	0_2_00679576
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00636530	0_2_00636530
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00643530	0_2_00643530
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0067F530	0_2_0067F530
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00633510	0_2_00633510
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0064B5F0	0_2_0064B5F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_006455C0	0_2_006455C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0065F5D0	0_2_0065F5D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_006895D0	0_2_006895D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0065C5A0	0_2_0065C5A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_006A5592	0_2_006A5592
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00661660	0_2_00661660
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0067A660	0_2_0067A660
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00684640	0_2_00684640
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00669650	0_2_00669650
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00630620	0_2_00630620
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00677630	0_2_00677630
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00681630	0_2_00681630
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0062C610	0_2_0062C610
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0065D6E0	0_2_0065D6E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_006586E0	0_2_006586E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0062B6F0	0_2_0062B6F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_006466F0	0_2_006466F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_006376C0	0_2_006376C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0064C6D0	0_2_0064C6D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0062E690	0_2_0062E690
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00675690	0_2_00675690
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00639740	0_2_00639740
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0062A700	0_2_0062A700
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00675700	0_2_00675700
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_006A3718	0_2_006A3718
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00629718	0_2_00629718
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0062D7F0	0_2_0062D7F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_006707F0	0_2_006707F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0063F860	0_2_0063F860
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0065C870	0_2_0065C870
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00633840	0_2_00633840
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00625856	0_2_00625856
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00682800	0_2_00682800
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0063D810	0_2_0063D810
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0065A810	0_2_0065A810
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_006428C0	0_2_006428C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_006498A0	0_2_006498A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_006678A0	0_2_006678A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0062B960	0_2_0062B960
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00636940	0_2_00636940
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00676920	0_2_00676920
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0068D90A	0_2_0068D90A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0063E900	0_2_0063E900
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0062C906	0_2_0062C906
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00658900	0_2_00658900
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0065E9C0	0_2_0065E9C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_006389A0	0_2_006389A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0067D980	0_2_0067D980
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00628990	0_2_00628990
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00668A70	0_2_00668A70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0067BA40	0_2_0067BA40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00653A50	0_2_00653A50
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00683A20	0_2_00683A20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0064CA30	0_2_0064CA30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0064DA30	0_2_0064DA30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00671A00	0_2_00671A00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00629AF6	0_2_00629AF6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00637AA0	0_2_00637AA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00658AA0	0_2_00658AA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00687AB0	0_2_00687AB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00643A90	0_2_00643A90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0066EB40	0_2_0066EB40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00637B50	0_2_00637B50
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00627B00	0_2_00627B00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0062CB0F	0_2_0062CB0F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0064ABF0	0_2_0064ABF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0065ABF0	0_2_0065ABF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00631BA0	0_2_00631BA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00677BB0	0_2_00677BB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0063DB80	0_2_0063DB80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00630B90	0_2_00630B90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00653C70	0_2_00653C70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00642C00	0_2_00642C00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00681C00	0_2_00681C00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00634C10	0_2_00634C10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00683D60	0_2_00683D60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0065FD20	0_2_0065FD20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00629D30	0_2_00629D30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00649D00	0_2_00649D00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0067FD00	0_2_0067FD00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00630DE0	0_2_00630DE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00625DF6	0_2_00625DF6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00667DF0	0_2_00667DF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00628DD0	0_2_00628DD0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00657DD0	0_2_00657DD0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0065DDD9	0_2_0065DDD9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00642D80	0_2_00642D80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0065DD80	0_2_0065DD80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0062DE60	0_2_0062DE60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0064FE20	0_2_0064FE20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00640E10	0_2_00640E10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00687E10	0_2_00687E10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0066AEE0	0_2_0066AEE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0065AEC0	0_2_0065AEC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00663EA0	0_2_00663EA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00645EB0	0_2_00645EB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00662E80	0_2_00662E80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0067AE80	0_2_0067AE80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00633F20	0_2_00633F20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0062BF10	0_2_0062BF10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00642F10	0_2_00642F10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0067EF10	0_2_0067EF10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00646FC0	0_2_00646FC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00672FC0	0_2_00672FC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00666F90	0_2_00666F90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0067FF90	0_2_0067FF90
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0041C833	2_2_0041C833
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_004380C8	2_2_004380C8
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_004110F9	2_2_004110F9
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00421890	2_2_00421890
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_004378B8	2_2_004378B8
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0040BA50	2_2_0040BA50
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00412AF8	2_2_00412AF8
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00444300	2_2_00444300
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0042CBA0	2_2_0042CBA0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_004283A0	2_2_004283A0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0044C3A0	2_2_0044C3A0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0041BCC0	2_2_0041BCC0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00447DF0	2_2_00447DF0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0042FE40	2_2_0042FE40
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0044CE10	2_2_0044CE10
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0040E6D0	2_2_0040E6D0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00415EF9	2_2_00415EF9
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00401040	2_2_00401040
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0041F065	2_2_0041F065
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00417870	2_2_00417870
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00427830	2_2_00427830
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00445830	2_2_00445830
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00449832	2_2_00449832
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0040D940	2_2_0040D940
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00402140	2_2_00402140
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00426150	2_2_00426150
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00451150	2_2_00451150
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00439160	2_2_00439160
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00442168	2_2_00442168
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0040B970	2_2_0040B970
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00451170	2_2_00451170
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00424900	2_2_00424900
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0042D92B	2_2_0042D92B
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0045113C	2_2_0045113C
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0040F9C0	2_2_0040F9C0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_004139D0	2_2_004139D0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0043B9F9	2_2_0043B9F9
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00412185	2_2_00412185
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00445250	2_2_00445250
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00429A70	2_2_00429A70
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0042020C	2_2_0042020C
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00426A15	2_2_00426A15
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0041E21B	2_2_0041E21B
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_004292C0	2_2_004292C0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0044CAE0	2_2_0044CAE0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00408A80	2_2_00408A80
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0044B280	2_2_0044B280
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00431290	2_2_00431290
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00445AA0	2_2_00445AA0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_004512AC	2_2_004512AC
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_004252B0	2_2_004252B0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00402B50	2_2_00402B50
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0041C833	2_2_0041C833
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0040A320	2_2_0040A320
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0040C320	2_2_0040C320
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00416B81	2_2_00416B81
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0044B380	2_2_0044B380
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00411C5F	2_2_00411C5F
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0042D460	2_2_0042D460
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00432407	2_2_00432407
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0043F410	2_2_0043F410
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0042F430	2_2_0042F430
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0043DC31	2_2_0043DC31
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_004384C3	2_2_004384C3
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0040D4D0	2_2_0040D4D0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_004434DF	2_2_004434DF
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0041DCDF	2_2_0041DCDF
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0044B4F0	2_2_0044B4F0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00410483	2_2_00410483
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0042F489	2_2_0042F489
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00424C90	2_2_00424C90
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0044BCB6	2_2_0044BCB6
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00409540	2_2_00409540
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00443540	2_2_00443540
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0043155F	2_2_0043155F
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00403560	2_2_00403560
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00425560	2_2_00425560
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00413D09	2_2_00413D09
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0040AD20	2_2_0040AD20
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0043B536	2_2_0043B536
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0041EDDC	2_2_0041EDDC
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0044B580	2_2_0044B580
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00420D90	2_2_00420D90
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00407DA0	2_2_00407DA0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_004305B2	2_2_004305B2
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00433640	2_2_00433640
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00448650	2_2_00448650
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0043C610	2_2_0043C610
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00437627	2_2_00437627
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0044B622	2_2_0044B622
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0040CE30	2_2_0040CE30
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00444ED0	2_2_00444ED0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00445ED1	2_2_00445ED1
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_004326E0	2_2_004326E0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_004386EC	2_2_004386EC
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00430E93	2_2_00430E93
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00410EAB	2_2_00410EAB
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00403F00	2_2_00403F00
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0043E703	2_2_0043E703
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0041AF00	2_2_0041AF00
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0040C710	2_2_0040C710
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00436729	2_2_00436729
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0042D730	2_2_0042D730
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00408FC0	2_2_00408FC0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0044C7D0	2_2_0044C7D0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_004047E2	2_2_004047E2
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_004437A0	2_2_004437A0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0040EFAE	2_2_0040EFAE
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0063F860	2_2_0063F860
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0065C870	2_2_0065C870
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0065D070	2_2_0065D070
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00633840	2_2_00633840
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0064E020	2_2_0064E020
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0062E030	2_2_0062E030
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00621000	2_2_00621000
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00682800	2_2_00682800
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0063D810	2_2_0063D810
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0065A810	2_2_0065A810
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00676010	2_2_00676010
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_006350E0	2_2_006350E0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_006400E0	2_2_006400E0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0063A0F0	2_2_0063A0F0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_006790F0	2_2_006790F0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0068B0F0	2_2_0068B0F0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_006428C0	2_2_006428C0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_006498A0	2_2_006498A0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_006678A0	2_2_006678A0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_006798B0	2_2_006798B0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0062C890	2_2_0062C890
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00666090	2_2_00666090
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0062B960	2_2_0062B960
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00657170	2_2_00657170
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00636940	2_2_00636940
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00639150	2_2_00639150
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00676920	2_2_00676920
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00658130	2_2_00658130
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0068D90A	2_2_0068D90A
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0063E900	2_2_0063E900
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00658900	2_2_00658900
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00650110	2_2_00650110
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00674110	2_2_00674110
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0062D1E0	2_2_0062D1E0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0065E9C0	2_2_0065E9C0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_006241D0	2_2_006241D0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_006841D0	2_2_006841D0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_006301A0	2_2_006301A0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_006389A0	2_2_006389A0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00628990	2_2_00628990
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0063F190	2_2_0063F190
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00668A70	2_2_00668A70
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00627240	2_2_00627240
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00653A50	2_2_00653A50
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00683A20	2_2_00683A20
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00698230	2_2_00698230
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00643200	2_2_00643200
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00671A00	2_2_00671A00
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00682210	2_2_00682210
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_006522F0	2_2_006522F0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_006922CA	2_2_006922CA
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00637AA0	2_2_00637AA0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00658AA0	2_2_00658AA0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_006382B0	2_2_006382B0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_006812B0	2_2_006812B0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00687AB0	2_2_00687AB0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00643A90	2_2_00643A90
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00645290	2_2_00645290
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00649360	2_2_00649360
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0066EB40	2_2_0066EB40
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00637B50	2_2_00637B50
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0066A350	2_2_0066A350
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00670350	2_2_00670350
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00647320	2_2_00647320
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00661320	2_2_00661320
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0062A300	2_2_0062A300
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00627B00	2_2_00627B00
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0066130F	2_2_0066130F
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00628310	2_2_00628310
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0063B310	2_2_0063B310
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_006893E0	2_2_006893E0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0064ABF0	2_2_0064ABF0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0065ABF0	2_2_0065ABF0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_006693D0	2_2_006693D0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00631BA0	2_2_00631BA0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0063E3A0	2_2_0063E3A0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_006553A0	2_2_006553A0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00677BB0	2_2_00677BB0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0063DB80	2_2_0063DB80
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00630B90	2_2_00630B90
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00666460	2_2_00666460
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00653C70	2_2_00653C70
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00632450	2_2_00632450
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00645450	2_2_00645450
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00634430	2_2_00634430
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00630430	2_2_00630430
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00673430	2_2_00673430
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00642C00	2_2_00642C00
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00681C00	2_2_00681C00
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00634C10	2_2_00634C10
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0063D410	2_2_0063D410
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00653410	2_2_00653410
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0067BCC0	2_2_0067BCC0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_006784C0	2_2_006784C0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0068A4C0	2_2_0068A4C0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_006254D0	2_2_006254D0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00664CB0	2_2_00664CB0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0065B560	2_2_0065B560
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00683D60	2_2_00683D60
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0062CD50	2_2_0062CD50
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0065FD20	2_2_0065FD20
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00629D30	2_2_00629D30
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00636530	2_2_00636530
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00643530	2_2_00643530
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00649D00	2_2_00649D00
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0067FD00	2_2_0067FD00
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00679500	2_2_00679500
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00633510	2_2_00633510
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00630DE0	2_2_00630DE0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0064B5F0	2_2_0064B5F0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00667DF0	2_2_00667DF0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_006455C0	2_2_006455C0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00628DD0	2_2_00628DD0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0065F5D0	2_2_0065F5D0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00657DD0	2_2_00657DD0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0065DDD9	2_2_0065DDD9
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0065C5A0	2_2_0065C5A0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00642D80	2_2_00642D80
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0065DD80	2_2_0065DD80
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_006A5592	2_2_006A5592
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0062DE60	2_2_0062DE60
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00689E60	2_2_00689E60
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00684640	2_2_00684640
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00669650	2_2_00669650
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00630620	2_2_00630620
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0064FE20	2_2_0064FE20
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0062C610	2_2_0062C610
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00640E10	2_2_00640E10
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00687E10	2_2_00687E10
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0065D6E0	2_2_0065D6E0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_006586E0	2_2_006586E0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0066AEE0	2_2_0066AEE0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0062B6F0	2_2_0062B6F0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_006466F0	2_2_006466F0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_006376C0	2_2_006376C0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0065AEC0	2_2_0065AEC0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00663EA0	2_2_00663EA0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_006216B0	2_2_006216B0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00645EB0	2_2_00645EB0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00662E80	2_2_00662E80
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00629690	2_2_00629690
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0062E690	2_2_0062E690
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00675690	2_2_00675690
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00639740	2_2_00639740
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00641F50	2_2_00641F50
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00633F20	2_2_00633F20
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0062A700	2_2_0062A700
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0062BF10	2_2_0062BF10
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_006A3718	2_2_006A3718
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00642F10	2_2_00642F10
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_006227E0	2_2_006227E0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_006707F0	2_2_006707F0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00646FC0	2_2_00646FC0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00672FC0	2_2_00672FC0
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00666F90	2_2_00666F90
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0067FF90	2_2_0067FF90

Source: C:\Users\user\Desktop\file.exe	Code function: String function: 0041AEF0 appears 102 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 0069AE24 appears 34 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 0068DE10 appears 96 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 0069607C appears 44 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 0040B350 appears 52 times

Source: C:\Users\user\Desktop\file.exe

Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7620 -s 136

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: file.exe	Static PE information: Section: .bss ZLIB complexity 1.0003231990014265
Source: file.exe	Static PE information: Section: .bss ZLIB complexity 1.0003231990014265

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@5/6@12/5

Source: C:\Users\user\Desktop\file.exe

Code function: 2_2_00444300 CoCreateInstance,SysAllocString,CoSetProxyBlanket,SysAllocString,SysAllocString,VariantInit,VariantClear,SysFreeString,SysFreeString,SysFreeString,SysFreeString,GetVolumeInformationW,

2_2_00444300

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7628:120:WilError_03
Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7620

Source: C:\Windows\SysWOW64\WerFault.exe

File created: C:\ProgramData\Microsoft\Windows\WER\Temp\e7c1f458-b97f-424e-8bfb-1264be33fafa

Jump to behavior

Source: file.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: file.exe, 00000002.00000003.1647732549.0000000003302000.00000004.00000800.00020000.00000000.sdmp

Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));

Source: file.exe	Virustotal: Detection: 70%
Source: file.exe	ReversingLabs: Detection: 76%

Source: C:\Users\user\Desktop\file.exe

File read: C:\Users\user\Desktop\file.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7620 -s 136
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior

Source: file.exe

Static file information: File size 1366528 > 1048576

Source: file.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0068DFCA push ecx; ret	0_2_0068DFDD
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0044F360 push ecx; ret	2_2_0044F400
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0044F338 push ecx; ret	2_2_0044F400
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0044F3D8 push ecx; ret	2_2_0044F400
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_004513DA push edx; retf	2_2_004513FE
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_004554C9 push 00000000h; iretd	2_2_00455520
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00451648 pushad ; retf	2_2_00451689
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00455676 push 00000000h; iretd	2_2_004556EC
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00455766 push 00000000h; ret	2_2_00455770
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_004517FC push ebx; ret	2_2_00451803
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_006604F7 push ebx; iretd	2_2_006604F9
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_006604DD push ebx; iretd	2_2_006604E3
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0064A775 push es; iretd	2_2_0064A776
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0068DFCA push ecx; ret	2_2_0068DFDD

Source: file.exe

Static PE information: section name: .text entropy: 7.09207256696417

Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Source: C:\Users\user\Desktop\file.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_VideoController

Query firmware table information (likely to detect VMs)

Source: C:\Users\user\Desktop\file.exe

System information queried: FirmwareTableInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe TID: 7704	Thread sleep time: -30000s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7704	Thread sleep time: -30000s >= -30000s			Jump to behavior

Source: C:\Users\user\Desktop\file.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0069FCDE FindFirstFileExW,	0_2_0069FCDE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0069FD8F FindFirstFileExW,FindNextFileW,FindClose,FindClose,	0_2_0069FD8F
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0069FCDE FindFirstFileExW,	2_2_0069FCDE
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0069FD8F FindFirstFileExW,FindNextFileW,FindClose,FindClose,	2_2_0069FD8F

Source: Amcache.hve.5.dr	Binary or memory string: VMware
Source: Amcache.hve.5.dr	Binary or memory string: VMware Virtual USB Mouse
Source: Amcache.hve.5.dr	Binary or memory string: vmci.syshbin
Source: Amcache.hve.5.dr	Binary or memory string: VMware, Inc.
Source: file.exe, 00000002.00000003.1862973543.0000000000C06000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1862420065.0000000000C06000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1955816166.0000000000C06000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1918578951.0000000000C06000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620926658.0000000000C06000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1646546639.0000000000C06000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.2248089669.0000000000C06000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW/
Source: Amcache.hve.5.dr	Binary or memory string: VMware20,1hbin@
Source: Amcache.hve.5.dr	Binary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
Source: Amcache.hve.5.dr	Binary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.5.dr	Binary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
Source: file.exe, 00000002.00000003.1862973543.0000000000C06000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1862420065.0000000000C06000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.2247997149.0000000000BC0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1956534210.0000000000BBC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1955816166.0000000000C06000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1918578951.0000000000C06000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1620926658.0000000000C06000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1956576326.0000000000BBF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1646546639.0000000000C06000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.2248089669.0000000000C06000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: Amcache.hve.5.dr	Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.5.dr	Binary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
Source: Amcache.hve.5.dr	Binary or memory string: c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.5.dr	Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.5.dr	Binary or memory string: vmci.sys
Source: Amcache.hve.5.dr	Binary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
Source: Amcache.hve.5.dr	Binary or memory string: vmci.syshbin`
Source: Amcache.hve.5.dr	Binary or memory string: \driver\vmci,\driver\pci
Source: Amcache.hve.5.dr	Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.5.dr	Binary or memory string: VMware20,1
Source: Amcache.hve.5.dr	Binary or memory string: Microsoft Hyper-V Generation Counter
Source: Amcache.hve.5.dr	Binary or memory string: NECVMWar VMware SATA CD00
Source: Amcache.hve.5.dr	Binary or memory string: VMware Virtual disk SCSI Disk Device
Source: Amcache.hve.5.dr	Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
Source: Amcache.hve.5.dr	Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
Source: Amcache.hve.5.dr	Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
Source: Amcache.hve.5.dr	Binary or memory string: VMware PCI VMCI Bus Device
Source: Amcache.hve.5.dr	Binary or memory string: VMware VMCI Bus Device
Source: Amcache.hve.5.dr	Binary or memory string: VMware Virtual RAM
Source: Amcache.hve.5.dr	Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
Source: Amcache.hve.5.dr	Binary or memory string: vmci.inf_amd64_68ed49469341f563

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort			Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_0062553B _strlen,GetModuleHandleA,GetProcAddress,VirtualProtect,LdrInitializeThunk,OleDraw,GetModuleHandleA,GetProcAddress,OleDraw,FreeConsole,__fread_nolock,_strlen,_strlen,FreeConsole,__fread_nolock,FreeConsole,__fread_nolock,

0_2_0062553B

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_0068DC9E IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_0068DC9E

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_006B61B4 mov edi, dword ptr fs:[00000030h]

0_2_006B61B4

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_0069B71C GetProcessHeap,

0_2_0069B71C

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0068D8E2 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_0068D8E2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0068DC9E IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_0068DC9E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0068DC92 SetUnhandledExceptionFilter,	0_2_0068DC92
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00695DCE IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00695DCE
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0068D8E2 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	2_2_0068D8E2
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_0068DC9E IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	2_2_0068DC9E
Source: C:\Users\user\Desktop\file.exe	Code function: 2_2_00695DCE IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	2_2_00695DCE

HIPS / PFW / Operating System Protection Evasion

Contains functionality to inject code into remote processes

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_006B61B4 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,CreateProcessW,CreateProcessW,VirtualAlloc,VirtualAlloc,GetThreadContext,Wow64GetThreadContext,ReadProcessMemory,ReadProcessMemory,VirtualAllocEx,VirtualAllocEx,GetProcAddress,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,SetThreadContext,Wow64SetThreadContext,ResumeThread,ResumeThread,

0_2_006B61B4

Injects a PE file into a foreign processes

Source: C:\Users\user\Desktop\file.exe

Memory written: C:\Users\user\Desktop\file.exe base: 400000 value starts with: 4D5A

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"

Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	0_2_0069F048
Source: C:\Users\user\Desktop\file.exe	Code function: EnumSystemLocalesW,	0_2_0069B007
Source: C:\Users\user\Desktop\file.exe	Code function: EnumSystemLocalesW,	0_2_0069F299
Source: C:\Users\user\Desktop\file.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,	0_2_0069F334
Source: C:\Users\user\Desktop\file.exe	Code function: GetLocaleInfoW,	0_2_0069F5E6
Source: C:\Users\user\Desktop\file.exe	Code function: EnumSystemLocalesW,	0_2_0069F587
Source: C:\Users\user\Desktop\file.exe	Code function: EnumSystemLocalesW,	0_2_0069F6BB
Source: C:\Users\user\Desktop\file.exe	Code function: GetLocaleInfoW,	0_2_0069F706
Source: C:\Users\user\Desktop\file.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	0_2_0069F7AD
Source: C:\Users\user\Desktop\file.exe	Code function: GetLocaleInfoW,	0_2_0069F8B3
Source: C:\Users\user\Desktop\file.exe	Code function: GetLocaleInfoW,	0_2_0069AB0C
Source: C:\Users\user\Desktop\file.exe	Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	2_2_0069F048
Source: C:\Users\user\Desktop\file.exe	Code function: EnumSystemLocalesW,	2_2_0069B007
Source: C:\Users\user\Desktop\file.exe	Code function: GetLocaleInfoW,	2_2_0069F8B3
Source: C:\Users\user\Desktop\file.exe	Code function: EnumSystemLocalesW,	2_2_0069F299
Source: C:\Users\user\Desktop\file.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,	2_2_0069F334
Source: C:\Users\user\Desktop\file.exe	Code function: GetLocaleInfoW,	2_2_0069AB0C
Source: C:\Users\user\Desktop\file.exe	Code function: GetLocaleInfoW,	2_2_0069F5E6
Source: C:\Users\user\Desktop\file.exe	Code function: EnumSystemLocalesW,	2_2_0069F587
Source: C:\Users\user\Desktop\file.exe	Code function: EnumSystemLocalesW,	2_2_0069F6BB
Source: C:\Users\user\Desktop\file.exe	Code function: GetLocaleInfoW,	2_2_0069F706
Source: C:\Users\user\Desktop\file.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	2_2_0069F7AD

Source: C:\Users\user\Desktop\file.exe

Queries volume information: C:\ VolumeInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_0068E6D7 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

0_2_0068E6D7

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: Amcache.hve.5.dr	Binary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
Source: Amcache.hve.5.dr	Binary or memory string: msmpeng.exe
Source: Amcache.hve.5.dr	Binary or memory string: c:\program files\windows defender\msmpeng.exe
Source: file.exe, 00000002.00000003.1918540959.0000000000C8F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000003.1918578951.0000000000C06000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.2249416627.00000000032F0000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000002.00000003.1918578951.0000000000BF0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
Source: Amcache.hve.5.dr	Binary or memory string: MsMpEng.exe

Source: C:\Users\user\Desktop\file.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

Stealing of Sensitive Information

Yara detected LummaC Stealer

Source: Yara match

File source: Process Memory Space: file.exe PID: 7676, type: MEMORYSTR

Found many strings related to Crypto-Wallets (likely being stolen)

Source: file.exe, 00000002.00000002.2248166423.0000000000C21000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Wallets/Electrum-LTC
Source: file.exe, 00000002.00000002.2248166423.0000000000C21000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Wallets/ElectronCash
Source: file.exe, 00000002.00000002.2248166423.0000000000C21000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: window-state.json
Source: file.exe, 00000002.00000003.1862420065.0000000000BEA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: %appdata%\com.liberty.jaxx\IndexedDB
Source: file.exe, 00000002.00000003.1862420065.0000000000C17000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: %appdata%\Exodus\exodus.wallet
Source: file.exe, 00000002.00000003.1766216026.0000000000C5B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Wallets/Exodus
Source: file.exe, 00000002.00000002.2248166423.0000000000C21000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Wallets/Ethereum
Source: file.exe, 00000002.00000003.1862420065.0000000000BEA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: %localappdata%\Coinomi\Coinomi\wallets
Source: file.exe, 00000002.00000003.1862663095.0000000000C5B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: keystore

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajb	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappafln	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafa	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.js	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdo	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopg	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoa	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdph	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkld	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolaf	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddfffla	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnid	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfci	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjeh	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemg	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhae	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliof	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmon	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcob	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjh	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\abogmiocnneedmmepnohnhlijcjpcifd	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflc	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbg	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahd	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhk	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbai	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgn	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifb	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgk	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbai	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkd	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimn	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfj	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohao	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For Account	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjk	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnf	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofec	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihd	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcje	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaoc	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdno	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdaf	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cert9.db	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\formhistory.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbic	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoadd	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhi	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeap	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihoh	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpa	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbn	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaad	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\logins.json	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilc	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclg	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoa	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchh	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfdd	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpak	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjp	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpo	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgpp	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblb	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbch	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbch	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffne	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklk	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdma	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdil	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapac	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnkno	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimig	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncg	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolb	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcob	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnba	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddfffla	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjih	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcge	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgik	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhad	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgef	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbb	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkp	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcellj	Jump to behavior

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\FTPGetter	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\FTPInfo	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\Favorites	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\FTPbox	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\FTPRush	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Conceptworld\Notezilla	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\ProgramData\SiteDesigner\3D-FTP	Jump to behavior

Tries to steal Crypto Currency Wallets

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Binance	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\BXAJUJAOEO	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\BXAJUJAOEO	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\GIGIYTFFYT	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\GIGIYTFFYT	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\NIRMEKAMZH	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\NIRMEKAMZH	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\BXAJUJAOEO	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\BXAJUJAOEO	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\GIGIYTFFYT	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\GIGIYTFFYT	Jump to behavior

Source: Yara match	File source: 00000002.00000003.1862420065.0000000000C17000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000003.1830427056.0000000000C15000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000003.1862663095.0000000000C20000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000003.1768344063.0000000000C18000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000003.1766216026.0000000000C15000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000003.1856131396.0000000000C17000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000003.1766980324.0000000000C18000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 7676, type: MEMORYSTR

Remote Access Functionality

Yara detected LummaC Stealer

Source: Yara match

File source: Process Memory Space: file.exe PID: 7676, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	12 Windows Management Instrumentation	1 DLL Side-Loading	211 Process Injection	22 Virtualization/Sandbox Evasion	2 OS Credential Dumping	1 System Time Discovery	Remote Services	1 Screen Capture	21 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 DLL Side-Loading	211 Process Injection	LSASS Memory	251 Security Software Discovery	Remote Desktop Protocol	1 Archive Collected Data	1 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 Deobfuscate/Decode Files or Information	Security Account Manager	22 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	41 Data from Local System	3 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	4 Obfuscated Files or Information	NTDS	1 Process Discovery	Distributed Component Object Model	2 Clipboard Data	114 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	2 Software Packing	LSA Secrets	11 File and Directory Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	33 System Information Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Threatname: LummaC

Yara Signatures

Memory Dumps

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Software Vulnerabilities

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Windows Analysis Report
file.exe